Report Name: Linux Patch Wednesday June 2025
Generated: 2025-06-30 16:36:22

Vulristics Vulnerability Scores
Basic Vulnerability Scores
Products

Product NamePrevalenceUCHMLAComment
HTTP/20.911HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web
Linux Kernel0.92114239355The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Windows Kernel0.922Windows Kernel
libblockdev0.911libblockdev is a C library supporting GObject introspection for manipulation of block devices
Binutils0.822The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
Canonical Apport0.811Apport intercepts Program crashes, collects debugging information about the crash and the operating system environment, and sends it to bug trackers in a standardized form
Chromium0.8231217Chromium is a free and open-source web browser project, mainly developed and maintained by Google
FreeIPA0.811FreeIPA is a free and open source identity management system
GNOME desktop0.811GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
Mozilla Firefox0.831518Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Netty0.811Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients
Node.js0.811Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
OpenSSL0.822A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
Samba0.811Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
libvpx0.811libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia)
systemd-coredump0.811systemd-coredump@.service is a system service to process core dumps
.NET and Visual Studio0.711.NET and Visual Studio
Apache Commons FileUpload0.711The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications
Apache Tomcat0.7123Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
Apache Traffic Server0.722The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
Asterisk0.7112Asterisk is a free and open source framework for building communications applications and is sponsored by Sangoma
FFmpeg0.711FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
Moodle0.7617Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License
Open Asset Import Library Assimp0.71212Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
SQLite0.711SQLite is a database engine written in the C programming language
ClamAV0.611ClamAV (Clam AntiVirus) is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses
KDE Konsole0.611Konsole is a free and open-source terminal emulator graphical application which is part of KDE Applications and ships with the KDE desktop environment
LibTomMath0.611LibTomMath is a free open source portable number theoretic multiple-precision integer library written entirely in C
Nokogiri0.622Nokogiri is an open source XML and HTML library for the Ruby programming language
Perl0.655Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
PostgreSQL0.611PostgreSQL also known as Postgres, is a free and open-source relational database management system emphasizing extensibility and SQL compliance.
Python0.633Python is a high-level, general-purpose programming language
Redis0.611Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
Roundcube0.611Roundcube is a web-based IMAP email client
Vault0.61517Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing
Wireshark0.611Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
libxml20.644libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
Commons BeanUtils0.511Product detected by a:apache:commons_beanutils (exists in CPE dict)
Flask0.511Flask is a lightweight WSGI web application framework
Hibernate Validator0.511Hibernate Validator is the reference implementation of Jakarta Validation 3.1. Jakarta Validation defines a metadata model and API for JavaBean as well as method validation.
HotelDruid0.511Product detected by a:digitaldruid:hoteldruid (exists in CPE dict)
JGit0.511Product detected by a:eclipse:jgit (exists in CPE dict)
Jhead0.511Product detected by a:jhead_project:jhead (exists in CPE dict)
Jq0.522Product detected by a:jqlang:jq (exists in CPE dict)
Libarchive0.5145Multi-format archive and compression library
ModSecurity0.522ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx
NVIDIA CUDA Toolkit0.511The NVIDIA CUDA Toolkit provides a development environment for creating high-performance, GPU-accelerated applications
Node.js pbkdf20.522The crypto.pbkdf2(), also known as Password-Based Key Derivation function, provides an asynchronous implementation of the derivative function. A key is derived by using the Hmac digest of a specified algorithm from password, salt and iterations.
Nomad0.5516Product detected by a:hashicorp:nomad (exists in CPE dict)
TLS0.522TLS
Tcpreplay0.511Product detected by a:broadcom:tcpreplay (exists in CPE dict)
Tika0.511Product detected by a:apache:tika (exists in CPE dict)
Yasm0.511Product detected by a:yasm_project:yasm (exists in CPE dict)
cJSON0.511Product detected by a:cjson_project:cjson (exists in CPE dict)
clickhouse0.511Product detected by a:clickhouse:clickhouse (exists in CPE dict)
hdf50.533Product detected by a:hdfgroup:hdf5 (exists in CPE dict)
libexpat0.511Product detected by a:libexpat_project:libexpat (exists in CPE dict)
pulp0.511Product detected by a:pulpproject:pulp (exists in CPE dict)
python-markdown20.511Product detected by a:python-markdown2_project:python-markdown2 (exists in CPE dict)
tvOS0.511Product detected by o:apple:tvos (exists in CPE dict)
Git0.411Git
tar-fs0.411Filesystem bindings for tar-stream that allow you to pack directories into tarballs and extract tarballs into directories
Artifex Ghostscript0.311Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
GitHub0.2112GitHub, Inc. is an Internet hosting service for software development and version control using Git
Unknown Product0286391Unknown Product


Vulnerability Types

Vulnerability TypeCriticalityUCHMLA
Remote Code Execution1.0391022
Authentication Bypass0.981313
Code Injection0.971146
Command Injection0.9722
XXE Injection0.9711
Arbitrary File Writing0.9511
Security Feature Bypass0.91211115
Elevation of Privilege0.85314
Arbitrary File Reading0.8322
Information Disclosure0.8310111
Cross Site Scripting0.844
Open Redirect0.7511
Denial of Service0.78201139
Path Traversal0.7527
Incorrect Calculation0.55611
Memory Corruption0.512212918170
Spoofing0.41214
Unknown Vulnerability Type017268285


Comments

SourceUCHMLA
almalinux57113
altlinux12426942
debian1541197294538
oraclelinux815831
redhat69419
redos217524
ubuntu179825


Vulnerabilities

Urgent (2)

1. Security Feature Bypass - Chromium (CVE-2025-2783) - Urgent [913]

Description: Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), NVD:CISAKEV, BDU websites
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:BYTEREAPER77:CVE-2025-2783, Vulners:PublicExploit:GitHub:ALCHEMIST3DOT14:CVE-2025-2783, Vulners:PublicExploit:GitHub:BYTEREAPER77:CVE-2025-2783-SANDBOXESCAPE, Vulners:PublicExploit:GitHub:LEVITICUS-TRIAGE:CHROMSPLOIT-FRAMEWORK websites
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.810CVSS Base Score is 8.3. According to NVD data source
EPSS Percentile0.910EPSS Probability is 0.07239, EPSS Percentile is 0.91153

altlinux: CVE-2025-2783 was patched at 2025-06-04, 2025-06-11, 2025-06-18

2. Memory Corruption - Chromium (CVE-2025-5419) - Urgent [829]

Description: Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object), NVD:CISAKEV, BDU websites
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:ITSSHOTGUN:CHROME_CVE-2025-5419_CHECKER website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.710EPSS Probability is 0.00537, EPSS Percentile is 0.66514

debian: CVE-2025-5419 was patched at 2025-06-04, 2025-06-17

Critical (5)

3. Code Injection - Hibernate Validator (CVE-2025-35036) - Critical [780]

Description: Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (cisa_kev object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:XIE-22:CVE-2025-4428, Vulners:PublicExploit:GitHub:WATCHTOWRLABS:WATCHTOWR-VS-IVANTI-EPMM-CVE-2025-4427-CVE-2025-4428 websites
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.514Hibernate Validator is the reference implementation of Jakarta Validation 3.1. Jakarta Validation defines a metadata model and API for JavaBean as well as method validation.
CVSS Base Score0.710CVSS Base Score is 7.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00079, EPSS Percentile is 0.24393

debian: CVE-2025-35036 was patched at 2025-06-17

4. Remote Code Execution - Roundcube (CVE-2025-49113) - Critical [719]

Description: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:SYFI:CVE-2025-49113, Vulners:PublicExploit:GitHub:HAKAIOFFSEC:CVE-2025-49113-EXPLOIT, Vulners:PublicExploit:GitHub:RASOOL13X:EXPLOIT-CVE-2025-49113, Vulners:PublicExploit:GitHub:FEARSOFF-ORG:CVE-2025-49113, Vulners:PublicExploit:GitHub:ISSAMJR:CVE-2025-49113-SCANNER, Vulners:PublicExploit:GitHub:YURI08LOVEELAINA:CVE-2025-49113, Vulners:PublicExploit:GitHub:BIITTS:ROUNDCUBE-CVE-2025-49113, Vulners:PublicExploit:GitHub:PUNITDARJI:ROUNDCUBE-CVE-2025-49113, Vulners:PublicExploit:GitHub:B1ACK4SH:BLACKASH-CVE-2025-49113, Vulners:PublicExploit:GitHub:HKTALENT:TOP, Vulners:PublicExploit:GitHub:GHOSTTROOPS:TOP, Vulners:PublicExploit:EDB-ID:52324 websites
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score1.010CVSS Base Score is 9.9. According to NVD data source
EPSS Percentile1.010EPSS Probability is 0.76275, EPSS Percentile is 0.98863

altlinux: CVE-2025-49113 was patched at 2025-06-23

debian: CVE-2025-49113 was patched at 2025-06-02, 2025-06-17

ubuntu: CVE-2025-49113 was patched at 2025-06-19

5. Remote Code Execution - ClamAV (CVE-2025-20260) - Critical [635]

Description: A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ClamAV (Clam AntiVirus) is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00138, EPSS Percentile is 0.34642

debian: CVE-2025-20260 was patched at 2025-06-17

6. XXE Injection - JGit (CVE-2025-4949) - Critical [613]

Description: In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:gitlab.eclipse.org website
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.514Product detected by a:eclipse:jgit (exists in CPE dict)
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00085, EPSS Percentile is 0.2573

debian: CVE-2025-4949 was patched at 2025-05-22

7. Remote Code Execution - KDE Konsole (CVE-2025-49091) - Critical [611]

Description: KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Konsole is a free and open-source terminal emulator graphical application which is part of KDE Applications and ships with the KDE desktop environment
CVSS Base Score0.810CVSS Base Score is 8.2. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00129, EPSS Percentile is 0.33378

altlinux: CVE-2025-49091 was patched at 2025-06-20

debian: CVE-2025-49091 was patched at 2025-06-17, 2025-06-20

High (46)

8. Remote Code Execution - Libarchive (CVE-2025-5914) - High [595]

Description: A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00034, EPSS Percentile is 0.0824

debian: CVE-2025-5914 was patched at 2025-06-17

9. Security Feature Bypass - Node.js pbkdf2 (CVE-2025-6545) - High [589]

Description: Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514The crypto.pbkdf2(), also known as Password-Based Key Derivation function, provides an asynchronous implementation of the derivative function. A key is derived by using the Hmac digest of a specified algorithm from password, salt and iterations.
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile0.310EPSS Probability is 0.00094, EPSS Percentile is 0.27531

debian: CVE-2025-6545 was patched at 2025-06-17

10. Security Feature Bypass - Node.js pbkdf2 (CVE-2025-6547) - High [589]

Description: Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514The crypto.pbkdf2(), also known as Password-Based Key Derivation function, provides an asynchronous implementation of the derivative function. A key is derived by using the Hmac digest of a specified algorithm from password, salt and iterations.
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile0.310EPSS Probability is 0.001, EPSS Percentile is 0.28611

debian: CVE-2025-6547 was patched at 2025-06-17

11. Elevation of Privilege - libblockdev (CVE-2025-6019) - High [587]

Description: A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:AND-OSS:CVE-2025-6019-EXPLOIT, Vulners:PublicExploit:GitHub:GUINEA-OFFENSIVE-SECURITY:CVE-2025-6019, Vulners:PublicExploit:GitHub:NEKO205-MX:CVE-2025-6019_EXPLOIT, BDU:PublicExploit websites
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914libblockdev is a C library supporting GObject introspection for manipulation of block devices
CVSS Base Score0.710CVSS Base Score is 7.0. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04172

almalinux: CVE-2025-6019 was patched at 2025-06-20

debian: CVE-2025-6019 was patched at 2025-06-17

oraclelinux: CVE-2025-6019 was patched at 2025-06-23

ubuntu: CVE-2025-6019 was patched at 2025-06-18

12. Denial of Service - Apache Tomcat (CVE-2025-48988) - High [586]

Description: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:SAMB102:POC-CVE-2025-48988-CVE-2025-48976 website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00177, EPSS Percentile is 0.39841

debian: CVE-2025-48988 was patched at 2025-06-17

13. Denial of Service - Apache Commons FileUpload (CVE-2025-48976) - High [563]

Description: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:SAMB102:POC-CVE-2025-48988-CVE-2025-48976 website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00052, EPSS Percentile is 0.163

debian: CVE-2025-48976 was patched at 2025-06-17

14. Denial of Service - ModSecurity (CVE-2025-48866) - High [541]

Description: ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` - this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00101, EPSS Percentile is 0.2888

debian: CVE-2025-48866 was patched at 2025-06-08, 2025-06-17

ubuntu: CVE-2025-48866 was patched at 2025-06-13

15. Denial of Service - HotelDruid (CVE-2025-44203) - High [529]

Description: In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, the attack results in a Denial of Service (DoS), preventing the administrator from logging in even with the correct credentials.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:IVANT7D3:CVE-2025-44203 website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:digitaldruid:hoteldruid (exists in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00053, EPSS Percentile is 0.1667

debian: CVE-2025-44203 was patched at 2025-06-17

16. Denial of Service - ModSecurity (CVE-2025-47947) - High [529]

Description: ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, BDU:PublicExploit websites
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00079, EPSS Percentile is 0.24315

almalinux: CVE-2025-47947 was patched at 2025-06-11

debian: CVE-2025-47947 was patched at 2025-05-22, 2025-06-08

oraclelinux: CVE-2025-47947 was patched at 2025-06-11

redhat: CVE-2025-47947 was patched at 2025-06-05, 2025-06-09, 2025-06-11

ubuntu: CVE-2025-47947 was patched at 2025-06-13

17. Denial of Service - systemd-coredump (CVE-2025-4598) - High [520]

Description: A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814systemd-coredump@.service is a system service to process core dumps
CVSS Base Score0.510CVSS Base Score is 4.7. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00011, EPSS Percentile is 0.01016

debian: CVE-2025-4598 was patched at 2025-05-29, 2025-06-17

oraclelinux: CVE-2025-4598 was patched at 2025-05-29

ubuntu: CVE-2025-4598 was patched at 2025-06-09

18. Denial of Service - Tcpreplay (CVE-2024-22654) - High [517]

Description: tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:broadcom:tcpreplay (exists in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00046, EPSS Percentile is 0.14061

debian: CVE-2024-22654 was patched at 2025-06-17

19. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5200) - High [515]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFile_Quake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00025, EPSS Percentile is 0.05032

debian: CVE-2025-5200 was patched at 2025-06-17

20. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5201) - High [515]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00025, EPSS Percentile is 0.05032

debian: CVE-2025-5201 was patched at 2025-06-17

21. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5202) - High [515]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function HL1MDLLoader::validate_header of the file assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00025, EPSS Percentile is 0.05032

debian: CVE-2025-5202 was patched at 2025-06-17

22. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5203) - High [515]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function SkipSpaces in the library assimp/include/assimp/ParsingUtils.h. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00025, EPSS Percentile is 0.05032

debian: CVE-2025-5203 was patched at 2025-06-17

23. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5204) - High [515]

Description: A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::ParseSkinLump_3DGS_MDL7 of the file assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. The manipulation leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00025, EPSS Percentile is 0.05032

debian: CVE-2025-5204 was patched at 2025-06-17

24. Spoofing - Asterisk (CVE-2025-47779) - High [509]

Description: Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.714Asterisk is a free and open source framework for building communications applications and is sponsored by Sangoma
CVSS Base Score0.810CVSS Base Score is 7.7. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00081, EPSS Percentile is 0.24816

debian: CVE-2025-47779 was patched at 2025-06-17

25. Denial of Service - Jq (CVE-2024-23337) - High [505]

Description: jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, BDU:PublicExploit websites
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:jqlang:jq (exists in CPE dict)
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00047, EPSS Percentile is 0.14412

altlinux: CVE-2024-23337 was patched at 2025-06-19

debian: CVE-2024-23337 was patched at 2025-05-22

26. Elevation of Privilege - Linux Kernel (CVE-2022-50014) - High [504]

Description: In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW Ever since the Dirty COW (CVE-2016-5195) security issue happened, we know that FOLL_FORCE can be possibly dangerous, especially if there are races that can be exploited by user space. Right now, it would be sufficient to have some code that sets a PTE of a R/O-mapped shared page dirty, in order for it to erroneously become writable by FOLL_FORCE. The implications of setting a write-protected PTE dirty might not be immediately obvious to everyone. And in fact ever since commit 9ae0f87d009c ("mm/shmem: unconditionally set pte dirty in mfill_atomic_install_pte"), we can use UFFDIO_CONTINUE to map a shmem page R/O while marking the pte dirty. This can be used by unprivileged user space to modify tmpfs/shmem file content even if the user does not have write permissions to the file, and to bypass memfd write sealing -- Dirty COW restricted to tmpfs/shmem (CVE-2022-2590). To fix such security issues for good, the insight is that we really only need that fancy retry logic (FOLL_COW) for COW mappings that are not writable (!VM_WRITE). And in a COW mapping, we really only broke COW if we have an exclusive anonymous page mapped. If we have something else mapped, or the mapped anonymous page might be shared (!PageAnonExclusive), we have to trigger a write fault to break COW. If we don't find an exclusive anonymous page when we retry, we have to trigger COW breaking once again because something intervened. Let's move away from this mandatory-retry + dirty handling and rely on our PageAnonExclusive() flag for making a similar decision, to use the same COW logic as in other kernel parts here as well. In case we stumble over a PTE in a COW mapping that does not map an exclusive anonymous page, COW was not properly broken and we have to trigger a fake write-fault to break COW. Just like we do in can_change_pte_writable() added via commit 64fe24a3e05e ("mm/mprotect: try avoiding write faults for exclusive anonymous pages when changing protection") and commit 76aefad628aa ("mm/mprotect: fix soft-dirty check in can_change_pte_writable()"), take care of softdirty and uffd-wp manually. For example, a write() via /proc/self/mem to a uffd-wp-protected range has to fail instead of silently granting write access and bypassing the userspace fault handler. Note that FOLL_FORCE is not only used for debug access, but also triggered by applications without debug intentions, for example, when pinning pages via RDMA. This fixes CVE-2022-2590. Note that only x86_64 and aarch64 are affected, because only those support CONFIG_HAVE_ARCH_USERFAULTFD_MINOR. Fortunately, FOLL_COW is no longer required to handle FOLL_FORCE. So let's just get rid of it. Thanks to Nadav Amit for pointing out that the pte_dirty() check in FOLL_FORCE code is problematic and might be exploitable. Note 1: We don't check for the PTE being dirty because it doesn't matter for making a "was COWed" decision anymore, and whoever modifies the page has to set the page dirty either way. Note 2: Kernels before extended uffd-wp support and before PageAnonExclusive (< 5.19) can simply revert the problematic commit instead and be safe regarding UFFDIO_CONTINUE. A backport to v5.19 requires minor adjustments due to lack of vma_soft_dirty_enabled().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:1337DAY-ID-26430, Vulners:PublicExploit:1337DAY-ID-25944, Vulners:PublicExploit:1337DAY-ID-25943, Vulners:PublicExploit:1337DAY-ID-26429, Vulners:PublicExploit:1337DAY-ID-26446, Vulners:PublicExploit:1337DAY-ID-26431, Vulners:PublicExploit:1337DAY-ID-25952, Vulners:PublicExploit:SSV:92488, Vulners:PublicExploit:SAINT:ACA0D81E9F0D7499A5952D634DA1559F, Vulners:PublicExploit:SAINT:D99FE3AF85FA3F5D4D5C3CB8B43F5183, Vulners:PublicExploit:SAINT:1E3BA1480EBC78481EFFC9BD1CFFBBE2, Vulners:PublicExploit:SAINT:24BDE9528F493A62492AC5847ED078BA, Vulners:PublicExploit:LINUX_FOLL_WRITE_COW, Vulners:PublicExploit:PACKETSTORM:139923, Vulners:PublicExploit:PACKETSTORM:139922, Vulners:PublicExploit:GitHub:HYEONJUN17:CVE-2022-2590-ANALYSIS websites
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.0002, EPSS Percentile is 0.03541

debian: CVE-2022-50014 was patched at 2025-06-17

27. Memory Corruption - Jq (CVE-2025-48060) - High [494]

Description: jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, BDU:PublicExploit websites
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Product detected by a:jqlang:jq (exists in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00057, EPSS Percentile is 0.17866

altlinux: CVE-2025-48060 was patched at 2025-06-19

debian: CVE-2025-48060 was patched at 2025-05-22

28. Memory Corruption - hdf5 (CVE-2025-44904) - High [494]

Description: hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Product detected by a:hdfgroup:hdf5 (exists in CPE dict)
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.0004, EPSS Percentile is 0.11381

debian: CVE-2025-44904 was patched at 2025-06-17

29. Memory Corruption - hdf5 (CVE-2025-44905) - High [494]

Description: hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Product detected by a:hdfgroup:hdf5 (exists in CPE dict)
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.0004, EPSS Percentile is 0.11381

debian: CVE-2025-44905 was patched at 2025-06-17

30. Memory Corruption - FFmpeg (CVE-2025-1816) - High [491]

Description: A vulnerability classified as problematic has been found in FFmpeg up to 6e26f57f672b05e7b8b052007a83aef99dc81ccb. This affects the function audio_element_obu of the file libavformat/iamf_parse.c of the component IAMF File Handler. The manipulation of the argument num_parameters leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 0526535cd58444dd264e810b2f3348b4d96cff3b. It is recommended to apply a patch to fix this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00086, EPSS Percentile is 0.25827

ubuntu: CVE-2025-1816 was patched at 2025-05-28

31. Memory Corruption - Canonical Apport (CVE-2025-5054) - High [484]

Description: Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:DARYLLUNDY:CVE-2025-5054, BDU:PublicExploit websites
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Apport intercepts Program crashes, collects debugging information about the crash and the operating system environment, and sends it to bug trackers in a standardized form
CVSS Base Score0.510CVSS Base Score is 4.7. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00011, EPSS Percentile is 0.01048

ubuntu: CVE-2025-5054 was patched at 2025-05-29

32. Memory Corruption - hdf5 (CVE-2025-6516) - High [482]

Description: A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Product detected by a:hdfgroup:hdf5 (exists in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00025, EPSS Percentile is 0.0503

debian: CVE-2025-6516 was patched at 2025-06-17

33. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5165) - High [479]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04416

debian: CVE-2025-5165 was patched at 2025-06-17

34. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5166) - High [479]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04416

debian: CVE-2025-5166 was patched at 2025-06-17

35. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5167) - High [479]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function LWOImporter::GetS0 in the library assimp/code/AssetLib/LWO/LWOLoader.h. The manipulation of the argument out leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04416

debian: CVE-2025-5167 was patched at 2025-06-17

36. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5168) - High [479]

Description: A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function MDLImporter::ImportUVCoordinate_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument iIndex leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04416

debian: CVE-2025-5168 was patched at 2025-06-17

37. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-5169) - High [479]

Description: A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::InternReadFile_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04416

debian: CVE-2025-5169 was patched at 2025-06-17

38. Memory Corruption - Jhead (CVE-2025-44906) - High [470]

Description: jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Product detected by a:jhead_project:jhead (exists in CPE dict)
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00013, EPSS Percentile is 0.01484

debian: CVE-2025-44906 was patched at 2025-06-17

39. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-6119) - High [467]

Description: A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04419

debian: CVE-2025-6119 was patched at 2025-06-17

40. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-6120) - High [467]

Description: A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04419

debian: CVE-2025-6120 was patched at 2025-06-17

41. Remote Code Execution - Chromium (CVE-2025-5280) - High [466]

Description: Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00178, EPSS Percentile is 0.39966

debian: CVE-2025-5280 was patched at 2025-05-29, 2025-06-17

42. Memory Corruption - Linux Kernel (CVE-2022-50213) - High [453]

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from a different table can be used. Then, when the table is removed, a reference to the set may be kept after the set is freed, leading to a potential use-after-free. When looking for sets by ID, use the table that was used for the lookup by name, and only return sets belonging to that same table. This fixes CVE-2022-2586, also reported as ZDI-CAN-17470.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners:PublicExploit:GitHub:AELS:CVE-2022-2586-LPE, Vulners:PublicExploit:GitHub:PIRENGA:2022-LPE-UAF, Vulners:PublicExploit:GitHub:KONOHA279:2022-LPE-UAF websites
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50213 was patched at 2025-06-17

43. Memory Corruption - Yasm (CVE-2024-22653) - High [446]

Description: yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com, BDU:PublicExploit websites
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Product detected by a:yasm_project:yasm (exists in CPE dict)
CVSS Base Score0.510CVSS Base Score is 4.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00033, EPSS Percentile is 0.07834

debian: CVE-2024-22653 was patched at 2025-06-17

redos: CVE-2024-22653 was patched at 2025-06-19

44. Memory Corruption - cJSON (CVE-2023-53154) - High [446]

Description: parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on NVD:PublicExploit:github.com website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Product detected by a:cjson_project:cjson (exists in CPE dict)
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04482

altlinux: CVE-2023-53154 was patched at 2025-06-24

debian: CVE-2023-53154 was patched at 2025-06-17

45. Remote Code Execution - Chromium (CVE-2025-5959) - High [430]

Description: Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13031

debian: CVE-2025-5959 was patched at 2025-06-11, 2025-06-17

46. Remote Code Execution - Mozilla Firefox (CVE-2025-5268) - High [430]

Description: Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00085, EPSS Percentile is 0.25595

almalinux: CVE-2025-5268 was patched at 2025-05-29, 2025-06-10

debian: CVE-2025-5268 was patched at 2025-05-28, 2025-05-30, 2025-06-17

oraclelinux: CVE-2025-5268 was patched at 2025-05-29, 2025-06-06, 2025-06-10, 2025-06-23

redhat: CVE-2025-5268 was patched at 2025-05-29, 2025-06-05, 2025-06-09, 2025-06-10, 2025-06-16, 2025-06-17

47. Remote Code Execution - Mozilla Firefox (CVE-2025-5269) - High [419]

Description: Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.11 and Thunderbird < 128.11.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00061, EPSS Percentile is 0.19459

almalinux: CVE-2025-5269 was patched at 2025-05-29, 2025-06-10

debian: CVE-2025-5269 was patched at 2025-05-28, 2025-05-30, 2025-06-17

oraclelinux: CVE-2025-5269 was patched at 2025-05-29, 2025-06-06, 2025-06-10, 2025-06-23

redhat: CVE-2025-5269 was patched at 2025-05-29, 2025-06-05, 2025-06-09, 2025-06-10, 2025-06-16, 2025-06-17

48. Elevation of Privilege - FreeIPA (CVE-2025-4404) - High [416]

Description: A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814FreeIPA is a free and open source identity management system
CVSS Base Score0.910CVSS Base Score is 9.1. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00077, EPSS Percentile is 0.23868

debian: CVE-2025-4404 was patched at 2025-06-17

oraclelinux: CVE-2025-4404 was patched at 2025-06-17, 2025-06-18

redhat: CVE-2025-4404 was patched at 2025-06-17

49. Remote Code Execution - Commons BeanUtils (CVE-2025-48734) - High [416]

Description: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default. Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty(). Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests. This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils 1.x are recommended to upgrade to version 1.11.0, which fixes the issue. Users of the artifact org.apache.commons:commons-beanutils2 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Product detected by a:apache:commons_beanutils (exists in CPE dict)
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00215, EPSS Percentile is 0.44171

debian: CVE-2025-48734 was patched at 2025-06-17

oraclelinux: CVE-2025-48734 was patched at 2025-06-18

redhat: CVE-2025-48734 was patched at 2025-06-16

50. Remote Code Execution - Chromium (CVE-2025-6557) - High [407]

Description: Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.510CVSS Base Score is 5.4. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00088, EPSS Percentile is 0.26311

debian: CVE-2025-6557 was patched at 2025-06-17

51. Remote Code Execution - Mozilla Firefox (CVE-2025-4092) - High [407]

Description: Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138 and Thunderbird < 138.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00041, EPSS Percentile is 0.11831

altlinux: CVE-2025-4092 was patched at 2025-05-27

52. Code Injection - Vault (CVE-2023-0620) - High [404]

Description: HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.614Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing
CVSS Base Score0.710CVSS Base Score is 6.7. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00159, EPSS Percentile is 0.37698

redos: CVE-2023-0620 was patched at 2025-05-26

53. Remote Code Execution - .NET and Visual Studio (CVE-2025-30399) - High [402]

Description: Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714.NET and Visual Studio
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00027, EPSS Percentile is 0.05715

almalinux: CVE-2025-30399 was patched at 2025-06-11

oraclelinux: CVE-2025-30399 was patched at 2025-06-11, 2025-06-13

redhat: CVE-2025-30399 was patched at 2025-06-11, 2025-06-16

ubuntu: CVE-2025-30399 was patched at 2025-06-10

Medium (237)

54. Authentication Bypass - Apache Traffic Server (CVE-2025-31698) - Medium [398]

Description: ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol. This issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00042, EPSS Percentile is 0.11972

debian: CVE-2025-31698 was patched at 2025-06-17, 2025-06-24

55. Information Disclosure - Moodle (CVE-2025-32044) - Medium [395]

Description: A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00084, EPSS Percentile is 0.25559

altlinux: CVE-2025-32044 was patched at 2025-05-26

redos: CVE-2025-32044 was patched at 2025-06-16

56. Authentication Bypass - Chromium (CVE-2025-5067) - Medium [391]

Description: Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.510CVSS Base Score is 5.4. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00067, EPSS Percentile is 0.21131

debian: CVE-2025-5067 was patched at 2025-05-29, 2025-06-17

57. Denial of Service - Mozilla Firefox (CVE-2025-6424) - Medium [389]

Description: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.12868

debian: CVE-2025-6424 was patched at 2025-06-17

58. Arbitrary File Reading - Samba (CVE-2025-0620) - Medium [388]

Description: A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.710CVSS Base Score is 6.6. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00053, EPSS Percentile is 0.16371

ubuntu: CVE-2025-0620 was patched at 2025-06-10

59. Information Disclosure - Mozilla Firefox (CVE-2025-5266) - Medium [388]

Description: Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00082, EPSS Percentile is 0.24863

almalinux: CVE-2025-5266 was patched at 2025-05-29, 2025-06-10

debian: CVE-2025-5266 was patched at 2025-05-28, 2025-05-30, 2025-06-17

oraclelinux: CVE-2025-5266 was patched at 2025-05-29, 2025-06-06, 2025-06-10, 2025-06-23

redhat: CVE-2025-5266 was patched at 2025-05-29, 2025-06-05, 2025-06-09, 2025-06-10, 2025-06-16, 2025-06-17

60. Authentication Bypass - Apache Tomcat (CVE-2025-49125) - Medium [386]

Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04878

debian: CVE-2025-49125 was patched at 2025-06-17

61. Security Feature Bypass - libexpat (CVE-2012-1147) - Medium [386]

Description: readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514Product detected by a:libexpat_project:libexpat (exists in CPE dict)
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.810EPSS Probability is 0.01082, EPSS Percentile is 0.76831

debian: CVE-2012-1147 was patched at 2025-06-17

62. Cross Site Scripting - Vault (CVE-2023-2121) - Medium [385]

Description: Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing
CVSS Base Score0.510CVSS Base Score is 5.4. According to NVD data source
EPSS Percentile0.710EPSS Probability is 0.00587, EPSS Percentile is 0.68096

redos: CVE-2023-2121 was patched at 2025-05-26

63. Remote Code Execution - Mozilla Firefox (CVE-2025-4089) - Medium [383]

Description: Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 138 and Thunderbird < 138.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00025, EPSS Percentile is 0.05227

altlinux: CVE-2025-4089 was patched at 2025-05-27

64. Remote Code Execution - Mozilla Firefox (CVE-2025-5264) - Medium [383]

Description: Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 4.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.0004, EPSS Percentile is 0.11308

almalinux: CVE-2025-5264 was patched at 2025-05-29, 2025-06-10

debian: CVE-2025-5264 was patched at 2025-05-28, 2025-05-30, 2025-06-17

oraclelinux: CVE-2025-5264 was patched at 2025-05-29, 2025-06-06, 2025-06-10, 2025-06-23

redhat: CVE-2025-5264 was patched at 2025-05-29, 2025-06-05, 2025-06-09, 2025-06-10, 2025-06-16, 2025-06-17

redos: CVE-2025-5264 was patched at 2025-06-16

65. Elevation of Privilege - Mozilla Firefox (CVE-2025-4085) - Medium [380]

Description: An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 7.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00036, EPSS Percentile is 0.09138

altlinux: CVE-2025-4085 was patched at 2025-05-27

66. Memory Corruption - Chromium (CVE-2025-5063) - Medium [377]

Description: Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00193, EPSS Percentile is 0.41619

debian: CVE-2025-5063 was patched at 2025-05-29, 2025-06-17

67. Security Feature Bypass - Chromium (CVE-2025-5064) - Medium [377]

Description: Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.510CVSS Base Score is 5.4. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00069, EPSS Percentile is 0.21712

debian: CVE-2025-5064 was patched at 2025-05-29, 2025-06-17

68. Security Feature Bypass - Mozilla Firefox (CVE-2025-4088) - Medium [377]

Description: A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox < 138 and Thunderbird < 138.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00021, EPSS Percentile is 0.03739

altlinux: CVE-2025-4088 was patched at 2025-05-27

69. Security Feature Bypass - Nomad (CVE-2022-41606) - Medium [375]

Description: HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514Product detected by a:hashicorp:nomad (exists in CPE dict)
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00221, EPSS Percentile is 0.44799

redos: CVE-2022-41606 was patched at 2025-05-26

70. Information Disclosure - tvOS (CVE-2023-40403) - Medium [374]

Description: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514Product detected by o:apple:tvos (exists in CPE dict)
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00262, EPSS Percentile is 0.49426

almalinux: CVE-2023-40403 was patched at 2025-06-09

debian: CVE-2023-40403 was patched at 2025-06-17

oraclelinux: CVE-2023-40403 was patched at 2025-06-09

redhat: CVE-2023-40403 was patched at 2025-06-09, 2025-06-12

71. Authentication Bypass - PostgreSQL (CVE-2025-49146) - Medium [370]

Description: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.614PostgreSQL also known as Postgres, is a free and open-source relational database management system emphasizing extensibility and SQL compliance.
CVSS Base Score0.810CVSS Base Score is 8.2. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00017, EPSS Percentile is 0.02603

debian: CVE-2025-49146 was patched at 2025-06-17

72. Arbitrary File Reading - Perl (CVE-2025-40908) - Medium [367]

Description: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 9.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00038, EPSS Percentile is 0.10541

debian: CVE-2025-40908 was patched at 2025-06-17

oraclelinux: CVE-2025-40908 was patched at 2025-06-23, 2025-06-24

73. Denial of Service - GNOME desktop (CVE-2025-5024) - Medium [365]

Description: A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 7.4. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00055, EPSS Percentile is 0.1718

debian: CVE-2025-5024 was patched at 2025-05-22

74. Memory Corruption - Chromium (CVE-2025-5068) - Medium [365]

Description: Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00121, EPSS Percentile is 0.32148

debian: CVE-2025-5068 was patched at 2025-06-04, 2025-06-17

75. Information Disclosure - Chromium (CVE-2025-5281) - Medium [364]

Description: Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.510CVSS Base Score is 5.4. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00069, EPSS Percentile is 0.21712

debian: CVE-2025-5281 was patched at 2025-05-29, 2025-06-17

76. Authentication Bypass - Moodle (CVE-2025-3627) - Medium [363]

Description: A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00063, EPSS Percentile is 0.19869

altlinux: CVE-2025-3627 was patched at 2025-05-26

redos: CVE-2025-3627 was patched at 2025-05-26

77. Security Feature Bypass - pulp (CVE-2024-7143) - Medium [363]

Description: A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514Product detected by a:pulpproject:pulp (exists in CPE dict)
CVSS Base Score0.810CVSS Base Score is 8.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00055, EPSS Percentile is 0.17315

oraclelinux: CVE-2024-7143 was patched at 2025-06-09

78. Denial of Service - Apache Traffic Server (CVE-2025-49763) - Medium [360]

Description: ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00052, EPSS Percentile is 0.163

debian: CVE-2025-49763 was patched at 2025-06-17, 2025-06-24

79. Cross Site Scripting - Mozilla Firefox (CVE-2025-6430) - Medium [359]

Description: When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `&lt;embed&gt;` or `&lt;object&gt;` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.610CVSS Base Score is 6.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00029, EPSS Percentile is 0.06315

debian: CVE-2025-6430 was patched at 2025-06-17

80. Cross Site Scripting - python-markdown2 (CVE-2018-5773) - Medium [357]

Description: An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Product detected by a:python-markdown2_project:python-markdown2 (exists in CPE dict)
CVSS Base Score0.610CVSS Base Score is 6.1. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00262, EPSS Percentile is 0.49425

altlinux: CVE-2018-5773 was patched at 2025-05-26

81. Denial of Service - libxml2 (CVE-2025-49796) - Medium [355]

Description: A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
CVSS Base Score0.910CVSS Base Score is 9.1. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00052, EPSS Percentile is 0.16242

debian: CVE-2025-49796 was patched at 2025-06-17

82. Security Feature Bypass - Vault (CVE-2022-41316) - Medium [355]

Description: HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00105, EPSS Percentile is 0.29435

redos: CVE-2022-41316 was patched at 2025-05-26

83. Incorrect Calculation - Chromium (CVE-2025-6191) - Medium [353]

Description: Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00054, EPSS Percentile is 0.17024

debian: CVE-2025-6191 was patched at 2025-06-17, 2025-06-18

84. Memory Corruption - Chromium (CVE-2025-5958) - Medium [353]

Description: Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00076, EPSS Percentile is 0.23469

debian: CVE-2025-5958 was patched at 2025-06-11, 2025-06-17

85. Memory Corruption - Chromium (CVE-2025-6192) - Medium [353]

Description: Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00073, EPSS Percentile is 0.22859

debian: CVE-2025-6192 was patched at 2025-06-17, 2025-06-18

86. Security Feature Bypass - Chromium (CVE-2025-6556) - Medium [353]

Description: Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.510CVSS Base Score is 5.4. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00018, EPSS Percentile is 0.02927

debian: CVE-2025-6556 was patched at 2025-06-17

87. Security Feature Bypass - Mozilla Firefox (CVE-2025-5263) - Medium [353]

Description: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00034, EPSS Percentile is 0.08428

almalinux: CVE-2025-5263 was patched at 2025-05-29, 2025-06-10

debian: CVE-2025-5263 was patched at 2025-05-28, 2025-05-30, 2025-06-17

oraclelinux: CVE-2025-5263 was patched at 2025-05-29, 2025-06-06, 2025-06-10, 2025-06-23

redhat: CVE-2025-5263 was patched at 2025-05-29, 2025-06-05, 2025-06-09, 2025-06-10, 2025-06-16, 2025-06-17

redos: CVE-2025-5263 was patched at 2025-06-16

88. Authentication Bypass - Moodle (CVE-2025-3634) - Medium [351]

Description: A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07285

altlinux: CVE-2025-3634 was patched at 2025-05-26

redos: CVE-2025-3634 was patched at 2025-05-26

89. Denial of Service - clickhouse (CVE-2019-16536) - Medium [351]

Description: Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:clickhouse:clickhouse (exists in CPE dict)
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00091, EPSS Percentile is 0.26975

debian: CVE-2019-16536 was patched at 2025-06-17

90. Denial of Service - Vault (CVE-2023-0665) - Medium [344]

Description: HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00083, EPSS Percentile is 0.25221

redos: CVE-2023-0665 was patched at 2025-05-26

91. Denial of Service - libxml2 (CVE-2025-49795) - Medium [344]

Description: A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00052, EPSS Percentile is 0.16242

debian: CVE-2025-49795 was patched at 2025-06-17

92. Denial of Service - libxml2 (CVE-2025-6021) - Medium [344]

Description: A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00052, EPSS Percentile is 0.16242

debian: CVE-2025-6021 was patched at 2025-06-17

93. Denial of Service - Mozilla Firefox (CVE-2025-5267) - Medium [341]

Description: A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.4. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00065, EPSS Percentile is 0.20599

almalinux: CVE-2025-5267 was patched at 2025-05-29, 2025-06-10

debian: CVE-2025-5267 was patched at 2025-05-28, 2025-05-30, 2025-06-17

oraclelinux: CVE-2025-5267 was patched at 2025-05-29, 2025-06-06, 2025-06-10, 2025-06-23

redhat: CVE-2025-5267 was patched at 2025-05-29, 2025-06-05, 2025-06-09, 2025-06-10, 2025-06-16, 2025-06-17

94. Information Disclosure - Mozilla Firefox (CVE-2025-6425) - Medium [341]

Description: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00029, EPSS Percentile is 0.06381

debian: CVE-2025-6425 was patched at 2025-06-17

95. Security Feature Bypass - TLS (CVE-2025-6032) - Medium [339]

Description: A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 8.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00019, EPSS Percentile is 0.03058

debian: CVE-2025-6032 was patched at 2025-06-17

96. Remote Code Execution - Redis (CVE-2025-27151) - Medium [338]

Description: Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score0.510CVSS Base Score is 4.7. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.0001, EPSS Percentile is 0.00772

debian: CVE-2025-27151 was patched at 2025-06-17

97. Command Injection - Git (CVE-2025-22237) - Medium [335]

Description: An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.414Git
CVSS Base Score0.710CVSS Base Score is 6.7. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00027, EPSS Percentile is 0.05671

altlinux: CVE-2025-22237 was patched at 2025-06-18, 2025-06-19

98. Path Traversal - tar-fs (CVE-2025-48387) - Medium [334]

Description: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.414Filesystem bindings for tar-stream that allow you to pack directories into tarballs and extract tarballs into directories
CVSS Base Score0.910CVSS Base Score is 8.7. According to Vulners data source
EPSS Percentile0.310EPSS Probability is 0.00123, EPSS Percentile is 0.32472

debian: CVE-2025-48387 was patched at 2025-06-17

99. Remote Code Execution - Unknown Product (CVE-2025-3887) - Medium [333]

Description: {'nvd_cve_data_all': 'GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\n\nThe specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26596.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00194, EPSS Percentile is 0.41755

almalinux: CVE-2025-3887 was patched at 2025-05-27

debian: CVE-2025-3887 was patched at 2025-06-11, 2025-06-17

oraclelinux: CVE-2025-3887 was patched at 2025-05-27

redhat: CVE-2025-3887 was patched at 2025-05-27, 2025-06-12, 2025-06-13

ubuntu: CVE-2025-3887 was patched at 2025-06-05

100. Command Injection - Python (CVE-2025-50181) - Medium [332]

Description: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00011, EPSS Percentile is 0.01009

debian: CVE-2025-50181 was patched at 2025-06-17

101. Incorrect Calculation - LibTomMath (CVE-2025-40914) - Medium [332]

Description: Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.614LibTomMath is a free open source portable number theoretic multiple-precision integer library written entirely in C
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00057, EPSS Percentile is 0.18006

debian: CVE-2025-40914 was patched at 2025-06-17

102. Information Disclosure - Netty (CVE-2025-49128) - Medium [329]

Description: Jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's `JsonLocation._appendSourceDesc` method allows up to 500 bytes of unintended memory content to be included in exception messages. When parsing JSON from a byte array with an offset and length, the exception message incorrectly reads from the beginning of the array instead of the logical payload start. This results in possible information disclosure in systems using pooled or reused buffers, like Netty or Vert.x. This issue was silently fixed in jackson-core version 2.13.0, released on September 30, 2021, via PR #652. All users should upgrade to version 2.13.0 or later. If upgrading is not immediately possible, applications can mitigate the issue by disabling exception message exposure to clients to avoid returning parsing exception messages in HTTP responses and/or disabling source inclusion in exceptions to prevent Jackson from embedding any source content in exception messages, avoiding leakage.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients
CVSS Base Score0.410CVSS Base Score is 4.0. According to NVD data source
EPSS Percentile0.010EPSS Probability is 5e-05, EPSS Percentile is 0.00207

debian: CVE-2025-49128 was patched at 2025-06-17

103. Open Redirect - Node.js (CVE-2025-50182) - Medium [326]

Description: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.0001, EPSS Percentile is 0.00761

debian: CVE-2025-50182 was patched at 2025-06-17

104. Information Disclosure - Moodle (CVE-2025-3628) - Medium [324]

Description: A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00033, EPSS Percentile is 0.07709

altlinux: CVE-2025-3628 was patched at 2025-05-26

redos: CVE-2025-3628 was patched at 2025-06-16

105. Denial of Service - Wireshark (CVE-2025-5601) - Medium [320]

Description: Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00018, EPSS Percentile is 0.02774

debian: CVE-2025-5601 was patched at 2025-06-17

106. Memory Corruption - libxml2 (CVE-2025-49794) - Medium [320]

Description: A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
CVSS Base Score0.910CVSS Base Score is 9.1. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00068, EPSS Percentile is 0.2133

debian: CVE-2025-49794 was patched at 2025-06-17

107. Information Disclosure - Vault (CVE-2023-25000) - Medium [319]

Description: HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing
CVSS Base Score0.510CVSS Base Score is 4.7. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00039, EPSS Percentile is 0.10929

redos: CVE-2023-25000 was patched at 2025-05-26

108. Memory Corruption - Mozilla Firefox (CVE-2025-3608) - Medium [317]

Description: A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00036, EPSS Percentile is 0.08951

altlinux: CVE-2025-3608 was patched at 2025-05-27

109. Memory Corruption - Mozilla Firefox (CVE-2025-4090) - Medium [317]

Description: A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird < 138.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00041, EPSS Percentile is 0.11831

altlinux: CVE-2025-4090 was patched at 2025-05-27

debian: CVE-2025-40908 was patched at 2025-06-17

debian: CVE-2025-40909 was patched at 2025-06-17

oraclelinux: CVE-2025-40908 was patched at 2025-06-23, 2025-06-24

110. Memory Corruption - libvpx (CVE-2025-5283) - Medium [317]

Description: Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia)
CVSS Base Score0.510CVSS Base Score is 5.4. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00089, EPSS Percentile is 0.26401

debian: CVE-2025-5283 was patched at 2025-05-28, 2025-05-29, 2025-05-30, 2025-06-17

oraclelinux: CVE-2025-5283 was patched at 2025-06-16, 2025-06-23

redhat: CVE-2025-5283 was patched at 2025-05-29, 2025-06-05, 2025-06-09, 2025-06-10, 2025-06-16, 2025-06-17

ubuntu: CVE-2025-5283 was patched at 2025-06-03

111. Denial of Service - Tika (CVE-2022-30973) - Medium [315]

Description: We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Product detected by a:apache:tika (exists in CPE dict)
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00128, EPSS Percentile is 0.3324

ubuntu: CVE-2022-30973 was patched at 2025-05-23

112. Path Traversal - Unknown Product (CVE-2024-38824) - Medium [315]

Description: {'nvd_cve_data_all': 'Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.6. According to NVD data source
EPSS Percentile0.610EPSS Probability is 0.00431, EPSS Percentile is 0.61729

altlinux: CVE-2024-38824 was patched at 2025-06-18, 2025-06-19

113. Information Disclosure - Nomad (CVE-2023-3299) - Medium [314]

Description: HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514Product detected by a:hashicorp:nomad (exists in CPE dict)
CVSS Base Score0.310CVSS Base Score is 2.7. According to NVD data source
EPSS Percentile0.410EPSS Probability is 0.00196, EPSS Percentile is 0.42028

redos: CVE-2023-3299 was patched at 2025-05-26

114. Incorrect Calculation - SQLite (CVE-2025-29087) - Medium [313]

Description: In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00045, EPSS Percentile is 0.13391

ubuntu: CVE-2025-29087 was patched at 2025-05-22

115. Security Feature Bypass - Moodle (CVE-2025-3635) - Medium [313]

Description: A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License
CVSS Base Score0.310CVSS Base Score is 3.5. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00016, EPSS Percentile is 0.02119

altlinux: CVE-2025-3635 was patched at 2025-05-26

redos: CVE-2025-3635 was patched at 2025-05-26

116. Spoofing - Chromium (CVE-2025-5065) - Medium [311]

Description: Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00067, EPSS Percentile is 0.21144

debian: CVE-2025-5065 was patched at 2025-05-29, 2025-06-17

117. Spoofing - Chromium (CVE-2025-5066) - Medium [311]

Description: Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00067, EPSS Percentile is 0.21144

debian: CVE-2025-5066 was patched at 2025-05-29, 2025-06-17

118. Remote Code Execution - NVIDIA CUDA Toolkit (CVE-2025-23247) - Medium [309]

Description: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this vulnerability might lead to arbitrary code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514The NVIDIA CUDA Toolkit provides a development environment for creating high-performance, GPU-accelerated applications
CVSS Base Score0.410CVSS Base Score is 4.4. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00015, EPSS Percentile is 0.0189

debian: CVE-2025-23247 was patched at 2025-06-17

119. Memory Corruption - Python (CVE-2025-48945) - Medium [308]

Description: pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile0.210EPSS Probability is 0.0006, EPSS Percentile is 0.18871

debian: CVE-2025-48945 was patched at 2025-06-17

120. Authentication Bypass - TLS (CVE-2024-38823) - Medium [305]

Description: Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.310CVSS Base Score is 2.7. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00041, EPSS Percentile is 0.11766

altlinux: CVE-2024-38823 was patched at 2025-06-18, 2025-06-19

121. Memory Corruption - Chromium (CVE-2025-6555) - Medium [305]

Description: Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.510CVSS Base Score is 5.4. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00051, EPSS Percentile is 0.15923

debian: CVE-2025-6555 was patched at 2025-06-17

122. Code Injection - Unknown Product (CVE-2025-48949) - Medium [304]

Description: {'nvd_cve_data_all': 'Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within the API endpoint `/api/artist`. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information. Version 0.56.0 contains a patch for the issue.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within the API endpoint `/api/artist`. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information. Version 0.56.0 contains a patch for the issue.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile0.210EPSS Probability is 0.00074, EPSS Percentile is 0.23064

altlinux: CVE-2025-48949 was patched at 2025-06-10

123. Code Injection - Unknown Product (CVE-2025-26533) - Medium [292]

Description: {'nvd_cve_data_all': 'An SQL injection risk was identified in the module list filter within course search.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An SQL injection risk was identified in the module list filter within course search.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.0007, EPSS Percentile is 0.22229

altlinux: CVE-2025-26533 was patched at 2025-05-26

124. Incorrect Calculation - Nomad (CVE-2023-1296) - Medium [291]

Description: HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.514Product detected by a:hashicorp:nomad (exists in CPE dict)
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00248, EPSS Percentile is 0.4799

redos: CVE-2023-1296 was patched at 2025-05-26

125. Remote Code Execution - Unknown Product (CVE-2025-5473) - Medium [285]

Description: {'nvd_cve_data_all': 'GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00047, EPSS Percentile is 0.14504

debian: CVE-2025-5473 was patched at 2025-06-06, 2025-06-17

oraclelinux: CVE-2025-5473 was patched at 2025-06-17

redhat: CVE-2025-5473 was patched at 2025-06-17

126. Memory Corruption - Binutils (CVE-2025-5244) - Medium [282]

Description: A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00019, EPSS Percentile is 0.03323

debian: CVE-2025-5244 was patched at 2025-06-17

127. Memory Corruption - Binutils (CVE-2025-5245) - Medium [282]

Description: A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00019, EPSS Percentile is 0.03323

debian: CVE-2025-5245 was patched at 2025-06-17

128. Security Feature Bypass - Unknown Product (CVE-2025-5455) - Medium [279]

Description: {'nvd_cve_data_all': 'An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code.\n\nIf the function was called with malformed data, for example, an URL that\ncontained a "charset" parameter that lacked a value (such as\n"data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service\n(abort).\n\nThis impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.4. According to Vulners data source
EPSS Percentile0.210EPSS Probability is 0.00078, EPSS Percentile is 0.24038

debian: CVE-2025-5455 was patched at 2025-06-17

oraclelinux: CVE-2025-5455 was patched at 2025-06-24

129. Denial of Service - Linux Kernel (CVE-2022-50103) - Medium [275]

Description: In the Linux kernel, the following vulnerability has been resolved: sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed With cgroup v2, the cpuset's cpus_allowed mask can be empty indicating that the cpuset will just use the effective CPUs of its parent. So cpuset_can_attach() can call task_can_attach() with an empty mask. This can lead to cpumask_any_and() returns nr_cpu_ids causing the call to dl_bw_of() to crash due to percpu value access of an out of bound CPU value. For example: [80468.182258] BUG: unable to handle page fault for address: ffffffff8b6648b0 : [80468.191019] RIP: 0010:dl_cpu_busy+0x30/0x2b0 : [80468.207946] Call Trace: [80468.208947] cpuset_can_attach+0xa0/0x140 [80468.209953] cgroup_migrate_execute+0x8c/0x490 [80468.210931] cgroup_update_dfl_csses+0x254/0x270 [80468.211898] cgroup_subtree_control_write+0x322/0x400 [80468.212854] kernfs_fop_write_iter+0x11c/0x1b0 [80468.213777] new_sync_write+0x11f/0x1b0 [80468.214689] vfs_write+0x1eb/0x280 [80468.215592] ksys_write+0x5f/0xe0 [80468.216463] do_syscall_64+0x5c/0x80 [80468.224287] entry_SYSCALL_64_after_hwframe+0x44/0xae Fix that by using effective_cpus instead. For cgroup v1, effective_cpus is the same as cpus_allowed. For v2, effective_cpus is the real cpumask to be used by tasks within the cpuset anyway. Also update task_can_attach()'s 2nd argument name to cs_effective_cpus to reflect the change. In addition, a check is added to task_can_attach() to guard against the possibility that cpumask_any_and() may return a value >= nr_cpu_ids.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50103 was patched at 2025-06-17

130. Remote Code Execution - Unknown Product (CVE-2025-49589) - Medium [273]

Description: {'nvd_cve_data_all': 'PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile0.210EPSS Probability is 0.00051, EPSS Percentile is 0.15785

debian: CVE-2025-49589 was patched at 2025-06-17

131. Authentication Bypass - Unknown Product (CVE-2025-22236) - Medium [270]

Description: {'nvd_cve_data_all': 'Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.0002, EPSS Percentile is 0.03643

altlinux: CVE-2025-22236 was patched at 2025-06-18, 2025-06-19

132. Code Injection - Unknown Product (CVE-2024-44905) - Medium [268]

Description: {'nvd_cve_data_all': 'go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00028, EPSS Percentile is 0.05931

debian: CVE-2024-44905 was patched at 2025-06-17

133. Code Injection - Unknown Product (CVE-2025-32801) - Medium [268]

Description: {'nvd_cve_data_all': 'Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths.\nThis issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.0001, EPSS Percentile is 0.00728

debian: CVE-2025-32801 was patched at 2025-06-17

134. Memory Corruption - HTTP/2 (CVE-2025-5991) - Medium [263]

Description: There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a POST request and the simultaneous handling of HTTP error responses. This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile0.010EPSS Probability is 0.00019, EPSS Percentile is 0.03158

debian: CVE-2025-5991 was patched at 2025-06-17

135. Remote Code Execution - Unknown Product (CVE-2025-5222) - Medium [261]

Description: {'nvd_cve_data_all': 'A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00025, EPSS Percentile is 0.04998

debian: CVE-2025-5222 was patched at 2025-06-17

136. Remote Code Execution - Unknown Product (CVE-2025-6035) - Medium [261]

Description: {'nvd_cve_data_all': 'A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.6. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01726

debian: CVE-2025-6035 was patched at 2025-06-17

137. Memory Corruption - Perl (CVE-2025-40909) - Medium [260]

Description: Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.9. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00015, EPSS Percentile is 0.02011

debian: CVE-2025-40909 was patched at 2025-06-17

138. Authentication Bypass - Unknown Product (CVE-2024-38825) - Medium [258]

Description: {'nvd_cve_data_all': 'The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00026, EPSS Percentile is 0.05455

altlinux: CVE-2024-38825 was patched at 2025-06-18, 2025-06-19

139. Authentication Bypass - Unknown Product (CVE-2024-47081) - Medium [258]

Description: {'nvd_cve_data_all': 'Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00062, EPSS Percentile is 0.19583

debian: CVE-2024-47081 was patched at 2025-06-17

ubuntu: CVE-2024-47081 was patched at 2025-06-16

140. Denial of Service - Libarchive (CVE-2025-5915) - Medium [255]

Description: A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.410CVSS Base Score is 3.9. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00013, EPSS Percentile is 0.01357

debian: CVE-2025-5915 was patched at 2025-06-17

141. Denial of Service - Libarchive (CVE-2025-5916) - Medium [255]

Description: A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.410CVSS Base Score is 3.9. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00015, EPSS Percentile is 0.01952

debian: CVE-2025-5916 was patched at 2025-06-17

142. Denial of Service - Libarchive (CVE-2025-5918) - Medium [255]

Description: A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.410CVSS Base Score is 3.9. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00015, EPSS Percentile is 0.01952

debian: CVE-2025-5918 was patched at 2025-06-17

143. Denial of Service - Unknown Product (CVE-2025-46807) - Medium [255]

Description: {'nvd_cve_data_all': 'A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.7. According to Vulners data source
EPSS Percentile0.210EPSS Probability is 0.00055, EPSS Percentile is 0.17371

debian: CVE-2025-46807 was patched at 2025-06-17

144. Unknown Vulnerability Type - OpenSSL (CVE-2025-48057) - Medium [252]

Description: {'nvd_cve_data_all': 'Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile0.110EPSS Probability is 0.0004, EPSS Percentile is 0.11338

debian: CVE-2025-48057 was patched at 2025-06-17

145. Incorrect Calculation - Linux Kernel (CVE-2022-50080) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in register_shm_helper() With special lengths supplied by user space, register_shm_helper() has an integer overflow when calculating the number of pages covered by a supplied user space memory region. This causes internal_get_user_pages_fast() a helper function of pin_user_pages_fast() to do a NULL pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Modules linked in: CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pc : internal_get_user_pages_fast+0x474/0xa80 Call trace: internal_get_user_pages_fast+0x474/0xa80 pin_user_pages_fast+0x24/0x4c register_shm_helper+0x194/0x330 tee_shm_register_user_buf+0x78/0x120 tee_ioctl+0xd0/0x11a0 __arm64_sys_ioctl+0xa8/0xec invoke_syscall+0x48/0x114 Fix this by adding an an explicit call to access_ok() in tee_shm_register_user_buf() to catch an invalid user space address early.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50080 was patched at 2025-06-17

146. Memory Corruption - Linux Kernel (CVE-2022-49939) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of ref->proc caused by race condition A transaction of type BINDER_TYPE_WEAK_HANDLE can fail to increment the reference for a node. In this case, the target proc normally releases the failed reference upon close as expected. However, if the target is dying in parallel the call will race with binder_deferred_release(), so the target could have released all of its references by now leaving the cleanup of the new failed reference unhandled. The transaction then ends and the target proc gets released making the ref->proc now a dangling pointer. Later on, ref->node is closed and we attempt to take spin_lock(&ref->proc->inner_lock), which leads to the use-after-free bug reported below. Let's fix this by cleaning up the failed reference on the spot instead of relying on the target to do so. ================================================================== BUG: KASAN: use-after-free in _raw_spin_lock+0xa8/0x150 Write of size 4 at addr ffff5ca207094238 by task kworker/1:0/590 CPU: 1 PID: 590 Comm: kworker/1:0 Not tainted 5.19.0-rc8 #10 Hardware name: linux,dummy-virt (DT) Workqueue: events binder_deferred_func Call trace: dump_backtrace.part.0+0x1d0/0x1e0 show_stack+0x18/0x70 dump_stack_lvl+0x68/0x84 print_report+0x2e4/0x61c kasan_report+0xa4/0x110 kasan_check_range+0xfc/0x1a4 __kasan_check_write+0x3c/0x50 _raw_spin_lock+0xa8/0x150 binder_deferred_func+0x5e0/0x9b0 process_one_work+0x38c/0x5f0 worker_thread+0x9c/0x694 kthread+0x188/0x190 ret_from_fork+0x10/0x20

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49939 was patched at 2025-06-17

147. Memory Corruption - Linux Kernel (CVE-2022-49968) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroy_workqueue call There is a possible race condition (use-after-free) like below (FREE) | (USE) adf7242_remove | adf7242_channel cancel_delayed_work_sync | destroy_workqueue (1) | adf7242_cmd_rx | mod_delayed_work (2) | The root cause for this race is that the upper layer (ieee802154) is unaware of this detaching event and the function adf7242_channel can be called without any checks. To fix this, we can add a flag write at the beginning of adf7242_remove and add flag check in adf7242_channel. Or we can just defer the destructive operation like other commit 3e0588c291d6 ("hamradio: defer ax25 kfree after unregister_netdev") which let the ieee802154_unregister_hw() to handle the synchronization. This patch takes the second option. runs")

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49968 was patched at 2025-06-17

148. Memory Corruption - Linux Kernel (CVE-2022-49977) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead ftrace_startup does not remove ops from ftrace_ops_list when ftrace_startup_enable fails: register_ftrace_function ftrace_startup __register_ftrace_function ... add_ftrace_ops(&ftrace_ops_list, ops) ... ... ftrace_startup_enable // if ftrace failed to modify, ftrace_disabled is set to 1 ... return 0 // ops is in the ftrace_ops_list. When ftrace_disabled = 1, unregister_ftrace_function simply returns without doing anything: unregister_ftrace_function ftrace_shutdown if (unlikely(ftrace_disabled)) return -ENODEV; // return here, __unregister_ftrace_function is not executed, // as a result, ops is still in the ftrace_ops_list __unregister_ftrace_function ... If ops is dynamically allocated, it will be free later, in this case, is_ftrace_trampoline accesses NULL pointer: is_ftrace_trampoline ftrace_ops_trampoline do_for_each_ftrace_op(op, ftrace_ops_list) // OOPS! op may be NULL! Syzkaller reports as follows: [ 1203.506103] BUG: kernel NULL pointer dereference, address: 000000000000010b [ 1203.508039] #PF: supervisor read access in kernel mode [ 1203.508798] #PF: error_code(0x0000) - not-present page [ 1203.509558] PGD 800000011660b067 P4D 800000011660b067 PUD 130fb8067 PMD 0 [ 1203.510560] Oops: 0000 [#1] SMP KASAN PTI [ 1203.511189] CPU: 6 PID: 29532 Comm: syz-executor.2 Tainted: G B W 5.10.0 #8 [ 1203.512324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1203.513895] RIP: 0010:is_ftrace_trampoline+0x26/0xb0 [ 1203.514644] Code: ff eb d3 90 41 55 41 54 49 89 fc 55 53 e8 f2 00 fd ff 48 8b 1d 3b 35 5d 03 e8 e6 00 fd ff 48 8d bb 90 00 00 00 e8 2a 81 26 00 <48> 8b ab 90 00 00 00 48 85 ed 74 1d e8 c9 00 fd ff 48 8d bb 98 00 [ 1203.518838] RSP: 0018:ffffc900012cf960 EFLAGS: 00010246 [ 1203.520092] RAX: 0000000000000000 RBX: 000000000000007b RCX: ffffffff8a331866 [ 1203.521469] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000010b [ 1203.522583] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8df18b07 [ 1203.523550] R10: fffffbfff1be3160 R11: 0000000000000001 R12: 0000000000478399 [ 1203.524596] R13: 0000000000000000 R14: ffff888145088000 R15: 0000000000000008 [ 1203.525634] FS: 00007f429f5f4700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 [ 1203.526801] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1203.527626] CR2: 000000000000010b CR3: 0000000170e1e001 CR4: 00000000003706e0 [ 1203.528611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1203.529605] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Therefore, when ftrace_startup_enable fails, we need to rollback registration process and remove ops from ftrace_ops_list.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49977 was patched at 2025-06-17

149. Memory Corruption - Linux Kernel (CVE-2022-49981) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix memory leak in hidraw_release() Free the buffered reports before deleting the list entry. BUG: memory leak unreferenced object 0xffff88810e72f180 (size 32): comm "softirq", pid 0, jiffies 4294945143 (age 16.080s) hex dump (first 32 bytes): 64 f3 c6 6a d1 88 07 04 00 00 00 00 00 00 00 00 d..j............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffff814ac6c3>] kmemdup+0x23/0x50 mm/util.c:128 [<ffffffff8357c1d2>] kmemdup include/linux/fortify-string.h:440 [inline] [<ffffffff8357c1d2>] hidraw_report_event+0xa2/0x150 drivers/hid/hidraw.c:521 [<ffffffff8356ddad>] hid_report_raw_event+0x27d/0x740 drivers/hid/hid-core.c:1992 [<ffffffff8356e41e>] hid_input_report+0x1ae/0x270 drivers/hid/hid-core.c:2065 [<ffffffff835f0d3f>] hid_irq_in+0x1ff/0x250 drivers/hid/usbhid/hid-core.c:284 [<ffffffff82d3c7f9>] __usb_hcd_giveback_urb+0xf9/0x230 drivers/usb/core/hcd.c:1670 [<ffffffff82d3cc26>] usb_hcd_giveback_urb+0x1b6/0x1d0 drivers/usb/core/hcd.c:1747 [<ffffffff82ef1e14>] dummy_timer+0x8e4/0x14c0 drivers/usb/gadget/udc/dummy_hcd.c:1988 [<ffffffff812f50a8>] call_timer_fn+0x38/0x200 kernel/time/timer.c:1474 [<ffffffff812f5586>] expire_timers kernel/time/timer.c:1519 [inline] [<ffffffff812f5586>] __run_timers.part.0+0x316/0x430 kernel/time/timer.c:1790 [<ffffffff812f56e4>] __run_timers kernel/time/timer.c:1768 [inline] [<ffffffff812f56e4>] run_timer_softirq+0x44/0x90 kernel/time/timer.c:1803 [<ffffffff848000e6>] __do_softirq+0xe6/0x2ea kernel/softirq.c:571 [<ffffffff81246db0>] invoke_softirq kernel/softirq.c:445 [inline] [<ffffffff81246db0>] __irq_exit_rcu kernel/softirq.c:650 [inline] [<ffffffff81246db0>] irq_exit_rcu+0xc0/0x110 kernel/softirq.c:662 [<ffffffff84574f02>] sysvec_apic_timer_interrupt+0xa2/0xd0 arch/x86/kernel/apic/apic.c:1106 [<ffffffff84600c8b>] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649 [<ffffffff8458a070>] native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline] [<ffffffff8458a070>] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline] [<ffffffff8458a070>] acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline] [<ffffffff8458a070>] acpi_idle_do_entry+0xc0/0xd0 drivers/acpi/processor_idle.c:554

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49981 was patched at 2025-06-17

150. Memory Corruption - Linux Kernel (CVE-2022-49982) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix memory leak in pvr_probe The error handling code in pvr2_hdw_create forgets to unregister the v4l2 device. When pvr2_hdw_create returns back to pvr2_context_create, it calls pvr2_context_destroy to destroy context, but mp->hdw is NULL, which leads to that pvr2_hdw_destroy directly returns. Fix this by adding v4l2_device_unregister to decrease the refcount of usb interface.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49982 was patched at 2025-06-17

151. Memory Corruption - Linux Kernel (CVE-2022-49984) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report It is possible for a malicious device to forgo submitting a Feature Report. The HID Steam driver presently makes no prevision for this and de-references the 'struct hid_report' pointer obtained from the HID devices without first checking its validity. Let's change that.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49984 was patched at 2025-06-17

152. Memory Corruption - Linux Kernel (CVE-2022-50002) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY Only set MLX5_LAG_FLAG_NDEVS_READY if both netdevices are registered. Doing so guarantees that both ldev->pf[MLX5_LAG_P0].dev and ldev->pf[MLX5_LAG_P1].dev have valid pointers when MLX5_LAG_FLAG_NDEVS_READY is set. The core issue is asymmetry in setting MLX5_LAG_FLAG_NDEVS_READY and clearing it. Setting it is done wrongly when both ldev->pf[MLX5_LAG_P0].dev and ldev->pf[MLX5_LAG_P1].dev are set; clearing it is done right when either of ldev->pf[i].netdev is cleared. Consider the following scenario: 1. PF0 loads and sets ldev->pf[MLX5_LAG_P0].dev to a valid pointer 2. PF1 loads and sets both ldev->pf[MLX5_LAG_P1].dev and ldev->pf[MLX5_LAG_P1].netdev with valid pointers. This results in MLX5_LAG_FLAG_NDEVS_READY is set. 3. PF0 is unloaded before setting dev->pf[MLX5_LAG_P0].netdev. MLX5_LAG_FLAG_NDEVS_READY remains set. Further execution of mlx5_do_bond() will result in null pointer dereference when calling mlx5_lag_is_multipath() This patch fixes the following call trace actually encountered: [ 1293.475195] BUG: kernel NULL pointer dereference, address: 00000000000009a8 [ 1293.478756] #PF: supervisor read access in kernel mode [ 1293.481320] #PF: error_code(0x0000) - not-present page [ 1293.483686] PGD 0 P4D 0 [ 1293.484434] Oops: 0000 [#1] SMP PTI [ 1293.485377] CPU: 1 PID: 23690 Comm: kworker/u16:2 Not tainted 5.18.0-rc5_for_upstream_min_debug_2022_05_05_10_13 #1 [ 1293.488039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 1293.490836] Workqueue: mlx5_lag mlx5_do_bond_work [mlx5_core] [ 1293.492448] RIP: 0010:mlx5_lag_is_multipath+0x5/0x50 [mlx5_core] [ 1293.494044] Code: e8 70 40 ff e0 48 8b 14 24 48 83 05 5c 1a 1b 00 01 e9 19 ff ff ff 48 83 05 47 1a 1b 00 01 eb d7 0f 1f 44 00 00 0f 1f 44 00 00 <48> 8b 87 a8 09 00 00 48 85 c0 74 26 48 83 05 a7 1b 1b 00 01 41 b8 [ 1293.498673] RSP: 0018:ffff88811b2fbe40 EFLAGS: 00010202 [ 1293.500152] RAX: ffff88818a94e1c0 RBX: ffff888165eca6c0 RCX: 0000000000000000 [ 1293.501841] RDX: 0000000000000001 RSI: ffff88818a94e1c0 RDI: 0000000000000000 [ 1293.503585] RBP: 0000000000000000 R08: ffff888119886740 R09: ffff888165eca73c [ 1293.505286] R10: 0000000000000018 R11: 0000000000000018 R12: ffff88818a94e1c0 [ 1293.506979] R13: ffff888112729800 R14: 0000000000000000 R15: ffff888112729858 [ 1293.508753] FS: 0000000000000000(0000) GS:ffff88852cc40000(0000) knlGS:0000000000000000 [ 1293.510782] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1293.512265] CR2: 00000000000009a8 CR3: 00000001032d4002 CR4: 0000000000370ea0 [ 1293.514001] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1293.515806] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00025, EPSS Percentile is 0.05193

debian: CVE-2022-50002 was patched at 2025-06-17

153. Memory Corruption - Linux Kernel (CVE-2022-50022) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: drivers:md:fix a potential use-after-free bug In line 2884, "raid5_release_stripe(sh);" drops the reference to sh and may cause sh to be released. However, sh is subsequently used in lines 2886 "if (sh->batch_head && sh != sh->batch_head)". This may result in an use-after-free bug. It can be fixed by moving "raid5_release_stripe(sh);" to the bottom of the function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50022 was patched at 2025-06-17

154. Memory Corruption - Linux Kernel (CVE-2022-50025) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: cxl: Fix a memory leak in an error handling path A bitmap_zalloc() must be balanced by a corresponding bitmap_free() in the error handling path of afu_allocate_irqs().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50025 was patched at 2025-06-17

155. Memory Corruption - Linux Kernel (CVE-2022-50067) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() In btrfs_relocate_block_group(), the rc is allocated. Then btrfs_relocate_block_group() calls relocate_block_group() prepare_to_relocate() set_reloc_control() that assigns rc to the variable fs_info->reloc_ctl. When prepare_to_relocate() returns, it calls btrfs_commit_transaction() btrfs_start_dirty_block_groups() btrfs_alloc_path() kmem_cache_zalloc() which may fail for example (or other errors could happen). When the failure occurs, btrfs_relocate_block_group() detects the error and frees rc and doesn't set fs_info->reloc_ctl to NULL. After that, in btrfs_init_reloc_root(), rc is retrieved from fs_info->reloc_ctl and then used, which may cause a use-after-free bug. This possible bug can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). To fix this possible bug, in prepare_to_relocate(), check if btrfs_commit_transaction() fails. If the failure occurs, unset_reloc_control() is called to set fs_info->reloc_ctl to NULL. The error log in our fault-injection testing is shown as follows: [ 58.751070] BUG: KASAN: use-after-free in btrfs_init_reloc_root+0x7ca/0x920 [btrfs] ... [ 58.753577] Call Trace: ... [ 58.755800] kasan_report+0x45/0x60 [ 58.756066] btrfs_init_reloc_root+0x7ca/0x920 [btrfs] [ 58.757304] record_root_in_trans+0x792/0xa10 [btrfs] [ 58.757748] btrfs_record_root_in_trans+0x463/0x4f0 [btrfs] [ 58.758231] start_transaction+0x896/0x2950 [btrfs] [ 58.758661] btrfs_defrag_root+0x250/0xc00 [btrfs] [ 58.759083] btrfs_ioctl_defrag+0x467/0xa00 [btrfs] [ 58.759513] btrfs_ioctl+0x3c95/0x114e0 [btrfs] ... [ 58.768510] Allocated by task 23683: [ 58.768777] ____kasan_kmalloc+0xb5/0xf0 [ 58.769069] __kmalloc+0x227/0x3d0 [ 58.769325] alloc_reloc_control+0x10a/0x3d0 [btrfs] [ 58.769755] btrfs_relocate_block_group+0x7aa/0x1e20 [btrfs] [ 58.770228] btrfs_relocate_chunk+0xf1/0x760 [btrfs] [ 58.770655] __btrfs_balance+0x1326/0x1f10 [btrfs] [ 58.771071] btrfs_balance+0x3150/0x3d30 [btrfs] [ 58.771472] btrfs_ioctl_balance+0xd84/0x1410 [btrfs] [ 58.771902] btrfs_ioctl+0x4caa/0x114e0 [btrfs] ... [ 58.773337] Freed by task 23683: ... [ 58.774815] kfree+0xda/0x2b0 [ 58.775038] free_reloc_control+0x1d6/0x220 [btrfs] [ 58.775465] btrfs_relocate_block_group+0x115c/0x1e20 [btrfs] [ 58.775944] btrfs_relocate_chunk+0xf1/0x760 [btrfs] [ 58.776369] __btrfs_balance+0x1326/0x1f10 [btrfs] [ 58.776784] btrfs_balance+0x3150/0x3d30 [btrfs] [ 58.777185] btrfs_ioctl_balance+0xd84/0x1410 [btrfs] [ 58.777621] btrfs_ioctl+0x4caa/0x114e0 [btrfs] ...

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50067 was patched at 2025-06-17

156. Memory Corruption - Linux Kernel (CVE-2022-50072) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to free either the open slot or the layoutget operation arguments, since they are likely still in use by the hung RPC call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50072 was patched at 2025-06-17

157. Memory Corruption - Linux Kernel (CVE-2022-50078) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Do not allow eprobes to use $stack, or % for regs While playing with event probes (eprobes), I tried to see what would happen if I attempted to retrieve the instruction pointer (%rip) knowing that event probes do not use pt_regs. The result was: BUG: kernel NULL pointer dereference, address: 0000000000000024 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 1847 Comm: trace-cmd Not tainted 5.19.0-rc5-test+ #309 Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01 v03.03 07/14/2016 RIP: 0010:get_event_field.isra.0+0x0/0x50 Code: ff 48 c7 c7 c0 8f 74 a1 e8 3d 8b f5 ff e8 88 09 f6 ff 4c 89 e7 e8 50 6a 13 00 48 89 ef 5b 5d 41 5c 41 5d e9 42 6a 13 00 66 90 <48> 63 47 24 8b 57 2c 48 01 c6 8b 47 28 83 f8 02 74 0e 83 f8 04 74 RSP: 0018:ffff916c394bbaf0 EFLAGS: 00010086 RAX: ffff916c854041d8 RBX: ffff916c8d9fbf50 RCX: ffff916c255d2000 RDX: 0000000000000000 RSI: ffff916c255d2008 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff916c3a2a0c08 R09: ffff916c394bbda8 R10: 0000000000000000 R11: 0000000000000000 R12: ffff916c854041d8 R13: ffff916c854041b0 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff916c9ea40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000024 CR3: 000000011b60a002 CR4: 00000000001706e0 Call Trace: <TASK> get_eprobe_size+0xb4/0x640 ? __mod_node_page_state+0x72/0xc0 __eprobe_trace_func+0x59/0x1a0 ? __mod_lruvec_page_state+0xaa/0x1b0 ? page_remove_file_rmap+0x14/0x230 ? page_remove_rmap+0xda/0x170 event_triggers_call+0x52/0xe0 trace_event_buffer_commit+0x18f/0x240 trace_event_raw_event_sched_wakeup_template+0x7a/0xb0 try_to_wake_up+0x260/0x4c0 __wake_up_common+0x80/0x180 __wake_up_common_lock+0x7c/0xc0 do_notify_parent+0x1c9/0x2a0 exit_notify+0x1a9/0x220 do_exit+0x2ba/0x450 do_group_exit+0x2d/0x90 __x64_sys_exit_group+0x14/0x20 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Obviously this is not the desired result. Move the testing for TPARG_FL_TPOINT which is only used for event probes to the top of the "$" variable check, as all the other variables are not used for event probes. Also add a check in the register parsing "%" to fail if an event probe is used.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00025, EPSS Percentile is 0.05089

debian: CVE-2022-50078 was patched at 2025-06-17

158. Memory Corruption - Linux Kernel (CVE-2022-50087) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50087 was patched at 2025-06-17

159. Memory Corruption - Linux Kernel (CVE-2022-50092) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports: BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80 Read of size 8 at addr ffff8881b9d50068 by task dmsetup/950 CPU: 7 PID: 950 Comm: dmsetup Tainted: G W 5.19.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_address_description.constprop.0.cold+0xeb/0x3f4 kasan_report.cold+0xe6/0x147 dm_pool_register_metadata_threshold+0x40/0x80 pool_ctr+0xa0a/0x1150 dm_table_add_target+0x2c8/0x640 table_load+0x1fd/0x430 ctl_ioctl+0x2c4/0x5a0 dm_ctl_ioctl+0xa/0x10 __x64_sys_ioctl+0xb3/0xd0 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 This can be easily reproduced using: echo offline > /sys/block/sda/device/state dd if=/dev/zero of=/dev/mapper/thin bs=4k count=10 dmsetup load pool --table "0 20971520 thin-pool /dev/sda /dev/sdb 128 0 0" If a metadata commit fails, the transaction will be aborted and the metadata space maps will be destroyed. If a DM table reload then happens for this failed thin-pool, a use-after-free will occur in dm_sm_register_threshold_callback (called from dm_pool_register_metadata_threshold). Fix this by in dm_pool_register_metadata_threshold() by returning the -EINVAL error if the thin-pool is in fail mode. Also fail pool_ctr() with a new error message: "Error registering metadata threshold".

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50092 was patched at 2025-06-17

160. Memory Corruption - Linux Kernel (CVE-2022-50134) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setup_base_ctxt() setup_base_ctxt() allocates a memory chunk for uctxt->groups with hfi1_alloc_ctxt_rcv_groups(). When init_user_ctxt() fails, uctxt->groups is not released, which will lead to a memory leak. We should release the uctxt->groups with hfi1_free_ctxt_rcv_groups() when init_user_ctxt() fails.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50134 was patched at 2025-06-17

161. Memory Corruption - Linux Kernel (CVE-2022-50140) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: memstick/ms_block: Fix a memory leak 'erased_blocks_bitmap' is never freed. As it is allocated at the same time as 'used_blocks_bitmap', it is likely that it should be freed also at the same time. Add the corresponding bitmap_free() in msb_data_clear().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50140 was patched at 2025-06-17

162. Memory Corruption - Linux Kernel (CVE-2022-50141) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. of_node_put() checks null pointer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50141 was patched at 2025-06-17

163. Memory Corruption - Linux Kernel (CVE-2022-50156) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: HID: cp2112: prevent a buffer overflow in cp2112_xfer() Smatch warnings: drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'data->block[1]' too small (33 vs 255) drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'buf' too small (64 vs 255) The 'read_length' variable is provided by 'data->block[0]' which comes from user and it(read_length) can take a value between 0-255. Add an upper bound to 'read_length' variable to prevent a buffer overflow in memcpy().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.0004, EPSS Percentile is 0.11205

debian: CVE-2022-50156 was patched at 2025-06-17

164. Memory Corruption - Linux Kernel (CVE-2022-50179) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The problem was in incorrect htc_handle->drv_priv initialization. Probable call trace which can trigger use-after-free: ath9k_htc_probe_device() /* htc_handle->drv_priv = priv; */ ath9k_htc_wait_for_target() <--- Failed ieee80211_free_hw() <--- priv pointer is freed <IRQ> ... ath9k_hif_usb_rx_cb() ath9k_hif_usb_rx_stream() RX_STAT_INC() <--- htc_handle->drv_priv access In order to not add fancy protection for drv_priv we can move htc_handle->drv_priv initialization at the end of the ath9k_htc_probe_device() and add helper macro to make all *_STAT_* macros NULL safe, since syzbot has reported related NULL deref in that macros [1]

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50179 was patched at 2025-06-17

165. Memory Corruption - Linux Kernel (CVE-2022-50185) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() The last case label can write two buffers 'mc_reg_address[j]' and 'mc_data[j]' with 'j' offset equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE since there are no checks for this value in both case labels after the last 'j++'. Instead of changing '>' to '>=' there, add the bounds check at the start of the second 'case' (the first one already has it). Also, remove redundant last checks for 'j' index bigger than array size. The expression is always false. Moreover, before or after the patch 'table->last' can be equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE and it seems it can be a valid value. Detected using the static analysis tool - Svace.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.0004, EPSS Percentile is 0.11205

debian: CVE-2022-50185 was patched at 2025-06-17

166. Memory Corruption - Linux Kernel (CVE-2022-50206) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insn_emulation sysctls emulation_proc_handler() changes table->data for proc_dointvec_minmax and can generate the following Oops if called concurrently with itself: | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 | Internal error: Oops: 96000006 [#1] SMP | Call trace: | update_insn_emulation_mode+0xc0/0x148 | emulation_proc_handler+0x64/0xb8 | proc_sys_call_handler+0x9c/0xf8 | proc_sys_write+0x18/0x20 | __vfs_write+0x20/0x48 | vfs_write+0xe4/0x1d0 | ksys_write+0x70/0xf8 | __arm64_sys_write+0x20/0x28 | el0_svc_common.constprop.0+0x7c/0x1c0 | el0_svc_handler+0x2c/0xa0 | el0_svc+0x8/0x200 To fix this issue, keep the table->data as &insn->current_mode and use container_of() to retrieve the insn pointer. Another mutex is used to protect against the current_mode update but not for retrieving insn_emulation as table->data is no longer changing.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50206 was patched at 2025-06-17

167. Memory Corruption - Linux Kernel (CVE-2022-50214) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: coresight: Clear the connection field properly coresight devices track their connections (output connections) and hold a reference to the fwnode. When a device goes away, we walk through the devices on the coresight bus and make sure that the references are dropped. This happens both ways: a) For all output connections from the device, drop the reference to the target device via coresight_release_platform_data() b) Iterate over all the devices on the coresight bus and drop the reference to fwnode if *this* device is the target of the output connection, via coresight_remove_conns()->coresight_remove_match(). However, the coresight_remove_match() doesn't clear the fwnode field, after dropping the reference, this causes use-after-free and additional refcount drops on the fwnode. e.g., if we have two devices, A and B, with a connection, A -> B. If we remove B first, B would clear the reference on B, from A via coresight_remove_match(). But when A is removed, it still has a connection with fwnode still pointing to B. Thus it tries to drops the reference in coresight_release_platform_data(), raising the bells like : [ 91.990153] ------------[ cut here ]------------ [ 91.990163] refcount_t: addition on 0; use-after-free. [ 91.990212] WARNING: CPU: 0 PID: 461 at lib/refcount.c:25 refcount_warn_saturate+0xa0/0x144 [ 91.990260] Modules linked in: coresight_funnel coresight_replicator coresight_etm4x(-) crct10dif_ce coresight ip_tables x_tables ipv6 [last unloaded: coresight_cpu_debug] [ 91.990398] CPU: 0 PID: 461 Comm: rmmod Tainted: G W T 5.19.0-rc2+ #53 [ 91.990418] Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform, BIOS EDK II Feb 1 2019 [ 91.990434] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 91.990454] pc : refcount_warn_saturate+0xa0/0x144 [ 91.990476] lr : refcount_warn_saturate+0xa0/0x144 [ 91.990496] sp : ffff80000c843640 [ 91.990509] x29: ffff80000c843640 x28: ffff800009957c28 x27: ffff80000c8439a8 [ 91.990560] x26: ffff00097eff1990 x25: ffff8000092b6ad8 x24: ffff00097eff19a8 [ 91.990610] x23: ffff80000c8439a8 x22: 0000000000000000 x21: ffff80000c8439c2 [ 91.990659] x20: 0000000000000000 x19: ffff00097eff1a10 x18: ffff80000ab99c40 [ 91.990708] x17: 0000000000000000 x16: 0000000000000000 x15: ffff80000abf6fa0 [ 91.990756] x14: 000000000000001d x13: 0a2e656572662d72 x12: 657466612d657375 [ 91.990805] x11: 203b30206e6f206e x10: 6f69746964646120 x9 : ffff8000081aba28 [ 91.990854] x8 : 206e6f206e6f6974 x7 : 69646461203a745f x6 : 746e756f63666572 [ 91.990903] x5 : ffff00097648ec58 x4 : 0000000000000000 x3 : 0000000000000027 [ 91.990952] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00080260ba00 [ 91.991000] Call trace: [ 91.991012] refcount_warn_saturate+0xa0/0x144 [ 91.991034] kobject_get+0xac/0xb0 [ 91.991055] of_node_get+0x2c/0x40 [ 91.991076] of_fwnode_get+0x40/0x60 [ 91.991094] fwnode_handle_get+0x3c/0x60 [ 91.991116] fwnode_get_nth_parent+0xf4/0x110 [ 91.991137] fwnode_full_name_string+0x48/0xc0 [ 91.991158] device_node_string+0x41c/0x530 [ 91.991178] pointer+0x320/0x3ec [ 91.991198] vsnprintf+0x23c/0x750 [ 91.991217] vprintk_store+0x104/0x4b0 [ 91.991238] vprintk_emit+0x8c/0x360 [ 91.991257] vprintk_default+0x44/0x50 [ 91.991276] vprintk+0xcc/0xf0 [ 91.991295] _printk+0x68/0x90 [ 91.991315] of_node_release+0x13c/0x14c [ 91.991334] kobject_put+0x98/0x114 [ 91.991354] of_node_put+0x24/0x34 [ 91.991372] of_fwnode_put+0x40/0x5c [ 91.991390] fwnode_handle_put+0x38/0x50 [ 91.991411] coresight_release_platform_data+0x74/0xb0 [coresight] [ 91.991472] coresight_unregister+0x64/0xcc [coresight] [ 91.991525] etm4_remove_dev+0x64/0x78 [coresight_etm4x] [ 91.991563] etm4_remove_amba+0x1c/0x2c [coresight_etm4x] [ 91.991598] amba_remove+0x3c/0x19c ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50214 was patched at 2025-06-17

168. Memory Corruption - Linux Kernel (CVE-2022-50220) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnet_deferred_kevent() to perform tasks which may sleep. On disconnect, completion of the work was originally awaited in ->ndo_stop(). But in 2003, that was moved to ->disconnect() by historic commit "[PATCH] USB: usbnet, prevent exotic rtnl deadlock": https://git.kernel.org/tglx/history/c/0f138bbfd83c The change was made because back then, the kernel's workqueue implementation did not allow waiting for a single work. One had to wait for completion of *all* work by calling flush_scheduled_work(), and that could deadlock when waiting for usbnet_deferred_kevent() with rtnl_mutex held in ->ndo_stop(). The commit solved one problem but created another: It causes a use-after-free in USB Ethernet drivers aqc111.c, asix_devices.c, ax88179_178a.c, ch9200.c and smsc75xx.c: * If the drivers receive a link change interrupt immediately before disconnect, they raise EVENT_LINK_RESET in their (non-sleepable) ->status() callback and schedule usbnet_deferred_kevent(). * usbnet_deferred_kevent() invokes the driver's ->link_reset() callback, which calls netif_carrier_{on,off}(). * That in turn schedules the work linkwatch_event(). Because usbnet_deferred_kevent() is awaited after unregister_netdev(), netif_carrier_{on,off}() may operate on an unregistered netdev and linkwatch_event() may run after free_netdev(), causing a use-after-free. In 2010, usbnet was changed to only wait for a single instance of usbnet_deferred_kevent() instead of *all* work by commit 23f333a2bfaf ("drivers/net: don't use flush_scheduled_work()"). Unfortunately the commit neglected to move the wait back to ->ndo_stop(). Rectify that omission at long last.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.12639

debian: CVE-2022-50220 was patched at 2025-06-17

169. Memory Corruption - Linux Kernel (CVE-2022-50229) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000: Fix a UAF bug on the error path of probing When the driver fails in snd_card_register() at probe time, it will free the 'bcd2k->midi_out_urb' before killing it, which may cause a UAF bug. The following log can reveal it: [ 50.727020] BUG: KASAN: use-after-free in bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000] [ 50.727623] Read of size 8 at addr ffff88810fab0e88 by task swapper/4/0 [ 50.729530] Call Trace: [ 50.732899] bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000] Fix this by adding usb_kill_urb() before usb_free_urb().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.12639

debian: CVE-2022-50229 was patched at 2025-06-17

170. Memory Corruption - Linux Kernel (CVE-2025-37943) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields in the header within the ath12k_dp_rx_h_undecap_nwifi function for DP_RX_DECAP_TYPE_NATIVE_WIFI decap type and potentially resulting in invalid data access and memory corruption. Add a sanity check before processing the SKB to prevent invalid data access in the undecap native Wi-Fi function for the DP_RX_DECAP_TYPE_NATIVE_WIFI decap type. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00026, EPSS Percentile is 0.0531

almalinux: CVE-2025-37943 was patched at 2025-06-09

oraclelinux: CVE-2025-37943 was patched at 2025-06-10

redhat: CVE-2025-37943 was patched at 2025-06-09, 2025-06-16

ubuntu: CVE-2025-37943 was patched at 2025-06-24

171. Memory Corruption - Linux Kernel (CVE-2025-37992) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only the main skb queue was trimmed, potentially leaving packets in the gso_skb list. This could result in NULL pointer dereference when we only check sch->limit against sch->q.qlen. This patch introduces a new helper, qdisc_dequeue_internal(), which ensures both the gso_skb list and the main queue are properly flushed when trimming excess packets. All relevant qdiscs (codel, fq, fq_codel, fq_pie, hhf, pie) are updated to use this helper in their ->change() routines.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00035, EPSS Percentile is 0.08594

debian: CVE-2025-37992 was patched at 2025-06-17

172. Memory Corruption - Linux Kernel (CVE-2025-37994) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_work workqueue to finish executing before proceeding with the partner removal.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-37994 was patched at 2025-06-17

173. Memory Corruption - Linux Kernel (CVE-2025-37997) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-37997 was patched at 2025-06-17

174. Memory Corruption - Linux Kernel (CVE-2025-38000) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before incrementing sch->q.qlen and sch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may trigger an immediate dequeue and potential packet drop. In such cases, qdisc_tree_reduce_backlog() is called, but the HFSC qdisc's qlen and backlog have not yet been updated, leading to inconsistent queue accounting. This can leave an empty HFSC class in the active list, causing further consequences like use-after-free. This patch fixes the bug by moving the increment of sch->q.qlen and sch->qstats.backlog before the call to the child qdisc's peek() operation. This ensures that queue length and backlog are always accurate when packet drops or dequeues are triggered during the peek.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38000 was patched at 2025-06-17

175. Memory Corruption - Linux Kernel (CVE-2025-38004) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the 'currframe' counter is then set to zero. Although this appeared to be a safe operation the updates of 'currframe' can be triggered from user space and hrtimer context in bcm_can_tx(). Anderson Nascimento created a proof of concept that triggered a KASAN slab-out-of-bounds read access which can be prevented with a spin_lock_bh. At the rework of bcm_can_tx() the 'count' variable has been moved into the protected section as this variable can be modified from both contexts too.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38004 was patched at 2025-06-17

176. Memory Corruption - Linux Kernel (CVE-2025-38023) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: nfs: handle failure of nfs_get_lock_context in unlock path When memory is insufficient, the allocation of nfs_lock_context in nfs_get_lock_context() fails and returns -ENOMEM. If we mistakenly treat an nfs4_unlockdata structure (whose l_ctx member has been set to -ENOMEM) as valid and proceed to execute rpc_run_task(), this will trigger a NULL pointer dereference in nfs4_locku_prepare. For example: BUG: kernel NULL pointer dereference, address: 000000000000000c PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI CPU: 15 UID: 0 PID: 12 Comm: kworker/u64:0 Not tainted 6.15.0-rc2-dirty #60 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 Workqueue: rpciod rpc_async_schedule RIP: 0010:nfs4_locku_prepare+0x35/0xc2 Code: 89 f2 48 89 fd 48 c7 c7 68 69 ef b5 53 48 8b 8e 90 00 00 00 48 89 f3 RSP: 0018:ffffbbafc006bdb8 EFLAGS: 00010246 RAX: 000000000000004b RBX: ffff9b964fc1fa00 RCX: 0000000000000000 RDX: 0000000000000000 RSI: fffffffffffffff4 RDI: ffff9ba53fddbf40 RBP: ffff9ba539934000 R08: 0000000000000000 R09: ffffbbafc006bc38 R10: ffffffffb6b689c8 R11: 0000000000000003 R12: ffff9ba539934030 R13: 0000000000000001 R14: 0000000004248060 R15: ffffffffb56d1c30 FS: 0000000000000000(0000) GS:ffff9ba5881f0000(0000) knlGS:00000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000000c CR3: 000000093f244000 CR4: 00000000000006f0 Call Trace: <TASK> __rpc_execute+0xbc/0x480 rpc_async_schedule+0x2f/0x40 process_one_work+0x232/0x5d0 worker_thread+0x1da/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0x10d/0x240 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: CR2: 000000000000000c ---[ end trace 0000000000000000 ]--- Free the allocated nfs4_unlockdata when nfs_get_lock_context() fails and return NULL to terminate subsequent rpc_run_task, preventing NULL pointer dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38023 was patched at 2025-06-17

177. Memory Corruption - Linux Kernel (CVE-2025-38024) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xcf/0x610 mm/kasan/report.c:489 kasan_report+0xb5/0xe0 mm/kasan/report.c:602 rxe_queue_cleanup+0xd0/0xe0 drivers/infiniband/sw/rxe/rxe_queue.c:195 rxe_cq_cleanup+0x3f/0x50 drivers/infiniband/sw/rxe/rxe_cq.c:132 __rxe_cleanup+0x168/0x300 drivers/infiniband/sw/rxe/rxe_pool.c:232 rxe_create_cq+0x22e/0x3a0 drivers/infiniband/sw/rxe/rxe_verbs.c:1109 create_cq+0x658/0xb90 drivers/infiniband/core/uverbs_cmd.c:1052 ib_uverbs_create_cq+0xc7/0x120 drivers/infiniband/core/uverbs_cmd.c:1095 ib_uverbs_write+0x969/0xc90 drivers/infiniband/core/uverbs_main.c:679 vfs_write fs/read_write.c:677 [inline] vfs_write+0x26a/0xcc0 fs/read_write.c:659 ksys_write+0x1b8/0x200 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f In the function rxe_create_cq, when rxe_cq_from_init fails, the function rxe_cleanup will be called to handle the allocated resources. In fact, some memory resources have already been freed in the function rxe_cq_from_init. Thus, this problem will occur. The solution is to let rxe_cleanup do all the work.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38024 was patched at 2025-06-17

178. Memory Corruption - Linux Kernel (CVE-2025-38034) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref btrfs_prelim_ref() calls the old and new reference variables in the incorrect order. This causes a NULL pointer dereference because oldref is passed as NULL to trace_btrfs_prelim_ref_insert(). Note, trace_btrfs_prelim_ref_insert() is being called with newref as oldref (and oldref as NULL) on purpose in order to print out the values of newref. To reproduce: echo 1 > /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable Perform some writeback operations. Backtrace: BUG: kernel NULL pointer dereference, address: 0000000000000018 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 115949067 P4D 115949067 PUD 11594a067 PMD 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014 RIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130 Code: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 <49> 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88 RSP: 0018:ffffce44820077a0 EFLAGS: 00010286 RAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b RDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010 R10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000 R13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540 FS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> prelim_ref_insert+0x1c1/0x270 find_parent_nodes+0x12a6/0x1ee0 ? __entry_text_end+0x101f06/0x101f09 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 btrfs_is_data_extent_shared+0x167/0x640 ? fiemap_process_hole+0xd0/0x2c0 extent_fiemap+0xa5c/0xbc0 ? __entry_text_end+0x101f05/0x101f09 btrfs_fiemap+0x7e/0xd0 do_vfs_ioctl+0x425/0x9d0 __x64_sys_ioctl+0x75/0xc0

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38034 was patched at 2025-06-17

179. Memory Corruption - Linux Kernel (CVE-2025-38035) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: don't restore null sk_state_change queue->state_change is set as part of nvmet_tcp_set_queue_sock(), but if the TCP connection isn't established when nvmet_tcp_set_queue_sock() is called then queue->state_change isn't set and sock->sk->sk_state_change isn't replaced. As such we don't need to restore sock->sk->sk_state_change if queue->state_change is NULL. This avoids NULL pointer dereferences such as this: [ 286.462026][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 286.462814][ C0] #PF: supervisor instruction fetch in kernel mode [ 286.463796][ C0] #PF: error_code(0x0010) - not-present page [ 286.464392][ C0] PGD 8000000140620067 P4D 8000000140620067 PUD 114201067 PMD 0 [ 286.465086][ C0] Oops: Oops: 0010 [#1] SMP KASAN PTI [ 286.465559][ C0] CPU: 0 UID: 0 PID: 1628 Comm: nvme Not tainted 6.15.0-rc2+ #11 PREEMPT(voluntary) [ 286.466393][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 [ 286.467147][ C0] RIP: 0010:0x0 [ 286.467420][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 286.467977][ C0] RSP: 0018:ffff8883ae008580 EFLAGS: 00010246 [ 286.468425][ C0] RAX: 0000000000000000 RBX: ffff88813fd34100 RCX: ffffffffa386cc43 [ 286.469019][ C0] RDX: 1ffff11027fa68b6 RSI: 0000000000000008 RDI: ffff88813fd34100 [ 286.469545][ C0] RBP: ffff88813fd34160 R08: 0000000000000000 R09: ffffed1027fa682c [ 286.470072][ C0] R10: ffff88813fd34167 R11: 0000000000000000 R12: ffff88813fd344c3 [ 286.470585][ C0] R13: ffff88813fd34112 R14: ffff88813fd34aec R15: ffff888132cdd268 [ 286.471070][ C0] FS: 00007fe3c04c7d80(0000) GS:ffff88840743f000(0000) knlGS:0000000000000000 [ 286.471644][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.472543][ C0] CR2: ffffffffffffffd6 CR3: 000000012daca000 CR4: 00000000000006f0 [ 286.473500][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 286.474467][ C0] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400 [ 286.475453][ C0] Call Trace: [ 286.476102][ C0] <IRQ> [ 286.476719][ C0] tcp_fin+0x2bb/0x440 [ 286.477429][ C0] tcp_data_queue+0x190f/0x4e60 [ 286.478174][ C0] ? __build_skb_around+0x234/0x330 [ 286.478940][ C0] ? rcu_is_watching+0x11/0xb0 [ 286.479659][ C0] ? __pfx_tcp_data_queue+0x10/0x10 [ 286.480431][ C0] ? tcp_try_undo_loss+0x640/0x6c0 [ 286.481196][ C0] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90 [ 286.482046][ C0] ? kvm_clock_get_cycles+0x14/0x30 [ 286.482769][ C0] ? ktime_get+0x66/0x150 [ 286.483433][ C0] ? rcu_is_watching+0x11/0xb0 [ 286.484146][ C0] tcp_rcv_established+0x6e4/0x2050 [ 286.484857][ C0] ? rcu_is_watching+0x11/0xb0 [ 286.485523][ C0] ? ipv4_dst_check+0x160/0x2b0 [ 286.486203][ C0] ? __pfx_tcp_rcv_established+0x10/0x10 [ 286.486917][ C0] ? lock_release+0x217/0x2c0 [ 286.487595][ C0] tcp_v4_do_rcv+0x4d6/0x9b0 [ 286.488279][ C0] tcp_v4_rcv+0x2af8/0x3e30 [ 286.488904][ C0] ? raw_local_deliver+0x51b/0xad0 [ 286.489551][ C0] ? rcu_is_watching+0x11/0xb0 [ 286.490198][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 286.490813][ C0] ? __pfx_raw_local_deliver+0x10/0x10 [ 286.491487][ C0] ? __pfx_nf_confirm+0x10/0x10 [nf_conntrack] [ 286.492275][ C0] ? rcu_is_watching+0x11/0xb0 [ 286.492900][ C0] ip_protocol_deliver_rcu+0x8f/0x370 [ 286.493579][ C0] ip_local_deliver_finish+0x297/0x420 [ 286.494268][ C0] ip_local_deliver+0x168/0x430 [ 286.494867][ C0] ? __pfx_ip_local_deliver+0x10/0x10 [ 286.495498][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 286.496204][ C0] ? ip_rcv_finish_core+0x19a/0x1f20 [ 286.496806][ C0] ? lock_release+0x217/0x2c0 [ 286.497414][ C0] ip_rcv+0x455/0x6e0 [ 286.497945][ C0] ? __pfx_ip_rcv+0x10/0x10 [ ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38035 was patched at 2025-06-17

180. Memory Corruption - Linux Kernel (CVE-2025-38048) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN syzbot reports a data-race when accessing the event_triggered, here is the simplified stack when the issue occurred: ================================================================== BUG: KCSAN: data-race in virtqueue_disable_cb / virtqueue_enable_cb_delayed write to 0xffff8881025bc452 of 1 bytes by task 3288 on cpu 0: virtqueue_enable_cb_delayed+0x42/0x3c0 drivers/virtio/virtio_ring.c:2653 start_xmit+0x230/0x1310 drivers/net/virtio_net.c:3264 __netdev_start_xmit include/linux/netdevice.h:5151 [inline] netdev_start_xmit include/linux/netdevice.h:5160 [inline] xmit_one net/core/dev.c:3800 [inline] read to 0xffff8881025bc452 of 1 bytes by interrupt on cpu 1: virtqueue_disable_cb_split drivers/virtio/virtio_ring.c:880 [inline] virtqueue_disable_cb+0x92/0x180 drivers/virtio/virtio_ring.c:2566 skb_xmit_done+0x5f/0x140 drivers/net/virtio_net.c:777 vring_interrupt+0x161/0x190 drivers/virtio/virtio_ring.c:2715 __handle_irq_event_percpu+0x95/0x490 kernel/irq/handle.c:158 handle_irq_event_percpu kernel/irq/handle.c:193 [inline] value changed: 0x01 -> 0x00 ================================================================== When the data race occurs, the function virtqueue_enable_cb_delayed() sets event_triggered to false, and virtqueue_disable_cb_split/packed() reads it as false due to the race condition. Since event_triggered is an unreliable hint used for optimization, this should only cause the driver temporarily suggest that the device not send an interrupt notification when the event index is used. Fix this KCSAN reported data-race issue by explicitly tagging the access as data_racy.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38048 was patched at 2025-06-17

181. Memory Corruption - Linux Kernel (CVE-2025-38051) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free in cifs_fill_dirent There is a race condition in the readdir concurrency process, which may access the rsp buffer after it has been released, triggering the following KASAN warning. ================================================================== BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs] Read of size 4 at addr ffff8880099b819c by task a.out/342975 CPU: 2 UID: 0 PID: 342975 Comm: a.out Not tainted 6.15.0-rc6+ #240 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x53/0x70 print_report+0xce/0x640 kasan_report+0xb8/0xf0 cifs_fill_dirent+0xb03/0xb60 [cifs] cifs_readdir+0x12cb/0x3190 [cifs] iterate_dir+0x1a1/0x520 __x64_sys_getdents+0x134/0x220 do_syscall_64+0x4b/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f996f64b9f9 Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0d f7 c3 0c 00 f7 d8 64 89 8 RSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88 R13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000 </TASK> Allocated by task 408: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x6e/0x70 kmem_cache_alloc_noprof+0x117/0x3d0 mempool_alloc_noprof+0xf2/0x2c0 cifs_buf_get+0x36/0x80 [cifs] allocate_buffers+0x1d2/0x330 [cifs] cifs_demultiplex_thread+0x22b/0x2690 [cifs] kthread+0x394/0x720 ret_from_fork+0x34/0x70 ret_from_fork_asm+0x1a/0x30 Freed by task 342979: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x37/0x50 kmem_cache_free+0x2b8/0x500 cifs_buf_release+0x3c/0x70 [cifs] cifs_readdir+0x1c97/0x3190 [cifs] iterate_dir+0x1a1/0x520 __x64_sys_getdents64+0x134/0x220 do_syscall_64+0x4b/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e The buggy address belongs to the object at ffff8880099b8000 which belongs to the cache cifs_request of size 16588 The buggy address is located 412 bytes inside of freed 16588-byte region [ffff8880099b8000, ffff8880099bc0cc) The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8 head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 anon flags: 0x80000000000040(head|node=0|zone=1) page_type: f5(slab) raw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001 raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000 head: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001 head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000 head: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== POC is available in the link [1]. The problem triggering process is as follows: Process 1 Process 2 ----------------------------------- ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38051 was patched at 2025-06-17

182. Memory Corruption - Linux Kernel (CVE-2025-38052) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840 Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25 Call Trace: kasan_report+0xd9/0x110 mm/kasan/report.c:601 tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840 crypto_request_complete include/crypto/algapi.h:266 aead_request_complete include/crypto/internal/aead.h:85 cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772 crypto_request_complete include/crypto/algapi.h:266 cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231 Allocated by task 8355: kzalloc_noprof include/linux/slab.h:778 tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466 tipc_init_net+0x2dd/0x430 net/tipc/core.c:72 ops_init+0xb9/0x650 net/core/net_namespace.c:139 setup_net+0x435/0xb40 net/core/net_namespace.c:343 copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508 create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228 ksys_unshare+0x419/0x970 kernel/fork.c:3323 __do_sys_unshare kernel/fork.c:3394 Freed by task 63: kfree+0x12a/0x3b0 mm/slub.c:4557 tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539 tipc_exit_net+0x8c/0x110 net/tipc/core.c:119 ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173 cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231 After freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done may still visit it in cryptd_queue_worker workqueue. I reproduce this issue by: ip netns add ns1 ip link add veth1 type veth peer name veth2 ip link set veth1 netns ns1 ip netns exec ns1 tipc bearer enable media eth dev veth1 ip netns exec ns1 tipc node set key this_is_a_master_key master ip netns exec ns1 tipc bearer disable media eth dev veth1 ip netns del ns1 The key of reproduction is that, simd_aead_encrypt is interrupted, leading to crypto_simd_usable() return false. Thus, the cryptd_queue_worker is triggered, and the tipc_crypto tx will be visited. tipc_disc_timeout tipc_bearer_xmit_skb tipc_crypto_xmit tipc_aead_encrypt crypto_aead_encrypt // encrypt() simd_aead_encrypt // crypto_simd_usable() is false child = &ctx->cryptd_tfm->base; simd_aead_encrypt crypto_aead_encrypt // encrypt() cryptd_aead_encrypt_enqueue cryptd_aead_enqueue cryptd_enqueue_request // trigger cryptd_queue_worker queue_work_on(smp_processor_id(), cryptd_wq, &cpu_queue->work) Fix this by holding net reference count before encrypt.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38052 was patched at 2025-06-17

183. Memory Corruption - Linux Kernel (CVE-2025-38075) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with such logs: Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d BUG: Kernel NULL pointer dereference on read at 0x00000000 NIP strlcpy+0x8/0xb0 LR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod] Call Trace: iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod] call_timer_fn+0x58/0x1f0 run_timer_softirq+0x740/0x860 __do_softirq+0x16c/0x420 irq_exit+0x188/0x1c0 timer_interrupt+0x184/0x410 That is because nopin response timer may be re-started on nopin timer expiration. Stop nopin timer before stopping the nopin response timer to be sure that no one of them will be re-started.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38075 was patched at 2025-06-17

184. Memory Corruption - Linux Kernel (CVE-2025-38077) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array element with index 'length - 1' will result in a buffer overflow. Add a check for an empty string. Found by Linux Verification Center (linuxtesting.org) with SVACE.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.0004, EPSS Percentile is 0.11205

debian: CVE-2025-38077 was patched at 2025-06-17

185. Memory Corruption - Linux Kernel (CVE-2025-38079) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38079 was patched at 2025-06-17

186. Memory Corruption - Linux Kernel (CVE-2025-38083) - Medium [251]

Description: In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38083 was patched at 2025-06-17

187. Unknown Vulnerability Type - Windows Kernel (CVE-2025-5986) - Medium [245]

Description: {'nvd_cve_data_all': 'A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.11.1 and Thunderbird < 139.0.2.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.11.1 and Thunderbird < 139.0.2.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00041, EPSS Percentile is 0.11585

debian: CVE-2025-5986 was patched at 2025-06-17

188. Unknown Vulnerability Type - Perl (CVE-2025-40912) - Medium [242]

Description: {'nvd_cve_data_all': 'CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode.\n\nCryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00056, EPSS Percentile is 0.17585

debian: CVE-2025-40912 was patched at 2025-06-17

189. Arbitrary File Writing - Unknown Product (CVE-2025-32802) - Medium [241]

Description: {'nvd_cve_data_all': 'Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths.\nThis issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to NVD data source
EPSS Percentile0.010EPSS Probability is 5e-05, EPSS Percentile is 0.00221

debian: CVE-2025-32802 was patched at 2025-06-17

190. Denial of Service - GitHub (CVE-2025-6493) - Medium [241]

Description: A vulnerability was found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.214GitHub, Inc. is an Internet hosting service for software development and version control using Git
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00051, EPSS Percentile is 0.15928

debian: CVE-2025-6493 was patched at 2025-06-17

191. Memory Corruption - Linux Kernel (CVE-2022-49940) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() A null pointer dereference can happen when attempting to access the "gsm->receive()" function in gsmld_receive_buf(). Currently, the code assumes that gsm->recieve is only called after MUX activation. Since the gsmld_receive_buf() function can be accessed without the need to initialize the MUX, the gsm->receive() function will not be set and a NULL pointer dereference will occur. Fix this by avoiding the call to "gsm->receive()" in case the function is not initialized by adding a sanity check. Call Trace: <TASK> gsmld_receive_buf+0x1c2/0x2f0 drivers/tty/n_gsm.c:2861 tiocsti drivers/tty/tty_io.c:2293 [inline] tty_ioctl+0xa75/0x15d0 drivers/tty/tty_io.c:2692 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-49940 was patched at 2025-06-17

192. Memory Corruption - Linux Kernel (CVE-2022-49949) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix memory leak in firmware upload In the case of firmware-upload, an instance of struct fw_upload is allocated in firmware_upload_register(). This data needs to be freed in fw_dev_release(). Create a new fw_upload_free() function in sysfs_upload.c to handle the firmware-upload specific memory frees and incorporate the missing kfree call for the fw_upload structure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49949 was patched at 2025-06-17

193. Memory Corruption - Linux Kernel (CVE-2022-49950) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on open The probe session-duplication overflow check incremented the session count also when there were no more available sessions so that memory beyond the fixed-size slab-allocated session array could be corrupted in fastrpc_session_alloc() on open().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-49950 was patched at 2025-06-17

194. Memory Corruption - Linux Kernel (CVE-2022-49951) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix use-after-free during unregister In the following code within firmware_upload_unregister(), the call to device_unregister() could result in the dev_release function freeing the fw_upload_priv structure before it is dereferenced for the call to module_put(). This bug was found by the kernel test robot using CONFIG_KASAN while running the firmware selftests. device_unregister(&fw_sysfs->dev); module_put(fw_upload_priv->module); The problem is fixed by copying fw_upload_priv->module to a local variable for use when calling device_unregister().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49951 was patched at 2025-06-17

195. Memory Corruption - Linux Kernel (CVE-2022-49952) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on probe Add the missing sanity check on the probed-session count to avoid corrupting memory beyond the fixed-size slab-allocated session array when there are more than FASTRPC_MAX_SESSIONS sessions defined in the devicetree.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-49952 was patched at 2025-06-17

196. Memory Corruption - Linux Kernel (CVE-2022-49959) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix memory leak at failed datapath creation ovs_dp_cmd_new()->ovs_dp_change()->ovs_dp_set_upcall_portids() allocates array via kmalloc. If for some reason new_vport() fails during ovs_dp_cmd_new() dp->upcall_portids must be freed. Add missing kfree. Kmemleak example: unreferenced object 0xffff88800c382500 (size 64): comm "dump_state", pid 323, jiffies 4294955418 (age 104.347s) hex dump (first 32 bytes): 5e c2 79 e4 1f 7a 38 c7 09 21 38 0c 80 88 ff ff ^.y..z8..!8..... 03 00 00 00 0a 00 00 00 14 00 00 00 28 00 00 00 ............(... backtrace: [<0000000071bebc9f>] ovs_dp_set_upcall_portids+0x38/0xa0 [<000000000187d8bd>] ovs_dp_change+0x63/0xe0 [<000000002397e446>] ovs_dp_cmd_new+0x1f0/0x380 [<00000000aa06f36e>] genl_family_rcv_msg_doit+0xea/0x150 [<000000008f583bc4>] genl_rcv_msg+0xdc/0x1e0 [<00000000fa10e377>] netlink_rcv_skb+0x50/0x100 [<000000004959cece>] genl_rcv+0x24/0x40 [<000000004699ac7f>] netlink_unicast+0x23e/0x360 [<00000000c153573e>] netlink_sendmsg+0x24e/0x4b0 [<000000006f4aa380>] sock_sendmsg+0x62/0x70 [<00000000d0068654>] ____sys_sendmsg+0x230/0x270 [<0000000012dacf7d>] ___sys_sendmsg+0x88/0xd0 [<0000000011776020>] __sys_sendmsg+0x59/0xa0 [<000000002e8f2dc1>] do_syscall_64+0x3b/0x90 [<000000003243e7cb>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-49959 was patched at 2025-06-17

197. Memory Corruption - Linux Kernel (CVE-2022-49960) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix null pointer dereference Asus chromebook CX550 crashes during boot on v5.17-rc1 kernel. The root cause is null pointer defeference of bi_next in tgl_get_bw_info() in drivers/gpu/drm/i915/display/intel_bw.c. BUG: kernel NULL pointer dereference, address: 000000000000002e PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 1 Comm: swapper/0 Tainted: G U 5.17.0-rc1 Hardware name: Google Delbin/Delbin, BIOS Google_Delbin.13672.156.3 05/14/2021 RIP: 0010:tgl_get_bw_info+0x2de/0x510 ... [ 2.554467] Call Trace: [ 2.554467] <TASK> [ 2.554467] intel_bw_init_hw+0x14a/0x434 [ 2.554467] ? _printk+0x59/0x73 [ 2.554467] ? _dev_err+0x77/0x91 [ 2.554467] i915_driver_hw_probe+0x329/0x33e [ 2.554467] i915_driver_probe+0x4c8/0x638 [ 2.554467] i915_pci_probe+0xf8/0x14e [ 2.554467] ? _raw_spin_unlock_irqrestore+0x12/0x2c [ 2.554467] pci_device_probe+0xaa/0x142 [ 2.554467] really_probe+0x13f/0x2f4 [ 2.554467] __driver_probe_device+0x9e/0xd3 [ 2.554467] driver_probe_device+0x24/0x7c [ 2.554467] __driver_attach+0xba/0xcf [ 2.554467] ? driver_attach+0x1f/0x1f [ 2.554467] bus_for_each_dev+0x8c/0xc0 [ 2.554467] bus_add_driver+0x11b/0x1f7 [ 2.554467] driver_register+0x60/0xea [ 2.554467] ? mipi_dsi_bus_init+0x16/0x16 [ 2.554467] i915_init+0x2c/0xb9 [ 2.554467] ? mipi_dsi_bus_init+0x16/0x16 [ 2.554467] do_one_initcall+0x12e/0x2b3 [ 2.554467] do_initcall_level+0xd6/0xf3 [ 2.554467] do_initcalls+0x4e/0x79 [ 2.554467] kernel_init_freeable+0xed/0x14d [ 2.554467] ? rest_init+0xc1/0xc1 [ 2.554467] kernel_init+0x1a/0x120 [ 2.554467] ret_from_fork+0x1f/0x30 [ 2.554467] </TASK> ... Kernel panic - not syncing: Fatal exception (cherry picked from commit c247cd03898c4c43c3bce6d4014730403bc13032)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49960 was patched at 2025-06-17

198. Memory Corruption - Linux Kernel (CVE-2022-49962) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference in remove if xHC has only one roothub The remove path in xhci platform driver tries to remove and put both main and shared hcds even if only a main hcd exists (one roothub) This causes a null pointer dereference in reboot for those controllers. Check that the shared_hcd exists before trying to remove it.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49962 was patched at 2025-06-17

199. Memory Corruption - Linux Kernel (CVE-2022-49965) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics Without these, potential memory leak may be induced.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49965 was patched at 2025-06-17

200. Memory Corruption - Linux Kernel (CVE-2022-49966) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid To avoid any potential memory leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-49966 was patched at 2025-06-17

201. Memory Corruption - Linux Kernel (CVE-2022-49971) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix a potential gpu_metrics_table memory leak Memory is allocated for gpu_metrics_table in smu_v13_0_4_init_smc_tables(), but not freed in smu_v13_0_4_fini_smc_tables(). This may cause memory leaks, fix it.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49971 was patched at 2025-06-17

202. Memory Corruption - Linux Kernel (CVE-2022-49973) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: skmsg: Fix wrong last sg check in sk_msg_recvmsg() Fix one kernel NULL pointer dereference as below: [ 224.462334] Call Trace: [ 224.462394] __tcp_bpf_recvmsg+0xd3/0x380 [ 224.462441] ? sock_has_perm+0x78/0xa0 [ 224.462463] tcp_bpf_recvmsg+0x12e/0x220 [ 224.462494] inet_recvmsg+0x5b/0xd0 [ 224.462534] __sys_recvfrom+0xc8/0x130 [ 224.462574] ? syscall_trace_enter+0x1df/0x2e0 [ 224.462606] ? __do_page_fault+0x2de/0x500 [ 224.462635] __x64_sys_recvfrom+0x24/0x30 [ 224.462660] do_syscall_64+0x5d/0x1d0 [ 224.462709] entry_SYSCALL_64_after_hwframe+0x65/0xca In commit 9974d37ea75f ("skmsg: Fix invalid last sg check in sk_msg_recvmsg()"), we change last sg check to sg_is_last(), but in sockmap redirection case (without stream_parser/stream_verdict/ skb_verdict), we did not mark the end of the scatterlist. Check the sk_msg_alloc, sk_msg_page_add, and bpf_msg_push_data functions, they all do not mark the end of sg. They are expected to use sg.end for end judgment. So the judgment of '(i != msg_rx->sg.end)' is added back here.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-49973 was patched at 2025-06-17

203. Memory Corruption - Linux Kernel (CVE-2022-49974) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: fix rumble worker null pointer deref We can dereference a null pointer trying to queue work to a destroyed workqueue. If the device is disconnected, nintendo_hid_remove is called, in which the rumble_queue is destroyed. Avoid using that queue to defer rumble work once the controller state is set to JOYCON_CTLR_STATE_REMOVED. This eliminates the null pointer dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49974 was patched at 2025-06-17

204. Memory Corruption - Linux Kernel (CVE-2022-49980) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free Read in usb_udc_uevent() The syzbot fuzzer found a race between uevent callbacks and gadget driver unregistration that can cause a use-after-free bug: --------------------------------------------------------------- BUG: KASAN: use-after-free in usb_udc_uevent+0x11f/0x130 drivers/usb/gadget/udc/core.c:1732 Read of size 8 at addr ffff888078ce2050 by task udevd/2968 CPU: 1 PID: 2968 Comm: udevd Not tainted 5.19.0-rc4-next-20220628-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:317 [inline] print_report.cold+0x2ba/0x719 mm/kasan/report.c:433 kasan_report+0xbe/0x1f0 mm/kasan/report.c:495 usb_udc_uevent+0x11f/0x130 drivers/usb/gadget/udc/core.c:1732 dev_uevent+0x290/0x770 drivers/base/core.c:2424 --------------------------------------------------------------- The bug occurs because usb_udc_uevent() dereferences udc->driver but does so without acquiring the udc_lock mutex, which protects this field. If the gadget driver is unbound from the udc concurrently with uevent processing, the driver structure may be accessed after it has been deallocated. To prevent the race, we make sure that the routine holds the mutex around the racing accesses.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49980 was patched at 2025-06-17

205. Memory Corruption - Linux Kernel (CVE-2022-49994) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem The vmemmap pages is marked by kmemleak when allocated from memblock. Remove it from kmemleak when freeing the page. Otherwise, when we reuse the page, kmemleak may report such an error and then stop working. kmemleak: Cannot insert 0xffff98fb6eab3d40 into the object search tree (overlaps existing) kmemleak: Kernel memory leak detector disabled kmemleak: Object 0xffff98fb6be00000 (size 335544320): kmemleak: comm "swapper", pid 0, jiffies 4294892296 kmemleak: min_count = 0 kmemleak: count = 0 kmemleak: flags = 0x1 kmemleak: checksum = 0 kmemleak: backtrace:

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-49994 was patched at 2025-06-17

206. Memory Corruption - Linux Kernel (CVE-2022-49995) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: writeback: avoid use-after-free after removing device When a disk is removed, bdi_unregister gets called to stop further writeback and wait for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation dwork after this has completed, which can result in the timer attempting to access the just freed bdi_writeback. Fix this by checking if the bdi_writeback is alive, similar to when scheduling writeback work. Since this requires wb->work_lock, and wb_inode_writeback_end() may get called from interrupt, switch wb->work_lock to an irqsafe lock.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-49995 was patched at 2025-06-17

207. Memory Corruption - Linux Kernel (CVE-2022-49996) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix possible memory leak in btrfs_get_dev_args_from_path() In btrfs_get_dev_args_from_path(), btrfs_get_bdev_and_sb() can fail if the path is invalid. In this case, btrfs_get_dev_args_from_path() returns directly without freeing args->uuid and args->fsid allocated before, which causes memory leak. To fix these possible leaks, when btrfs_get_bdev_and_sb() fails, btrfs_put_dev_args_from_path() is called to clean up the memory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-49996 was patched at 2025-06-17

208. Memory Corruption - Linux Kernel (CVE-2022-50000) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following sequence normally happens in order: 1) gc_step work is stopped to disable any further stats/del requests. 2) All flow table entries are set to teardown state. 3) Run gc_step which will queue HW del work for each flow table entry. 4) Waiting for the above del work to finish (flush). 5) Run gc_step again, deleting all entries from the flow table. 6) Flow table is freed. But if a flow table entry already has pending HW stats or HW add work step 3 will not queue HW del work (it will be skipped), step 4 will wait for the pending add/stats to finish, and step 5 will queue HW del work which might execute after freeing of the flow table. To fix the above, this patch flushes the pending work, then it sets the teardown flag to all flows in the flowtable and it forces a garbage collector run to queue work to remove the flows from hardware, then it flushes this new pending work and (finally) it forces another garbage collector run to remove the entry from the software flowtable. Stack trace: [47773.882335] BUG: KASAN: use-after-free in down_read+0x99/0x460 [47773.883634] Write of size 8 at addr ffff888103b45aa8 by task kworker/u20:6/543704 [47773.885634] CPU: 3 PID: 543704 Comm: kworker/u20:6 Not tainted 5.12.0-rc7+ #2 [47773.886745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) [47773.888438] Workqueue: nf_ft_offload_del flow_offload_work_handler [nf_flow_table] [47773.889727] Call Trace: [47773.890214] dump_stack+0xbb/0x107 [47773.890818] print_address_description.constprop.0+0x18/0x140 [47773.892990] kasan_report.cold+0x7c/0xd8 [47773.894459] kasan_check_range+0x145/0x1a0 [47773.895174] down_read+0x99/0x460 [47773.899706] nf_flow_offload_tuple+0x24f/0x3c0 [nf_flow_table] [47773.907137] flow_offload_work_handler+0x72d/0xbe0 [nf_flow_table] [47773.913372] process_one_work+0x8ac/0x14e0 [47773.921325] [47773.921325] Allocated by task 592159: [47773.922031] kasan_save_stack+0x1b/0x40 [47773.922730] __kasan_kmalloc+0x7a/0x90 [47773.923411] tcf_ct_flow_table_get+0x3cb/0x1230 [act_ct] [47773.924363] tcf_ct_init+0x71c/0x1156 [act_ct] [47773.925207] tcf_action_init_1+0x45b/0x700 [47773.925987] tcf_action_init+0x453/0x6b0 [47773.926692] tcf_exts_validate+0x3d0/0x600 [47773.927419] fl_change+0x757/0x4a51 [cls_flower] [47773.928227] tc_new_tfilter+0x89a/0x2070 [47773.936652] [47773.936652] Freed by task 543704: [47773.937303] kasan_save_stack+0x1b/0x40 [47773.938039] kasan_set_track+0x1c/0x30 [47773.938731] kasan_set_free_info+0x20/0x30 [47773.939467] __kasan_slab_free+0xe7/0x120 [47773.940194] slab_free_freelist_hook+0x86/0x190 [47773.941038] kfree+0xce/0x3a0 [47773.941644] tcf_ct_flow_table_cleanup_work Original patch description and stack trace by Paul Blakey.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50000 was patched at 2025-06-17

209. Memory Corruption - Linux Kernel (CVE-2022-50003) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ice: xsk: prohibit usage of non-balanced queue id Fix the following scenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t -z Above refers to a case where user would like to attach XSK socket in txonly mode at a queue id that does not have a corresponding Rx queue. At this moment ice's XSK logic is tightly bound to act on a "queue pair", e.g. both Tx and Rx queues at a given queue id are disabled/enabled and both of them will get XSK pool assigned, which is broken for the presented queue configuration. This results in the splat included at the bottom, which is basically an OOB access to Rx ring array. To fix this, allow using the ids only in scope of "combined" queues reported by ethtool. However, logic should be rewritten to allow such configurations later on, which would end up as a complete rewrite of the control path, so let us go with this temporary fix. [420160.558008] BUG: kernel NULL pointer dereference, address: 0000000000000082 [420160.566359] #PF: supervisor read access in kernel mode [420160.572657] #PF: error_code(0x0000) - not-present page [420160.579002] PGD 0 P4D 0 [420160.582756] Oops: 0000 [#1] PREEMPT SMP NOPTI [420160.588396] CPU: 10 PID: 21232 Comm: xdpsock Tainted: G OE 5.19.0-rc7+ #10 [420160.597893] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019 [420160.609894] RIP: 0010:ice_xsk_pool_setup+0x44/0x7d0 [ice] [420160.616968] Code: f3 48 83 ec 40 48 8b 4f 20 48 8b 3f 65 48 8b 04 25 28 00 00 00 48 89 44 24 38 31 c0 48 8d 04 ed 00 00 00 00 48 01 c1 48 8b 11 <0f> b7 92 82 00 00 00 48 85 d2 0f 84 2d 75 00 00 48 8d 72 ff 48 85 [420160.639421] RSP: 0018:ffffc9002d2afd48 EFLAGS: 00010282 [420160.646650] RAX: 0000000000000050 RBX: ffff88811d8bdd00 RCX: ffff888112c14ff8 [420160.655893] RDX: 0000000000000000 RSI: ffff88811d8bdd00 RDI: ffff888109861000 [420160.665166] RBP: 000000000000000a R08: 000000000000000a R09: 0000000000000000 [420160.674493] R10: 000000000000889f R11: 0000000000000000 R12: 000000000000000a [420160.683833] R13: 000000000000000a R14: 0000000000000000 R15: ffff888117611828 [420160.693211] FS: 00007fa869fc1f80(0000) GS:ffff8897e0880000(0000) knlGS:0000000000000000 [420160.703645] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [420160.711783] CR2: 0000000000000082 CR3: 00000001d076c001 CR4: 00000000007706e0 [420160.721399] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [420160.731045] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [420160.740707] PKRU: 55555554 [420160.745960] Call Trace: [420160.750962] <TASK> [420160.755597] ? kmalloc_large_node+0x79/0x90 [420160.762703] ? __kmalloc_node+0x3f5/0x4b0 [420160.769341] xp_assign_dev+0xfd/0x210 [420160.775661] ? shmem_file_read_iter+0x29a/0x420 [420160.782896] xsk_bind+0x152/0x490 [420160.788943] __sys_bind+0xd0/0x100 [420160.795097] ? exit_to_user_mode_prepare+0x20/0x120 [420160.802801] __x64_sys_bind+0x16/0x20 [420160.809298] do_syscall_64+0x38/0x90 [420160.815741] entry_SYSCALL_64_after_hwframe+0x63/0xcd [420160.823731] RIP: 0033:0x7fa86a0dd2fb [420160.830264] Code: c3 66 0f 1f 44 00 00 48 8b 15 69 8b 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bc 0f 1f 44 00 00 f3 0f 1e fa b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 3d 8b 0c 00 f7 d8 64 89 01 48 [420160.855410] RSP: 002b:00007ffc1146f618 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [420160.866366] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa86a0dd2fb [420160.876957] RDX: 0000000000000010 RSI: 00007ffc1146f680 RDI: 0000000000000003 [420160.887604] RBP: 000055d7113a0520 R08: 00007fa868fb8000 R09: 0000000080000000 [420160.898293] R10: 0000000000008001 R11: 0000000000000246 R12: 000055d7113a04e0 [420160.909038] R13: 000055d7113a0320 R14: 000000000000000a R15: 0000000000000000 [420160.919817] </TASK> [420160.925659] Modules linked in: ice(OE) af_packet binfmt_misc ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50003 was patched at 2025-06-17

210. Memory Corruption - Linux Kernel (CVE-2022-50004) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix metadata dst->dev xmit null pointer dereference When we try to transmit an skb with metadata_dst attached (i.e. dst->dev == NULL) through xfrm interface we can hit a null pointer dereference[1] in xfrmi_xmit2() -> xfrm_lookup_with_ifid() due to the check for a loopback skb device when there's no policy which dereferences dst->dev unconditionally. Not having dst->dev can be interepreted as it not being a loopback device, so just add a check for a null dst_orig->dev. With this fix xfrm interface's Tx error counters go up as usual. [1] net-next calltrace captured via netconsole: BUG: kernel NULL pointer dereference, address: 00000000000000c0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP CPU: 1 PID: 7231 Comm: ping Kdump: loaded Not tainted 5.19.0+ #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-1.fc36 04/01/2014 RIP: 0010:xfrm_lookup_with_ifid+0x5eb/0xa60 Code: 8d 74 24 38 e8 26 a4 37 00 48 89 c1 e9 12 fc ff ff 49 63 ed 41 83 fd be 0f 85 be 01 00 00 41 be ff ff ff ff 45 31 ed 48 8b 03 <f6> 80 c0 00 00 00 08 75 0f 41 80 bc 24 19 0d 00 00 01 0f 84 1e 02 RSP: 0018:ffffb0db82c679f0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffd0db7fcad430 RCX: ffffb0db82c67a10 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb0db82c67a80 RBP: ffffb0db82c67a80 R08: ffffb0db82c67a14 R09: 0000000000000000 R10: 0000000000000000 R11: ffff8fa449667dc8 R12: ffffffff966db880 R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000000 FS: 00007ff35c83f000(0000) GS:ffff8fa478480000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000c0 CR3: 000000001ebb7000 CR4: 0000000000350ee0 Call Trace: <TASK> xfrmi_xmit+0xde/0x460 ? tcf_bpf_act+0x13d/0x2a0 dev_hard_start_xmit+0x72/0x1e0 __dev_queue_xmit+0x251/0xd30 ip_finish_output2+0x140/0x550 ip_push_pending_frames+0x56/0x80 raw_sendmsg+0x663/0x10a0 ? try_charge_memcg+0x3fd/0x7a0 ? __mod_memcg_lruvec_state+0x93/0x110 ? sock_sendmsg+0x30/0x40 sock_sendmsg+0x30/0x40 __sys_sendto+0xeb/0x130 ? handle_mm_fault+0xae/0x280 ? do_user_addr_fault+0x1e7/0x680 ? kvm_read_and_reset_apf_flags+0x3b/0x50 __x64_sys_sendto+0x20/0x30 do_syscall_64+0x34/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7ff35cac1366 Code: eb 0b 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 11 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 RSP: 002b:00007fff738e4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007fff738e57b0 RCX: 00007ff35cac1366 RDX: 0000000000000040 RSI: 0000557164e4b450 RDI: 0000000000000003 RBP: 0000557164e4b450 R08: 00007fff738e7a2c R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000040 R13: 00007fff738e5770 R14: 00007fff738e4030 R15: 0000001d00000001 </TASK> Modules linked in: netconsole veth br_netfilter bridge bonding virtio_net [last unloaded: netconsole] CR2: 00000000000000c0

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50004 was patched at 2025-06-17

211. Memory Corruption - Linux Kernel (CVE-2022-50005) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout When the pn532 uart device is detaching, the pn532_uart_remove() is called. But there are no functions in pn532_uart_remove() that could delete the cmd_timeout timer, which will cause use-after-free bugs. The process is shown below: (thread 1) | (thread 2) | pn532_uart_send_frame pn532_uart_remove | mod_timer(&pn532->cmd_timeout,...) ... | (wait a time) kfree(pn532) //FREE | pn532_cmd_timeout | pn532_uart_send_frame | pn532->... //USE This patch adds del_timer_sync() in pn532_uart_remove() in order to prevent the use-after-free bugs. What's more, the pn53x_unregister_nfc() is well synchronized, it sets nfc_dev->shutting_down to true and there are no syscalls could restart the cmd_timeout timer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50005 was patched at 2025-06-17

212. Memory Corruption - Linux Kernel (CVE-2022-50015) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot It is not yet clear, but it is possible to create a firmware so broken that it will send a reply message before a FW_READY message (it is not yet clear if FW_READY will arrive later). Since the reply_data is allocated only after the FW_READY message, this will lead to a NULL pointer dereference if not filtered out. The issue was reported with IPC4 firmware but the same condition is present for IPC3.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50015 was patched at 2025-06-17

213. Memory Corruption - Linux Kernel (CVE-2022-50016) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot It is not yet clear, but it is possible to create a firmware so broken that it will send a reply message before a FW_READY message (it is not yet clear if FW_READY will arrive later). Since the reply_data is allocated only after the FW_READY message, this will lead to a NULL pointer dereference if not filtered out. The issue was reported with IPC4 firmware but the same condition is present for IPC3.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50016 was patched at 2025-06-17

214. Memory Corruption - Linux Kernel (CVE-2022-50027) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE There is no corresponding free routine if lpfc_sli4_issue_wqe fails to issue the CMF WQE in lpfc_issue_cmf_sync_wqe. If ret_val is non-zero, then free the iocbq request structure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50027 was patched at 2025-06-17

215. Memory Corruption - Linux Kernel (CVE-2022-50030) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input Malformed user input to debugfs results in buffer overflow crashes. Adapt input string lengths to fit within internal buffers, leaving space for NULL terminators.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50030 was patched at 2025-06-17

216. Memory Corruption - Linux Kernel (CVE-2022-50034) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: usb: cdns3 fix use-after-free at workaround 2 BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac cdns3_wa2_remove_old_request() { ... kfree(priv_req->request.buf); cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); list_del_init(&priv_req->list); ^^^ use after free ... } cdns3_gadget_ep_free_request() free the space pointed by priv_req, but priv_req is used in the following list_del_init(). This patch move list_del_init() before cdns3_gadget_ep_free_request().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50034 was patched at 2025-06-17

217. Memory Corruption - Linux Kernel (CVE-2022-50035) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex If amdgpu_cs_vm_handling returns r != 0, then it will unlock the bo_list_mutex inside the function amdgpu_cs_vm_handling and again on amdgpu_cs_parser_fini. This problem results in the following use-after-free problem: [ 220.280990] ------------[ cut here ]------------ [ 220.281000] refcount_t: underflow; use-after-free. [ 220.281019] WARNING: CPU: 1 PID: 3746 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110 [ 220.281029] ------------[ cut here ]------------ [ 220.281415] CPU: 1 PID: 3746 Comm: chrome:cs0 Tainted: G W L ------- --- 5.20.0-0.rc0.20220812git7ebfc85e2cd7.10.fc38.x86_64 #1 [ 220.281421] Hardware name: System manufacturer System Product Name/ROG STRIX X570-I GAMING, BIOS 4403 04/27/2022 [ 220.281426] RIP: 0010:refcount_warn_saturate+0xba/0x110 [ 220.281431] Code: 01 01 e8 79 4a 6f 00 0f 0b e9 42 47 a5 00 80 3d de 7e be 01 00 75 85 48 c7 c7 f8 98 8e 98 c6 05 ce 7e be 01 01 e8 56 4a 6f 00 <0f> 0b e9 1f 47 a5 00 80 3d b9 7e be 01 00 0f 85 5e ff ff ff 48 c7 [ 220.281437] RSP: 0018:ffffb4b0d18d7a80 EFLAGS: 00010282 [ 220.281443] RAX: 0000000000000026 RBX: 0000000000000003 RCX: 0000000000000000 [ 220.281448] RDX: 0000000000000001 RSI: ffffffff988d06dc RDI: 00000000ffffffff [ 220.281452] RBP: 00000000ffffffff R08: 0000000000000000 R09: ffffb4b0d18d7930 [ 220.281457] R10: 0000000000000003 R11: ffffa0672e2fffe8 R12: ffffa058ca360400 [ 220.281461] R13: ffffa05846c50a18 R14: 00000000fffffe00 R15: 0000000000000003 [ 220.281465] FS: 00007f82683e06c0(0000) GS:ffffa066e2e00000(0000) knlGS:0000000000000000 [ 220.281470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 220.281475] CR2: 00003590005cc000 CR3: 00000001fca46000 CR4: 0000000000350ee0 [ 220.281480] Call Trace: [ 220.281485] <TASK> [ 220.281490] amdgpu_cs_ioctl+0x4e2/0x2070 [amdgpu] [ 220.281806] ? amdgpu_cs_find_mapping+0xe0/0xe0 [amdgpu] [ 220.282028] drm_ioctl_kernel+0xa4/0x150 [ 220.282043] drm_ioctl+0x21f/0x420 [ 220.282053] ? amdgpu_cs_find_mapping+0xe0/0xe0 [amdgpu] [ 220.282275] ? lock_release+0x14f/0x460 [ 220.282282] ? _raw_spin_unlock_irqrestore+0x30/0x60 [ 220.282290] ? _raw_spin_unlock_irqrestore+0x30/0x60 [ 220.282297] ? lockdep_hardirqs_on+0x7d/0x100 [ 220.282305] ? _raw_spin_unlock_irqrestore+0x40/0x60 [ 220.282317] amdgpu_drm_ioctl+0x4a/0x80 [amdgpu] [ 220.282534] __x64_sys_ioctl+0x90/0xd0 [ 220.282545] do_syscall_64+0x5b/0x80 [ 220.282551] ? futex_wake+0x6c/0x150 [ 220.282568] ? lock_is_held_type+0xe8/0x140 [ 220.282580] ? do_syscall_64+0x67/0x80 [ 220.282585] ? lockdep_hardirqs_on+0x7d/0x100 [ 220.282592] ? do_syscall_64+0x67/0x80 [ 220.282597] ? do_syscall_64+0x67/0x80 [ 220.282602] ? lockdep_hardirqs_on+0x7d/0x100 [ 220.282609] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 220.282616] RIP: 0033:0x7f8282a4f8bf [ 220.282639] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 220.282644] RSP: 002b:00007f82683df410 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 220.282651] RAX: ffffffffffffffda RBX: 00007f82683df588 RCX: 00007f8282a4f8bf [ 220.282655] RDX: 00007f82683df4d0 RSI: 00000000c0186444 RDI: 0000000000000018 [ 220.282659] RBP: 00007f82683df4d0 R08: 00007f82683df5e0 R09: 00007f82683df4b0 [ 220.282663] R10: 00001d04000a0600 R11: 0000000000000246 R12: 00000000c0186444 [ 220.282667] R13: 0000000000000018 R14: 00007f82683df588 R15: 0000000000000003 [ 220.282689] </TASK> [ 220.282693] irq event stamp: 6232311 [ 220.282697] hardirqs last enabled at (6232319): [<ffffffff9718cd7e>] __up_console_sem+0x5e/0x70 [ 220.282704] hardirqs last disabled at (6232326): [<ffffffff9718cd63>] __up_console_sem+0x43/0x70 [ 220.282709] softirqs last enabled at (6232072): [<ffffffff970ff669>] __irq_exit_rcu+0xf9/0x170 [ 220.282716] softirqs last disabled at (6232061): [<ffffffff97 ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50035 was patched at 2025-06-17

218. Memory Corruption - Linux Kernel (CVE-2022-50040) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() If an error occurs in dsa_devlink_region_create(), then 'priv->regions' array will be accessed by negative index '-1'. Found by Linux Verification Center (linuxtesting.org) with SVACE.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50040 was patched at 2025-06-17

219. Memory Corruption - Linux Kernel (CVE-2022-50042) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net: genl: fix error path memory leak in policy dumping If construction of the array of policies fails when recording non-first policy we need to unwind. netlink_policy_dump_add_policy() itself also needs fixing as it currently gives up on error without recording the allocated pointer in the pstate pointer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50042 was patched at 2025-06-17

220. Memory Corruption - Linux Kernel (CVE-2022-50047) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6060: prevent crash on an unused port If the port isn't a CPU port nor a user port, 'cpu_dp' is a null pointer and a crash happened on dereferencing it in mv88e6060_setup_port(): [ 9.575872] Unable to handle kernel NULL pointer dereference at virtual address 00000014 ... [ 9.942216] mv88e6060_setup from dsa_register_switch+0x814/0xe84 [ 9.948616] dsa_register_switch from mdio_probe+0x2c/0x54 [ 9.954433] mdio_probe from really_probe.part.0+0x98/0x2a0 [ 9.960375] really_probe.part.0 from driver_probe_device+0x30/0x10c [ 9.967029] driver_probe_device from __device_attach_driver+0xb8/0x13c [ 9.973946] __device_attach_driver from bus_for_each_drv+0x90/0xe0 [ 9.980509] bus_for_each_drv from __device_attach+0x110/0x184 [ 9.986632] __device_attach from bus_probe_device+0x8c/0x94 [ 9.992577] bus_probe_device from deferred_probe_work_func+0x78/0xa8 [ 9.999311] deferred_probe_work_func from process_one_work+0x290/0x73c [ 10.006292] process_one_work from worker_thread+0x30/0x4b8 [ 10.012155] worker_thread from kthread+0xd4/0x10c [ 10.017238] kthread from ret_from_fork+0x14/0x3c

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50047 was patched at 2025-06-17

221. Memory Corruption - Linux Kernel (CVE-2022-50050) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow (although it's unrealistic). This patch replaces with a safer version, scnprintf() for papering over such a potential issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50050 was patched at 2025-06-17

222. Memory Corruption - Linux Kernel (CVE-2022-50051) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: debug: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow (although it's unrealistic). This patch replaces with a safer version, scnprintf() for papering over such a potential issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50051 was patched at 2025-06-17

223. Memory Corruption - Linux Kernel (CVE-2022-50052) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in a buffer overflow (although it's unrealistic). This patch replaces it with a safer version, scnprintf() for papering over such a potential issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50052 was patched at 2025-06-17

224. Memory Corruption - Linux Kernel (CVE-2022-50054) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings Fix possible NULL pointer dereference, due to freeing of adapter->vf_res in iavf_init_get_resources. Previous commit introduced a regression, where receiving IAVF_ERR_ADMIN_QUEUE_NO_WORK from iavf_get_vf_config would free adapter->vf_res. However, netdev is still registered, so ethtool_ops can be called. Calling iavf_get_link_ksettings with no vf_res, will result with: [ 9385.242676] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 9385.242683] #PF: supervisor read access in kernel mode [ 9385.242686] #PF: error_code(0x0000) - not-present page [ 9385.242690] PGD 0 P4D 0 [ 9385.242696] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI [ 9385.242701] CPU: 6 PID: 3217 Comm: pmdalinux Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 [ 9385.242708] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019 [ 9385.242710] RIP: 0010:iavf_get_link_ksettings+0x29/0xd0 [iavf] [ 9385.242745] Code: 00 0f 1f 44 00 00 b8 01 ef ff ff 48 c7 46 30 00 00 00 00 48 c7 46 38 00 00 00 00 c6 46 0b 00 66 89 46 08 48 8b 87 68 0e 00 00 <f6> 40 08 80 75 50 8b 87 5c 0e 00 00 83 f8 08 74 7a 76 1d 83 f8 20 [ 9385.242749] RSP: 0018:ffffc0560ec7fbd0 EFLAGS: 00010246 [ 9385.242755] RAX: 0000000000000000 RBX: ffffc0560ec7fc08 RCX: 0000000000000000 [ 9385.242759] RDX: ffffffffc0ad4550 RSI: ffffc0560ec7fc08 RDI: ffffa0fc66674000 [ 9385.242762] RBP: 00007ffd1fb2bf50 R08: b6a2d54b892363ee R09: ffffa101dc14fb00 [ 9385.242765] R10: 0000000000000000 R11: 0000000000000004 R12: ffffa0fc66674000 [ 9385.242768] R13: 0000000000000000 R14: ffffa0fc66674000 R15: 00000000ffffffa1 [ 9385.242771] FS: 00007f93711a2980(0000) GS:ffffa0fad72c0000(0000) knlGS:0000000000000000 [ 9385.242775] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9385.242778] CR2: 0000000000000008 CR3: 0000000a8e61c003 CR4: 00000000003706e0 [ 9385.242781] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 9385.242784] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 9385.242787] Call Trace: [ 9385.242791] <TASK> [ 9385.242793] ethtool_get_settings+0x71/0x1a0 [ 9385.242814] __dev_ethtool+0x426/0x2f40 [ 9385.242823] ? slab_post_alloc_hook+0x4f/0x280 [ 9385.242836] ? kmem_cache_alloc_trace+0x15d/0x2f0 [ 9385.242841] ? dev_ethtool+0x59/0x170 [ 9385.242848] dev_ethtool+0xa7/0x170 [ 9385.242856] dev_ioctl+0xc3/0x520 [ 9385.242866] sock_do_ioctl+0xa0/0xe0 [ 9385.242877] sock_ioctl+0x22f/0x320 [ 9385.242885] __x64_sys_ioctl+0x84/0xc0 [ 9385.242896] do_syscall_64+0x3a/0x80 [ 9385.242904] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 9385.242918] RIP: 0033:0x7f93702396db [ 9385.242923] Code: 73 01 c3 48 8b 0d ad 57 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7d 57 38 00 f7 d8 64 89 01 48 [ 9385.242927] RSP: 002b:00007ffd1fb2bf18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 9385.242932] RAX: ffffffffffffffda RBX: 000055671b1d2fe0 RCX: 00007f93702396db [ 9385.242935] RDX: 00007ffd1fb2bf20 RSI: 0000000000008946 RDI: 0000000000000007 [ 9385.242937] RBP: 00007ffd1fb2bf20 R08: 0000000000000003 R09: 0030763066307330 [ 9385.242940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd1fb2bf80 [ 9385.242942] R13: 0000000000000007 R14: 0000556719f6de90 R15: 00007ffd1fb2c1b0 [ 9385.242948] </TASK> [ 9385.242949] Modules linked in: iavf(E) xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nft_compat nf_nat_tftp nft_objref nf_conntrack_tftp bridge stp llc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill nfnetlink vfat fat irdma ib_uverbs ib_core intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretem ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50054 was patched at 2025-06-17

225. Memory Corruption - Linux Kernel (CVE-2022-50056) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix missing i_op in ntfs_read_mft There is null pointer dereference because i_op == NULL. The bug happens because we don't initialize i_op for records in $Extend.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50056 was patched at 2025-06-17

226. Memory Corruption - Linux Kernel (CVE-2022-50058) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: vdpa_sim_blk: set number of address spaces and virtqueue groups Commit bda324fd037a ("vdpasim: control virtqueue support") added two new fields (nas, ngroups) to vdpasim_dev_attr, but we forgot to initialize them for vdpa_sim_blk. When creating a new vdpa_sim_blk device this causes the kernel to panic in this way: $ vdpa dev add mgmtdev vdpasim_blk name blk0 BUG: kernel NULL pointer dereference, address: 0000000000000030 ... RIP: 0010:vhost_iotlb_add_range_ctx+0x41/0x220 [vhost_iotlb] ... Call Trace: <TASK> vhost_iotlb_add_range+0x11/0x800 [vhost_iotlb] vdpasim_map_range+0x91/0xd0 [vdpa_sim] vdpasim_alloc_coherent+0x56/0x90 [vdpa_sim] ... This happens because vdpasim->iommu[0] is not initialized when dev_attr.nas is 0. Let's fix this issue by initializing both (nas, ngroups) to 1 for vdpa_sim_blk.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50058 was patched at 2025-06-17

227. Memory Corruption - Linux Kernel (CVE-2022-50063) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: suppress non-changes to the tagging protocol The way in which dsa_tree_change_tag_proto() works is that when dsa_tree_notify() fails, it doesn't know whether the operation failed mid way in a multi-switch tree, or it failed for a single-switch tree. So even though drivers need to fail cleanly in ds->ops->change_tag_protocol(), DSA will still call dsa_tree_notify() again, to restore the old tag protocol for potential switches in the tree where the change did succeeed (before failing for others). This means for the felix driver that if we report an error in felix_change_tag_protocol(), we'll get another call where proto_ops == old_proto_ops. If we proceed to act upon that, we may do unexpected things. For example, we will call dsa_tag_8021q_register() twice in a row, without any dsa_tag_8021q_unregister() in between. Then we will actually call dsa_tag_8021q_unregister() via old_proto_ops->teardown, which (if it manages to run at all, after walking through corrupted data structures) will leave the ports inoperational anyway. The bug can be readily reproduced if we force an error while in tag_8021q mode; this crashes the kernel. echo ocelot-8021q > /sys/class/net/eno2/dsa/tagging echo edsa > /sys/class/net/eno2/dsa/tagging # -EPROTONOSUPPORT Unable to handle kernel NULL pointer dereference at virtual address 0000000000000014 Call trace: vcap_entry_get+0x24/0x124 ocelot_vcap_filter_del+0x198/0x270 felix_tag_8021q_vlan_del+0xd4/0x21c dsa_switch_tag_8021q_vlan_del+0x168/0x2cc dsa_switch_event+0x68/0x1170 dsa_tree_notify+0x14/0x34 dsa_port_tag_8021q_vlan_del+0x84/0x110 dsa_tag_8021q_unregister+0x15c/0x1c0 felix_tag_8021q_teardown+0x16c/0x180 felix_change_tag_protocol+0x1bc/0x230 dsa_switch_event+0x14c/0x1170 dsa_tree_change_tag_proto+0x118/0x1c0

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50063 was patched at 2025-06-17

228. Memory Corruption - Linux Kernel (CVE-2022-50064) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Avoid use-after-free on suspend/resume hctx->user_data is set to vq in virtblk_init_hctx(). However, vq is freed on suspend and reallocated on resume. So, hctx->user_data is invalid after resume, and it will cause use-after-free accessing which will result in the kernel crash something like below: [ 22.428391] Call Trace: [ 22.428899] <TASK> [ 22.429339] virtqueue_add_split+0x3eb/0x620 [ 22.430035] ? __blk_mq_alloc_requests+0x17f/0x2d0 [ 22.430789] ? kvm_clock_get_cycles+0x14/0x30 [ 22.431496] virtqueue_add_sgs+0xad/0xd0 [ 22.432108] virtblk_add_req+0xe8/0x150 [ 22.432692] virtio_queue_rqs+0xeb/0x210 [ 22.433330] blk_mq_flush_plug_list+0x1b8/0x280 [ 22.434059] __blk_flush_plug+0xe1/0x140 [ 22.434853] blk_finish_plug+0x20/0x40 [ 22.435512] read_pages+0x20a/0x2e0 [ 22.436063] ? folio_add_lru+0x62/0xa0 [ 22.436652] page_cache_ra_unbounded+0x112/0x160 [ 22.437365] filemap_get_pages+0xe1/0x5b0 [ 22.437964] ? context_to_sid+0x70/0x100 [ 22.438580] ? sidtab_context_to_sid+0x32/0x400 [ 22.439979] filemap_read+0xcd/0x3d0 [ 22.440917] xfs_file_buffered_read+0x4a/0xc0 [ 22.441984] xfs_file_read_iter+0x65/0xd0 [ 22.442970] __kernel_read+0x160/0x2e0 [ 22.443921] bprm_execve+0x21b/0x640 [ 22.444809] do_execveat_common.isra.0+0x1a8/0x220 [ 22.446008] __x64_sys_execve+0x2d/0x40 [ 22.446920] do_syscall_64+0x37/0x90 [ 22.447773] entry_SYSCALL_64_after_hwframe+0x63/0xcd This patch fixes this issue by getting vq from vblk, and removes virtblk_init_hctx().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50064 was patched at 2025-06-17

229. Memory Corruption - Linux Kernel (CVE-2022-50065) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix memory leak inside XPD_TX with mergeable When we call xdp_convert_buff_to_frame() to get xdpf, if it returns NULL, we should check if xdp_page was allocated by xdp_linearize_page(). If it is newly allocated, it should be freed here alone. Just like any other "goto err_xdp".

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50065 was patched at 2025-06-17

230. Memory Corruption - Linux Kernel (CVE-2022-50073) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null Fixes a NULL pointer derefence bug triggered from tap driver. When tap_get_user calls virtio_net_hdr_to_skb the skb->dev is null (in tap.c skb->dev is set after the call to virtio_net_hdr_to_skb) virtio_net_hdr_to_skb calls dev_parse_header_protocol which needs skb->dev field to be valid. The line that trigers the bug is in dev_parse_header_protocol (dev is at offset 0x10 from skb and is stored in RAX register) if (!dev->header_ops || !dev->header_ops->parse_protocol) 22e1: mov 0x10(%rbx),%rax 22e5: mov 0x230(%rax),%rax Setting skb->dev before the call in tap.c fixes the issue. BUG: kernel NULL pointer dereference, address: 0000000000000230 RIP: 0010:virtio_net_hdr_to_skb.constprop.0+0x335/0x410 [tap] Code: c0 0f 85 b7 fd ff ff eb d4 41 39 c6 77 cf 29 c6 48 89 df 44 01 f6 e8 7a 79 83 c1 48 85 c0 0f 85 d9 fd ff ff eb b7 48 8b 43 10 <48> 8b 80 30 02 00 00 48 85 c0 74 55 48 8b 40 28 48 85 c0 74 4c 48 RSP: 0018:ffffc90005c27c38 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff888298f25300 RCX: 0000000000000010 RDX: 0000000000000005 RSI: ffffc90005c27cb6 RDI: ffff888298f25300 RBP: ffffc90005c27c80 R08: 00000000ffffffea R09: 00000000000007e8 R10: ffff88858ec77458 R11: 0000000000000000 R12: 0000000000000001 R13: 0000000000000014 R14: ffffc90005c27e08 R15: ffffc90005c27cb6 FS: 0000000000000000(0000) GS:ffff88858ec40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000230 CR3: 0000000281408006 CR4: 00000000003706e0 Call Trace: tap_get_user+0x3f1/0x540 [tap] tap_sendmsg+0x56/0x362 [tap] ? get_tx_bufs+0xc2/0x1e0 [vhost_net] handle_tx_copy+0x114/0x670 [vhost_net] handle_tx+0xb0/0xe0 [vhost_net] handle_tx_kick+0x15/0x20 [vhost_net] vhost_worker+0x7b/0xc0 [vhost] ? vhost_vring_call_reset+0x40/0x40 [vhost] kthread+0xfa/0x120 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50073 was patched at 2025-06-17

231. Memory Corruption - Linux Kernel (CVE-2022-50075) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Have event probes be consistent with kprobes and uprobes Currently, if a symbol "@" is attempted to be used with an event probe (eprobes), it will cause a NULL pointer dereference crash. Both kprobes and uprobes can reference data other than the main registers. Such as immediate address, symbols and the current task name. Have eprobes do the same thing. For "comm", if "comm" is used and the event being attached to does not have the "comm" field, then make it the "$comm" that kprobes has. This is consistent to the way histograms and filters work.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50075 was patched at 2025-06-17

232. Memory Corruption - Linux Kernel (CVE-2022-50076) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak on the deferred close xfstests on smb21 report kmemleak as below: unreferenced object 0xffff8881767d6200 (size 64): comm "xfs_io", pid 1284, jiffies 4294777434 (age 20.789s) hex dump (first 32 bytes): 80 5a d0 11 81 88 ff ff 78 8a aa 63 81 88 ff ff .Z......x..c.... 00 71 99 76 81 88 ff ff 00 00 00 00 00 00 00 00 .q.v............ backtrace: [<00000000ad04e6ea>] cifs_close+0x92/0x2c0 [<0000000028b93c82>] __fput+0xff/0x3f0 [<00000000d8116851>] task_work_run+0x85/0xc0 [<0000000027e14f9e>] do_exit+0x5e5/0x1240 [<00000000fb492b95>] do_group_exit+0x58/0xe0 [<00000000129a32d9>] __x64_sys_exit_group+0x28/0x30 [<00000000e3f7d8e9>] do_syscall_64+0x35/0x80 [<00000000102e8a0b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 When cancel the deferred close work, we should also cleanup the struct cifs_deferred_close.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50076 was patched at 2025-06-17

233. Memory Corruption - Linux Kernel (CVE-2022-50088) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: fix potential memory leak in damon_reclaim_init() damon_reclaim_init() allocates a memory chunk for ctx with damon_new_ctx(). When damon_select_ops() fails, ctx is not released, which will lead to a memory leak. We should release the ctx with damon_destroy_ctx() when damon_select_ops() fails to fix the memory leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50088 was patched at 2025-06-17

234. Memory Corruption - Linux Kernel (CVE-2022-50095) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b ("posix-cpu-timers: Store a reference to a pid not a task") started looking up tasks by PID when deleting a CPU timer. When a non-leader thread calls execve, it will switch PIDs with the leader process. Then, as it calls exit_itimers, posix_cpu_timer_del cannot find the task because the timer still points out to the old PID. That means that armed timers won't be disarmed, that is, they won't be removed from the timerqueue_list. exit_itimers will still release their memory, and when that list is later processed, it leads to a use-after-free. Clean up the timers from the de-threaded task before freeing them. This prevents a reported use-after-free.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50095 was patched at 2025-06-17

235. Memory Corruption - Linux Kernel (CVE-2022-50107) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak when using fscache If we hit the 'index == next_cached' case, we leak a refcount on the struct page. Fix this by using readahead_folio() which takes care of the refcount for you.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50107 was patched at 2025-06-17

236. Memory Corruption - Linux Kernel (CVE-2022-50110) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource Unlike release_mem_region(), a call to release_resource() does not free the resource, so it has to be freed explicitly to avoid a memory leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50110 was patched at 2025-06-17

237. Memory Corruption - Linux Kernel (CVE-2022-50115) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes We have sanity checks for byte controls and if any of the fail the locally allocated scontrol->ipc_control_data is freed up, but not set to NULL. On a rollback path of the error the higher level code will also try to free the scontrol->ipc_control_data which will eventually going to lead to memory corruption as double freeing memory is not a good thing.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50115 was patched at 2025-06-17

238. Memory Corruption - Linux Kernel (CVE-2022-50129) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srpt_port from regular members into pointers. Allocate the LIO port data structures from inside srpt_make_tport() and free these from inside srpt_make_tport(). Keep struct srpt_device as long as either an RDMA port or a LIO target port is associated with it. This patch decouples the lifetime of struct srpt_port (controlled by the RDMA core) and struct srpt_port_id (controlled by LIO). This patch fixes the following KASAN complaint: BUG: KASAN: use-after-free in srpt_enable_tpg+0x31/0x70 [ib_srpt] Read of size 8 at addr ffff888141cc34b8 by task check/5093 Call Trace: <TASK> show_stack+0x4e/0x53 dump_stack_lvl+0x51/0x66 print_address_description.constprop.0.cold+0xea/0x41e print_report.cold+0x90/0x205 kasan_report+0xb9/0xf0 __asan_load8+0x69/0x90 srpt_enable_tpg+0x31/0x70 [ib_srpt] target_fabric_tpg_base_enable_store+0xe2/0x140 [target_core_mod] configfs_write_iter+0x18b/0x210 new_sync_write+0x1f2/0x2f0 vfs_write+0x3e3/0x540 ksys_write+0xbb/0x140 __x64_sys_write+0x42/0x50 do_syscall_64+0x34/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 </TASK>

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50129 was patched at 2025-06-17

239. Memory Corruption - Linux Kernel (CVE-2022-50131) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() Smatch Warning: drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() '&mcp->txbuf[5]' too small (59 vs 255) drivers/hid/hid-mcp2221.c:388 mcp_smbus_write() error: __memcpy() 'buf' too small (34 vs 255) The 'len' variable can take a value between 0-255 as it can come from data->block[0] and it is user data. So add an bound check to prevent a buffer overflow in memcpy().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50131 was patched at 2025-06-17

240. Memory Corruption - Linux Kernel (CVE-2022-50133) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: usb: xhci_plat_remove: avoid NULL dereference Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a ("usb: host: xhci-plat: omit shared hcd if either root hub has no ports") xhci->shared_hcd can be NULL, which causes the following Oops on reboot: [ 710.124450] systemd-shutdown[1]: Rebooting. [ 710.298861] xhci-hcd xhci-hcd.2.auto: remove, state 4 [ 710.304217] usb usb3: USB disconnect, device number 1 [ 710.317441] xhci-hcd xhci-hcd.2.auto: USB bus 3 deregistered [ 710.323280] xhci-hcd xhci-hcd.2.auto: remove, state 1 [ 710.328401] usb usb2: USB disconnect, device number 1 [ 710.333515] usb 2-3: USB disconnect, device number 2 [ 710.467649] xhci-hcd xhci-hcd.2.auto: USB bus 2 deregistered [ 710.475450] Unable to handle kernel NULL pointer dereference at virtual address 00000000000003b8 [ 710.484425] Mem abort info: [ 710.487265] ESR = 0x0000000096000004 [ 710.491060] EC = 0x25: DABT (current EL), IL = 32 bits [ 710.496427] SET = 0, FnV = 0 [ 710.499525] EA = 0, S1PTW = 0 [ 710.502716] FSC = 0x04: level 0 translation fault [ 710.507648] Data abort info: [ 710.510577] ISV = 0, ISS = 0x00000004 [ 710.514462] CM = 0, WnR = 0 [ 710.517480] user pgtable: 4k pages, 48-bit VAs, pgdp=00000008b0050000 [ 710.523976] [00000000000003b8] pgd=0000000000000000, p4d=0000000000000000 [ 710.530961] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 710.536551] Modules linked in: rfkill input_leds snd_soc_simple_card snd_soc_simple_card_utils snd_soc_nau8822 designware_i2s snd_soc_core dw_hdmi_ahb_audio snd_pcm_dmaengine arm_ccn panfrost ac97_bus gpu_sched snd_pcm at24 fuse configfs sdhci_of_dwcmshc sdhci_pltfm sdhci nvme led_class mmc_core nvme_core bt1_pvt polynomial tp_serio snd_seq_midi snd_seq_midi_event snd_seq snd_timer snd_rawmidi snd_seq_device snd soundcore efivarfs ipv6 [ 710.575286] CPU: 7 PID: 1 Comm: systemd-shutdow Not tainted 5.19.0-rc7-00043-gfd8619f4fd54 #1 [ 710.583822] Hardware name: T-Platforms TF307-MB/BM1BM1-A, BIOS 5.6 07/06/2022 [ 710.590972] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 710.597949] pc : usb_remove_hcd+0x34/0x1e4 [ 710.602067] lr : xhci_plat_remove+0x74/0x140 [ 710.606351] sp : ffff800009f3b7c0 [ 710.609674] x29: ffff800009f3b7c0 x28: ffff000800960040 x27: 0000000000000000 [ 710.616833] x26: ffff800008dc22a0 x25: 0000000000000000 x24: 0000000000000000 [ 710.623992] x23: 0000000000000000 x22: ffff000805465810 x21: ffff000805465800 [ 710.631149] x20: ffff000800f80000 x19: 0000000000000000 x18: ffffffffffffffff [ 710.638307] x17: ffff000805096000 x16: ffff00080633b800 x15: ffff000806537a1c [ 710.645465] x14: 0000000000000001 x13: 0000000000000000 x12: ffff00080378d6f0 [ 710.652621] x11: ffff00080041a900 x10: ffff800009b204e8 x9 : ffff8000088abaa4 [ 710.659779] x8 : ffff000800960040 x7 : ffff800009409000 x6 : 0000000000000001 [ 710.666936] x5 : ffff800009241000 x4 : ffff800009241440 x3 : 0000000000000000 [ 710.674094] x2 : ffff000800960040 x1 : ffff000800960040 x0 : 0000000000000000 [ 710.681251] Call trace: [ 710.683704] usb_remove_hcd+0x34/0x1e4 [ 710.687467] xhci_plat_remove+0x74/0x140 [ 710.691400] platform_remove+0x34/0x70 [ 710.695165] device_remove+0x54/0x90 [ 710.698753] device_release_driver_internal+0x200/0x270 [ 710.703992] device_release_driver+0x24/0x30 [ 710.708273] bus_remove_device+0xe0/0x16c [ 710.712293] device_del+0x178/0x390 [ 710.715797] platform_device_del.part.0+0x24/0x90 [ 710.720514] platform_device_unregister+0x30/0x50 [ 710.725232] dwc3_host_exit+0x20/0x30 [ 710.728907] dwc3_remove+0x174/0x1b0 [ 710.732494] platform_remove+0x34/0x70 [ 710.736254] device_remove+0x54/0x90 [ 710.739840] device_release_driver_internal+0x200/0x270 [ 710.745078] device_release_driver+0x24/0x30 [ 710.749359] bus_remove_device+0xe0/0x16c [ 710.753380] device_del+0x178/0x390 [ 710.756881] platform_device_del.part ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50133 was patched at 2025-06-17

241. Memory Corruption - Linux Kernel (CVE-2022-50137) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a window for use-after-free During a destroy CQ an interrupt may cause processing of a CQE after CQ resources are freed by irdma_cq_free_rsrc(). Fix this by moving the call to irdma_cq_free_rsrc() after the irdma_sc_cleanup_ceqes(), which is called under the cq_lock.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50137 was patched at 2025-06-17

242. Memory Corruption - Linux Kernel (CVE-2022-50138) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() __qedr_alloc_mr() allocates a memory chunk for "mr->info.pbl_table" with init_mr_info(). When rdma_alloc_tid() and rdma_register_tid() fail, "mr" is released while "mr->info.pbl_table" is not released, which will lead to a memory leak. We should release the "mr->info.pbl_table" with qedr_free_pbl() when error occurs to fix the memory leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50138 was patched at 2025-06-17

243. Memory Corruption - Linux Kernel (CVE-2022-50144) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: soundwire: revisit driver bind/unbind and callbacks In the SoundWire probe, we store a pointer from the driver ops into the 'slave' structure. This can lead to kernel oopses when unbinding codec drivers, e.g. with the following sequence to remove machine driver and codec driver. /sbin/modprobe -r snd_soc_sof_sdw /sbin/modprobe -r snd_soc_rt711 The full details can be found in the BugLink below, for reference the two following examples show different cases of driver ops/callbacks being invoked after the driver .remove(). kernel: BUG: kernel NULL pointer dereference, address: 0000000000000150 kernel: Workqueue: events cdns_update_slave_status_work [soundwire_cadence] kernel: RIP: 0010:mutex_lock+0x19/0x30 kernel: Call Trace: kernel: ? sdw_handle_slave_status+0x426/0xe00 [soundwire_bus 94ff184bf398570c3f8ff7efe9e32529f532e4ae] kernel: ? newidle_balance+0x26a/0x400 kernel: ? cdns_update_slave_status_work+0x1e9/0x200 [soundwire_cadence 1bcf98eebe5ba9833cd433323769ac923c9c6f82] kernel: BUG: unable to handle page fault for address: ffffffffc07654c8 kernel: Workqueue: pm pm_runtime_work kernel: RIP: 0010:sdw_bus_prep_clk_stop+0x6f/0x160 [soundwire_bus] kernel: Call Trace: kernel: <TASK> kernel: sdw_cdns_clock_stop+0xb5/0x1b0 [soundwire_cadence 1bcf98eebe5ba9833cd433323769ac923c9c6f82] kernel: intel_suspend_runtime+0x5f/0x120 [soundwire_intel aca858f7c87048d3152a4a41bb68abb9b663a1dd] kernel: ? dpm_sysfs_remove+0x60/0x60 This was not detected earlier in Intel tests since the tests first remove the parent PCI device and shut down the bus. The sequence above is a corner case which keeps the bus operational but without a driver bound. While trying to solve this kernel oopses, it became clear that the existing SoundWire bus does not deal well with the unbind case. Commit 528be501b7d4a ("soundwire: sdw_slave: add probe_complete structure and new fields") added a 'probed' status variable and a 'probe_complete' struct completion. This status is however not reset on remove and likewise the 'probe complete' is not re-initialized, so the bind/unbind/bind test cases would fail. The timeout used before the 'update_status' callback was also a bad idea in hindsight, there should really be no timing assumption as to if and when a driver is bound to a device. An initial draft was based on device_lock() and device_unlock() was tested. This proved too complicated, with deadlocks created during the suspend-resume sequences, which also use the same device_lock/unlock() as the bind/unbind sequences. On a CometLake device, a bad DSDT/BIOS caused spurious resumes and the use of device_lock() caused hangs during suspend. After multiple weeks or testing and painful reverse-engineering of deadlocks on different devices, we looked for alternatives that did not interfere with the device core. A bus notifier was used successfully to keep track of DRIVER_BOUND and DRIVER_UNBIND events. This solved the bind-unbind-bind case in tests, but it can still be defeated with a theoretical corner case where the memory is freed by a .remove while the callback is in use. The notifier only helps make sure the driver callbacks are valid, but not that the memory allocated in probe remains valid while the callbacks are invoked. This patch suggests the introduction of a new 'sdw_dev_lock' mutex protecting probe/remove and all driver callbacks. Since this mutex is 'local' to SoundWire only, it does not interfere with existing locks and does not create deadlocks. In addition, this patch removes the 'probe_complete' completion, instead we directly invoke the 'update_status' from the probe routine. That removes any sort of timing dependency and a much better support for the device/driver model, the driver could be bound before the bus started, or eons after the bus started and the hardware would be properly initialized in all cases. BugLink: https://github.com/thesofproject/linux/is ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50144 was patched at 2025-06-17

244. Memory Corruption - Linux Kernel (CVE-2022-50145) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: dmaengine: sf-pdma: Add multithread support for a DMA channel When we get a DMA channel and try to use it in multiple threads it will cause oops and hanging the system. % echo 64 > /sys/module/dmatest/parameters/threads_per_chan % echo 10000 > /sys/module/dmatest/parameters/iterations % echo 1 > /sys/module/dmatest/parameters/run [ 89.480664] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0 [ 89.488725] Oops [#1] [ 89.494708] CPU: 2 PID: 1008 Comm: dma0chan0-copy0 Not tainted 5.17.0-rc5 [ 89.509385] epc : vchan_find_desc+0x32/0x46 [ 89.513553] ra : sf_pdma_tx_status+0xca/0xd6 This happens because of data race. Each thread rewrite channels's descriptor as soon as device_prep_dma_memcpy() is called. It leads to the situation when the driver thinks that it uses right descriptor that actually is freed or substituted for other one. With current fixes a descriptor changes its value only when it has been used. A new descriptor is acquired from vc->desc_issued queue that is already filled with descriptors that are ready to be sent. Threads have no direct access to DMA channel descriptor. Now it is just possible to queue a descriptor for further processing.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50145 was patched at 2025-06-17

245. Memory Corruption - Linux Kernel (CVE-2022-50146) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors If dw_pcie_ep_init() fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory leak. Add a cleanup-on-error path to fix these leaks. [bhelgaas: commit log]

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50146 was patched at 2025-06-17

246. Memory Corruption - Linux Kernel (CVE-2022-50148) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: kernfs: fix potential NULL dereference in __kernfs_remove When lockdep is enabled, lockdep_assert_held_write would cause potential NULL pointer dereference. Fix the following smatch warnings: fs/kernfs/dir.c:1353 __kernfs_remove() warn: variable dereferenced before check 'kn' (see line 1346)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50148 was patched at 2025-06-17

247. Memory Corruption - Linux Kernel (CVE-2022-50170) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: kunit: executor: Fix a memory leak on failure in kunit_filter_tests It's possible that memory allocation for 'filtered' will fail, but for the copy of the suite to succeed. In this case, the copy could be leaked. Properly free 'copy' in the error case for the allocation of 'filtered' failing. Note that there may also have been a similar issue in kunit_filter_subsuites, before it was removed in "kunit: flatten kunit_suite*** to kunit_suite** in .kunit_test_suites". This was reported by clang-analyzer via the kernel test robot, here: https://lore.kernel.org/all/c8073b8e-7b9e-0830-4177-87c12f16349c@intel.com/ And by smatch via Dan Carpenter and the kernel test robot: https://lore.kernel.org/all/202207101328.ASjx88yj-lkp@intel.com/

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50170 was patched at 2025-06-17

248. Memory Corruption - Linux Kernel (CVE-2022-50172) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg Free the skb if mt76u_bulk_msg fails in __mt76x02u_mcu_send_msg routine.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50172 was patched at 2025-06-17

249. Memory Corruption - Linux Kernel (CVE-2022-50175) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: media: tw686x: Fix memory leak in tw686x_video_init video_device_alloc() allocates memory for vdev, when video_register_device() fails, it doesn't release the memory and leads to memory leak, call video_device_release() to fix this.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50175 was patched at 2025-06-17

250. Memory Corruption - Linux Kernel (CVE-2022-50186) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ath11k: fix missing skb drop on htc_tx_completion error On htc_tx_completion error the skb is not dropped. This is wrong since the completion_handler logic expect the skb to be consumed anyway even when an error is triggered. Not freeing the skb on error is a memory leak since the skb won't be freed anywere else. Correctly free the packet on eid >= ATH11K_HTC_EP_COUNT before returning. Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50186 was patched at 2025-06-17

251. Memory Corruption - Linux Kernel (CVE-2022-50196) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ocmem: Fix refcount leak in of_get_ocmem of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. of_node_put() will check NULL pointer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50196 was patched at 2025-06-17

252. Memory Corruption - Linux Kernel (CVE-2022-50201) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: selinux: fix memleak in security_read_state_kernel() In this function, it directly returns the result of __security_read_policy without freeing the allocated memory in *data, cause memory leak issue, so free the memory if __security_read_policy failed. [PM: subject line tweak]

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50201 was patched at 2025-06-17

253. Memory Corruption - Linux Kernel (CVE-2022-50212) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow CHAIN_ID to refer to another table When doing lookups for chains on the same batch by using its ID, a chain from a different table can be used. If a rule is added to a table but refers to a chain in a different table, it will be linked to the chain in table2, but would have expressions referring to objects in table1. Then, when table1 is removed, the rule will not be removed as its linked to a chain in table2. When expressions in the rule are processed or removed, that will lead to a use-after-free. When looking for chains by ID, use the table that was used for the lookup by name, and only return chains belonging to that same table.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50212 was patched at 2025-06-17

254. Memory Corruption - Linux Kernel (CVE-2022-50219) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in compute_effective_progs Syzbot found a Use After Free bug in compute_effective_progs(). The reproducer creates a number of BPF links, and causes a fault injected alloc to fail, while calling bpf_link_detach on them. Link detach triggers the link to be freed by bpf_link_free(), which calls __cgroup_bpf_detach() and update_effective_progs(). If the memory allocation in this function fails, the function restores the pointer to the bpf_cgroup_link on the cgroup list, but the memory gets freed just after it returns. After this, every subsequent call to update_effective_progs() causes this already deallocated pointer to be dereferenced in prog_list_length(), and triggers KASAN UAF error. To fix this issue don't preserve the pointer to the prog or link in the list, but remove it and replace it with a dummy prog without shrinking the table. The subsequent call to __cgroup_bpf_detach() or __cgroup_bpf_detach() will correct it.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50219 was patched at 2025-06-17

255. Memory Corruption - Linux Kernel (CVE-2022-50226) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data that PSP firmware returns. In this case, kmalloc will allocate memory that is the size of the input rather than the size of the data. Since PSP firmware doesn't fully overwrite the buffer, the sev ioctl interfaces with the issue may return uninitialized slab memory. Currently, all of the ioctl interfaces in the ccp driver are safe, but to prevent future problems, change all ioctl interfaces that allocate memory with kmalloc to use kzalloc and memset the data buffer to zero in sev_ioctl_do_platform_status.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50226 was patched at 2025-06-17

256. Memory Corruption - Linux Kernel (CVE-2025-38007) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Add NULL check in uclogic_input_configured() devm_kasprintf() returns NULL when memory allocation fails. Currently, uclogic_input_configured() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2025-38007 was patched at 2025-06-17

257. Memory Corruption - Linux Kernel (CVE-2025-38015) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs during idxd_alloc(). To fix it, free the allocated memory in the reverse order of allocation before exiting the function in case of an error.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2025-38015 was patched at 2025-06-17

258. Memory Corruption - Linux Kernel (CVE-2025-38018) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net/tls: fix kernel panic when alloc_page failed We cannot set frag_list to NULL pointer when alloc_page failed. It will be used in tls_strp_check_queue_ok when the next time tls_strp_read_sock is called. This is because we don't reset full_len in tls_strp_flush_anchor_copy() so the recv path will try to continue handling the partial record on the next call but we dettached the rcvq from the frag list. Alternative fix would be to reset full_len. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 Call trace: tls_strp_check_rcv+0x128/0x27c tls_strp_data_ready+0x34/0x44 tls_data_ready+0x3c/0x1f0 tcp_data_ready+0x9c/0xe4 tcp_data_queue+0xf6c/0x12d0 tcp_rcv_established+0x52c/0x798

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2025-38018 was patched at 2025-06-17

259. Memory Corruption - Linux Kernel (CVE-2025-38020) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Disable MACsec offload for uplink representor profile MACsec offload is not supported in switchdev mode for uplink representors. When switching to the uplink representor profile, the MACsec offload feature must be cleared from the netdevice's features. If left enabled, attempts to add offloads result in a null pointer dereference, as the uplink representor does not support MACsec offload even though the feature bit remains set. Clear NETIF_F_HW_MACSEC in mlx5e_fix_uplink_rep_features(). Kernel log: Oops: general protection fault, probably for non-canonical address 0xdffffc000000000f: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000078-0x000000000000007f] CPU: 29 UID: 0 PID: 4714 Comm: ip Not tainted 6.14.0-rc4_for_upstream_debug_2025_03_02_17_35 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:__mutex_lock+0x128/0x1dd0 Code: d0 7c 08 84 d2 0f 85 ad 15 00 00 8b 35 91 5c fe 03 85 f6 75 29 49 8d 7e 60 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a6 15 00 00 4d 3b 76 60 0f 85 fd 0b 00 00 65 ff RSP: 0018:ffff888147a4f160 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001 RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000078 RBP: ffff888147a4f2e0 R08: ffffffffa05d2c19 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: dffffc0000000000 R14: 0000000000000018 R15: ffff888152de0000 FS: 00007f855e27d800(0000) GS:ffff88881ee80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004e5768 CR3: 000000013ae7c005 CR4: 0000000000372eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 Call Trace: <TASK> ? die_addr+0x3d/0xa0 ? exc_general_protection+0x144/0x220 ? asm_exc_general_protection+0x22/0x30 ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core] ? __mutex_lock+0x128/0x1dd0 ? lockdep_set_lock_cmp_fn+0x190/0x190 ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core] ? mutex_lock_io_nested+0x1ae0/0x1ae0 ? lock_acquire+0x1c2/0x530 ? macsec_upd_offload+0x145/0x380 ? lockdep_hardirqs_on_prepare+0x400/0x400 ? kasan_save_stack+0x30/0x40 ? kasan_save_stack+0x20/0x40 ? kasan_save_track+0x10/0x30 ? __kasan_kmalloc+0x77/0x90 ? __kmalloc_noprof+0x249/0x6b0 ? genl_family_rcv_msg_attrs_parse.constprop.0+0xb5/0x240 ? mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core] mlx5e_macsec_add_secy+0xf9/0x700 [mlx5_core] ? mlx5e_macsec_add_rxsa+0x11a0/0x11a0 [mlx5_core] macsec_update_offload+0x26c/0x820 ? macsec_set_mac_address+0x4b0/0x4b0 ? lockdep_hardirqs_on_prepare+0x284/0x400 ? _raw_spin_unlock_irqrestore+0x47/0x50 macsec_upd_offload+0x2c8/0x380 ? macsec_update_offload+0x820/0x820 ? __nla_parse+0x22/0x30 ? genl_family_rcv_msg_attrs_parse.constprop.0+0x15e/0x240 genl_family_rcv_msg_doit+0x1cc/0x2a0 ? genl_family_rcv_msg_attrs_parse.constprop.0+0x240/0x240 ? cap_capable+0xd4/0x330 genl_rcv_msg+0x3ea/0x670 ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0 ? lockdep_set_lock_cmp_fn+0x190/0x190 ? macsec_update_offload+0x820/0x820 netlink_rcv_skb+0x12b/0x390 ? genl_family_rcv_msg_dumpit+0x2a0/0x2a0 ? netlink_ack+0xd80/0xd80 ? rwsem_down_read_slowpath+0xf90/0xf90 ? netlink_deliver_tap+0xcd/0xac0 ? netlink_deliver_tap+0x155/0xac0 ? _copy_from_iter+0x1bb/0x12c0 genl_rcv+0x24/0x40 netlink_unicast+0x440/0x700 ? netlink_attachskb+0x760/0x760 ? lock_acquire+0x1c2/0x530 ? __might_fault+0xbb/0x170 netlink_sendmsg+0x749/0xc10 ? netlink_unicast+0x700/0x700 ? __might_fault+0xbb/0x170 ? netlink_unicast+0x700/0x700 __sock_sendmsg+0xc5/0x190 ____sys_sendmsg+0x53f/0x760 ? import_iovec+0x7/0x10 ? kernel_sendmsg+0x30/0x30 ? __copy_msghdr+0x3c0/0x3c0 ? filter_irq_stacks+0x90/0x90 ? stack_depot_save_flags+0x28/0xa30 ___sys_sen ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2025-38020 was patched at 2025-06-17

260. Memory Corruption - Linux Kernel (CVE-2025-38022) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 strlen+0x93/0xa0 lib/string.c:420 __fortify_strlen include/linux/fortify-string.h:268 [inline] get_kobj_path_length lib/kobject.c:118 [inline] kobject_get_path+0x3f/0x2a0 lib/kobject.c:158 kobject_uevent_env+0x289/0x1870 lib/kobject_uevent.c:545 ib_register_device drivers/infiniband/core/device.c:1472 [inline] ib_register_device+0x8cf/0xe00 drivers/infiniband/core/device.c:1393 rxe_register_device+0x275/0x320 drivers/infiniband/sw/rxe/rxe_verbs.c:1552 rxe_net_add+0x8e/0xe0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0x70/0x190 drivers/infiniband/sw/rxe/rxe.c:225 nldev_newlink+0x3a3/0x680 drivers/infiniband/core/nldev.c:1796 rdma_nl_rcv_msg+0x387/0x6e0 drivers/infiniband/core/netlink.c:195 rdma_nl_rcv_skb.constprop.0.isra.0+0x2e5/0x450 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg net/socket.c:727 [inline] ____sys_sendmsg+0xa95/0xc70 net/socket.c:2566 ___sys_sendmsg+0x134/0x1d0 net/socket.c:2620 __sys_sendmsg+0x16d/0x220 net/socket.c:2652 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f This problem is similar to the problem that the commit 1d6a9e7449e2 ("RDMA/core: Fix use-after-free when rename device name") fixes. The root cause is: the function ib_device_rename() renames the name with lock. But in the function kobject_uevent(), this name is accessed without lock protection at the same time. The solution is to add the lock protection when this name is accessed in the function kobject_uevent().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2025-38022 was patched at 2025-06-17

261. Memory Corruption - Linux Kernel (CVE-2025-38059) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid csum tree [BUG] When trying read-only scrub on a btrfs with rescue=idatacsums mount option, it will crash with the following call trace: BUG: kernel NULL pointer dereference, address: 0000000000000208 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page CPU: 1 UID: 0 PID: 835 Comm: btrfs Tainted: G O 6.15.0-rc3-custom+ #236 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022 RIP: 0010:btrfs_lookup_csums_bitmap+0x49/0x480 [btrfs] Call Trace: <TASK> scrub_find_fill_first_stripe+0x35b/0x3d0 [btrfs] scrub_simple_mirror+0x175/0x290 [btrfs] scrub_stripe+0x5f7/0x6f0 [btrfs] scrub_chunk+0x9a/0x150 [btrfs] scrub_enumerate_chunks+0x333/0x660 [btrfs] btrfs_scrub_dev+0x23e/0x600 [btrfs] btrfs_ioctl+0x1dcf/0x2f80 [btrfs] __x64_sys_ioctl+0x97/0xc0 do_syscall_64+0x4f/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e [CAUSE] Mount option "rescue=idatacsums" will completely skip loading the csum tree, so that any data read will not find any data csum thus we will ignore data checksum verification. Normally call sites utilizing csum tree will check the fs state flag NO_DATA_CSUMS bit, but unfortunately scrub does not check that bit at all. This results in scrub to call btrfs_search_slot() on a NULL pointer and triggered above crash. [FIX] Check both extent and csum tree root before doing any tree search.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2025-38059 was patched at 2025-06-17

262. Cross Site Scripting - Unknown Product (CVE-2024-47090) - Medium [238]

Description: {'nvd_cve_data_all': 'Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile0.310EPSS Probability is 0.0009, EPSS Percentile is 0.26679

debian: CVE-2024-47090 was patched at 2025-06-17

263. Unknown Vulnerability Type - Moodle (CVE-2025-3625) - Medium [235]

Description: {'nvd_cve_data_all': 'A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License
CVSS Base Score0.710CVSS Base Score is 7.1. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00084, EPSS Percentile is 0.2544

altlinux: CVE-2025-3625 was patched at 2025-05-26

264. Denial of Service - Unknown Product (CVE-2018-25110) - Medium [232]

Description: {'nvd_cve_data_all': 'Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown input, such as deeply nested or repetitively structured brackets or tag attributes, which cause the parser to hang and lead to a Denial of Service.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown input, such as deeply nested or repetitively structured brackets or tag attributes, which cause the parser to hang and lead to a Denial of Service.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile0.210EPSS Probability is 0.00069, EPSS Percentile is 0.21799

debian: CVE-2018-25110 was patched at 2025-06-17

265. Unknown Vulnerability Type - Perl (CVE-2011-10007) - Medium [230]

Description: {'nvd_cve_data_all': 'File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \\ -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename.\n\nA file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed.\n\nExample:\n\n$ mkdir /tmp/poc; echo > "/tmp/poc/|id"\n$ perl -MFile::Find::Rule \\\n\xa0 \xa0 -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")'\nuid=1000(user) gid=1000(user) groups=1000(user),100(users)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 8.8. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00055, EPSS Percentile is 0.17189

debian: CVE-2011-10007 was patched at 2025-06-05, 2025-06-17

oraclelinux: CVE-2011-10007 was patched at 2025-06-24

266. Unknown Vulnerability Type - Vault (CVE-2023-24999) - Medium [230]

Description: {'nvd_cve_data_all': 'HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing
CVSS Base Score0.810CVSS Base Score is 8.1. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00112, EPSS Percentile is 0.30723

redos: CVE-2023-24999 was patched at 2025-05-26

267. Unknown Vulnerability Type - Mozilla Firefox (CVE-2025-4086) - Medium [228]

Description: {'nvd_cve_data_all': 'A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog.\n*This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.12462

altlinux: CVE-2025-4086 was patched at 2025-05-27

268. Unknown Vulnerability Type - Mozilla Firefox (CVE-2025-6429) - Medium [228]

Description: {'nvd_cve_data_all': 'Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00027, EPSS Percentile is 0.0575

debian: CVE-2025-6429 was patched at 2025-06-17

269. Unknown Vulnerability Type - Nomad (CVE-2023-0821) - Medium [226]

Description: {'nvd_cve_data_all': 'HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Product detected by a:hashicorp:nomad (exists in CPE dict)
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.510EPSS Probability is 0.00237, EPSS Percentile is 0.46741

redos: CVE-2023-0821 was patched at 2025-05-26

270. Memory Corruption - Nokogiri (CVE-2025-6490) - Medium [224]

Description: A vulnerability was found in sparklemotion nokogiri up to 1.18.7 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Nokogiri is an open source XML and HTML library for the Ruby programming language
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01724

debian: CVE-2025-6490 was patched at 2025-06-17

271. Memory Corruption - Nokogiri (CVE-2025-6494) - Medium [224]

Description: A vulnerability was found in sparklemotion nokogiri up to 1.18.7. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Nokogiri is an open source XML and HTML library for the Ruby programming language
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01724

debian: CVE-2025-6494 was patched at 2025-06-17

272. Authentication Bypass - Unknown Product (CVE-2024-38822) - Medium [222]

Description: {'nvd_cve_data_all': 'Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.7. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00041, EPSS Percentile is 0.11766

altlinux: CVE-2024-38822 was patched at 2025-06-18, 2025-06-19

273. Authentication Bypass - Unknown Product (CVE-2025-32803) - Medium [222]

Description: {'nvd_cve_data_all': 'In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In some cases, Kea log files or lease files may be world-readable.\nThis issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to NVD data source
EPSS Percentile0.010EPSS Probability is 9e-05, EPSS Percentile is 0.00568

debian: CVE-2025-32803 was patched at 2025-06-17

274. Unknown Vulnerability Type - Windows Kernel (CVE-2025-0913) - Medium [221]

Description: {'nvd_cve_data_all': 'os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00013, EPSS Percentile is 0.01456

altlinux: CVE-2025-0913 was patched at 2025-06-16

275. Path Traversal - Unknown Product (CVE-2025-6020) - Medium [220]

Description: {'nvd_cve_data_all': 'A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04435

debian: CVE-2025-6020 was patched at 2025-06-17

oraclelinux: CVE-2025-6020 was patched at 2025-06-24

ubuntu: CVE-2025-6020 was patched at 2025-06-18

276. Information Disclosure - Unknown Product (CVE-2025-49177) - Medium [219]

Description: {'nvd_cve_data_all': 'A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00013, EPSS Percentile is 0.01296

debian: CVE-2025-49177 was patched at 2025-06-17, 2025-06-23

ubuntu: CVE-2025-49177 was patched at 2025-06-17

277. Unknown Vulnerability Type - Python (CVE-2025-4565) - Medium [219]

Description: {'nvd_cve_data_all': 'Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Any project that uses Protobuf Pure-Python backend\xa0to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP\xa0tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit\xa017838beda2943d08b8a9d4df5b68f5f04f26d901', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile0.210EPSS Probability is 0.00055, EPSS Percentile is 0.173

debian: CVE-2025-4565 was patched at 2025-06-17

278. Remote Code Execution - Unknown Product (CVE-2025-52969) - Medium [214]

Description: {'nvd_cve_data_all': 'ClickHouse 25.7.1.557 allows low-privileged users to execute shell commands by querying existing Executable() tables created by higher-privileged users. Although the CREATE TABLE privilege is restricted, there is no access control preventing low-privileged users from invoking Executable tables already present in the system. If an attacker can influence the contents of the script referenced by the Executable() engine through writable paths, they may execute controlled commands in the context of the ClickHouse server, leading to privilege escalation and unauthorized code execution. NOTE: the Supplier's position is that these types of executions by low-privileged users are the expected behavior.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'ClickHouse 25.7.1.557 allows low-privileged users to execute shell commands by querying existing Executable() tables created by higher-privileged users. Although the CREATE TABLE privilege is restricted, there is no access control preventing low-privileged users from invoking Executable tables already present in the system. If an attacker can influence the contents of the script referenced by the Executable() engine through writable paths, they may execute controlled commands in the context of the ClickHouse server, leading to privilege escalation and unauthorized code execution. NOTE: the Supplier's position is that these types of executions by low-privileged users are the expected behavior.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.8. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00011, EPSS Percentile is 0.01037

debian: CVE-2025-52969 was patched at 2025-06-17

279. Unknown Vulnerability Type - Nomad (CVE-2023-3300) - Medium [214]

Description: {'nvd_cve_data_all': 'HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Product detected by a:hashicorp:nomad (exists in CPE dict)
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.610EPSS Probability is 0.00456, EPSS Percentile is 0.62934

redos: CVE-2023-3300 was patched at 2025-05-26

280. Unknown Vulnerability Type - Apache Tomcat (CVE-2025-46701) - Medium [211]

Description: {'nvd_cve_data_all': 'Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104.\n\nUsers are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
CVSS Base Score0.710CVSS Base Score is 7.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00029, EPSS Percentile is 0.06176

debian: CVE-2025-46701 was patched at 2025-06-17

281. Unknown Vulnerability Type - Asterisk (CVE-2025-47780) - Medium [211]

Description: {'nvd_cve_data_all': 'Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Asterisk is a free and open source framework for building communications applications and is sponsored by Sangoma
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile0.310EPSS Probability is 0.00119, EPSS Percentile is 0.31763

debian: CVE-2025-47780 was patched at 2025-06-17

282. Authentication Bypass - Unknown Product (CVE-2025-52991) - Medium [210]

Description: {'nvd_cve_data_all': 'The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data manipulation. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data manipulation. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.2. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00012, EPSS Percentile is 0.01156

debian: CVE-2025-52991 was patched at 2025-06-17

283. Denial of Service - Unknown Product (CVE-2025-22242) - Medium [208]

Description: {'nvd_cve_data_all': 'Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.6. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00026, EPSS Percentile is 0.05237

altlinux: CVE-2025-22242 was patched at 2025-06-18, 2025-06-19

284. Denial of Service - Unknown Product (CVE-2025-5683) - Medium [208]

Description: {'nvd_cve_data_all': 'When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash.\xa0This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile0.210EPSS Probability is 0.00055, EPSS Percentile is 0.17371

debian: CVE-2025-5683 was patched at 2025-06-17

285. Memory Corruption - Libarchive (CVE-2025-5917) - Medium [208]

Description: A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.310CVSS Base Score is 2.8. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00013, EPSS Percentile is 0.01376

debian: CVE-2025-5917 was patched at 2025-06-17

286. Path Traversal - Unknown Product (CVE-2025-22238) - Medium [208]

Description: {'nvd_cve_data_all': 'Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.2. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00128, EPSS Percentile is 0.33194

altlinux: CVE-2025-22238 was patched at 2025-06-18, 2025-06-19

287. Path Traversal - Unknown Product (CVE-2025-22241) - Medium [208]

Description: {'nvd_cve_data_all': 'File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.6. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00039, EPSS Percentile is 0.10938

altlinux: CVE-2025-22241 was patched at 2025-06-18, 2025-06-19

288. Unknown Vulnerability Type - Perl (CVE-2025-40911) - Medium [207]

Description: {'nvd_cve_data_all': 'Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation. Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.\n\nLeading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.\n\nNet::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00052, EPSS Percentile is 0.16039

debian: CVE-2025-40911 was patched at 2025-06-17

289. Unknown Vulnerability Type - Mozilla Firefox (CVE-2025-3035) - Medium [204]

Description: {'nvd_cve_data_all': 'By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.12698

altlinux: CVE-2025-3035 was patched at 2025-05-27

290. Unknown Vulnerability Type - OpenSSL (CVE-2025-27587) - Medium [204]

Description: {'nvd_cve_data_all': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.12699

debian: CVE-2025-27587 was patched at 2025-06-17

Low (308)

291. Denial of Service - Unknown Product (CVE-2025-49178) - Low [196]

Description: {'nvd_cve_data_all': 'A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00012, EPSS Percentile is 0.01163

debian: CVE-2025-49178 was patched at 2025-06-17, 2025-06-23

oraclelinux: CVE-2025-49178 was patched at 2025-06-23

ubuntu: CVE-2025-49178 was patched at 2025-06-17, 2025-06-18

292. Denial of Service - Unknown Product (CVE-2025-6069) - Low [196]

Description: {'nvd_cve_data_all': 'The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00052, EPSS Percentile is 0.16007

debian: CVE-2025-6069 was patched at 2025-06-17

293. Denial of Service - Unknown Product (CVE-2025-6196) - Low [196]

Description: {'nvd_cve_data_all': 'A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like Tumbler, which may process malicious files automatically when browsing directories. While no direct remote attack vectors are confirmed, any application using libgepub to parse user-supplied EPUB content could be vulnerable to a denial of service.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00017, EPSS Percentile is 0.02564

debian: CVE-2025-6196 was patched at 2025-06-17

294. Path Traversal - Unknown Product (CVE-2025-22240) - Low [196]

Description: {'nvd_cve_data_all': 'Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01543

altlinux: CVE-2025-22240 was patched at 2025-06-18, 2025-06-19

295. Security Feature Bypass - Unknown Product (CVE-2025-4563) - Low [196]

Description: {'nvd_cve_data_all': 'A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.7. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.0002, EPSS Percentile is 0.03568

debian: CVE-2025-4563 was patched at 2025-06-17

296. Unknown Vulnerability Type - Moodle (CVE-2025-32045) - Low [188]

Description: {'nvd_cve_data_all': 'A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Moodle is a free and open-source learning management system written in PHP and distributed under the GNU General Public License
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.12802

altlinux: CVE-2025-32045 was patched at 2025-05-26

redos: CVE-2025-32045 was patched at 2025-05-26

297. Denial of Service - Unknown Product (CVE-2025-5889) - Low [184]

Description: {'nvd_cve_data_all': 'A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.1. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00052, EPSS Percentile is 0.16161

debian: CVE-2025-5889 was patched at 2025-06-17

298. Incorrect Calculation - Unknown Product (CVE-2024-52035) - Low [184]

Description: {'nvd_cve_data_all': 'An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.4. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.0002, EPSS Percentile is 0.03597

debian: CVE-2024-52035 was patched at 2025-06-17

299. Incorrect Calculation - Unknown Product (CVE-2024-54028) - Low [184]

Description: {'nvd_cve_data_all': 'An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.4. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.0002, EPSS Percentile is 0.03597

debian: CVE-2024-54028 was patched at 2025-06-17

300. Incorrect Calculation - Unknown Product (CVE-2025-49180) - Low [184]

Description: {'nvd_cve_data_all': 'A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00013, EPSS Percentile is 0.01446

debian: CVE-2025-49180 was patched at 2025-06-17, 2025-06-23

oraclelinux: CVE-2025-49180 was patched at 2025-06-23

ubuntu: CVE-2025-49180 was patched at 2025-06-17, 2025-06-18

301. Memory Corruption - Unknown Product (CVE-2024-48877) - Low [184]

Description: {'nvd_cve_data_all': 'A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.4. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.0002, EPSS Percentile is 0.03597

debian: CVE-2024-48877 was patched at 2025-06-17

302. Path Traversal - Unknown Product (CVE-2025-4748) - Low [184]

Description: {'nvd_cve_data_all': 'Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2\xa0unless the memory option is passed.\n\nThis issue affects OTP from OTP 17.0 until OTP\xa028.0.1, OTP\xa027.3.4.1 and OTP\xa026.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile0.010EPSS Probability is 0.00019, EPSS Percentile is 0.03075

debian: CVE-2025-4748 was patched at 2025-06-17

303. Information Disclosure - Unknown Product (CVE-2025-6199) - Low [183]

Description: {'nvd_cve_data_all': 'A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00013, EPSS Percentile is 0.01375

debian: CVE-2025-6199 was patched at 2025-06-17, 2025-06-22

304. Incorrect Calculation - Unknown Product (CVE-2025-49176) - Low [172]

Description: {'nvd_cve_data_all': 'A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00013, EPSS Percentile is 0.01446

debian: CVE-2025-49176 was patched at 2025-06-17, 2025-06-23

oraclelinux: CVE-2025-49176 was patched at 2025-06-23

ubuntu: CVE-2025-49176 was patched at 2025-06-17, 2025-06-18

305. Incorrect Calculation - Unknown Product (CVE-2025-49179) - Low [172]

Description: {'nvd_cve_data_all': 'A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00013, EPSS Percentile is 0.01446

debian: CVE-2025-49179 was patched at 2025-06-17, 2025-06-23

oraclelinux: CVE-2025-49179 was patched at 2025-06-23

ubuntu: CVE-2025-49179 was patched at 2025-06-17, 2025-06-18

306. Memory Corruption - Unknown Product (CVE-2025-4447) - Low [172]

Description: {'nvd_cve_data_all': 'In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile0.010EPSS Probability is 0.00018, EPSS Percentile is 0.02978

redhat: CVE-2025-4447 was patched at 2025-06-03

307. Memory Corruption - Unknown Product (CVE-2025-48797) - Low [172]

Description: {'nvd_cve_data_all': 'A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00021, EPSS Percentile is 0.03774

debian: CVE-2025-48797 was patched at 2025-06-06, 2025-06-17

oraclelinux: CVE-2025-48797 was patched at 2025-06-17

redhat: CVE-2025-48797 was patched at 2025-06-17

308. Memory Corruption - Unknown Product (CVE-2025-48798) - Low [172]

Description: {'nvd_cve_data_all': 'A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing use-after-free issues.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00021, EPSS Percentile is 0.03774

debian: CVE-2025-48798 was patched at 2025-06-06, 2025-06-17

oraclelinux: CVE-2025-48798 was patched at 2025-06-17

redhat: CVE-2025-48798 was patched at 2025-06-17

309. Unknown Vulnerability Type - Vault (CVE-2025-4166) - Low [171]

Description: {'nvd_cve_data_all': 'Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise 1.19.3, 1.18.9, 1.17.16, 1.16.20.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets critical in modern computing
CVSS Base Score0.510CVSS Base Score is 4.5. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00033, EPSS Percentile is 0.07949

redos: CVE-2025-4166 was patched at 2025-06-16

310. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49934) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix UAF in ieee80211_scan_rx() ieee80211_scan_rx() tries to access scan_req->flags after a null check, but a UAF is observed when the scan is completed and __ieee80211_scan_completed() executes, which then calls cfg80211_scan_done() leading to the freeing of scan_req. Since scan_req is rcu_dereference()'d, prevent the racing in __ieee80211_scan_completed() by ensuring that from mac80211's POV it is no longer accessed from an RCU read critical section before we call cfg80211_scan_done().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Fix UAF in ieee80211_scan_rx()\n\nieee80211_scan_rx() tries to access scan_req->flags after a\nnull check, but a UAF is observed when the scan is completed\nand __ieee80211_scan_completed() executes, which then calls\ncfg80211_scan_done() leading to the freeing of scan_req.\n\nSince scan_req is rcu_dereference()'d, prevent the racing in\n__ieee80211_scan_completed() by ensuring that from mac80211's\nPOV it is no longer accessed from an RCU read critical section\nbefore we call cfg80211_scan_done().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49934 was patched at 2025-06-17

311. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49936) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 #3 Not tainted -------------------------------------------- kworker/1:3/1205 is trying to acquire lock: ffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at: usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 but task is already holding lock: ffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at: usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 ... stack backtrace: CPU: 1 PID: 1205 Comm: kworker/1:3 Not tainted 5.18.0 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_deadlock_bug kernel/locking/lockdep.c:2988 [inline] check_deadlock kernel/locking/lockdep.c:3031 [inline] validate_chain kernel/locking/lockdep.c:3816 [inline] __lock_acquire.cold+0x152/0x3ca kernel/locking/lockdep.c:5053 lock_acquire kernel/locking/lockdep.c:5665 [inline] lock_acquire+0x1ab/0x520 kernel/locking/lockdep.c:5630 __mutex_lock_common kernel/locking/mutex.c:603 [inline] __mutex_lock+0x14f/0x1610 kernel/locking/mutex.c:747 usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 usb_reset_device+0x37d/0x9a0 drivers/usb/core/hub.c:6109 r871xu_dev_remove+0x21a/0x270 drivers/staging/rtl8712/usb_intf.c:622 usb_unbind_interface+0x1bd/0x890 drivers/usb/core/driver.c:458 device_remove drivers/base/dd.c:545 [inline] device_remove+0x11f/0x170 drivers/base/dd.c:537 __device_release_driver drivers/base/dd.c:1222 [inline] device_release_driver_internal+0x1a7/0x2f0 drivers/base/dd.c:1248 usb_driver_release_interface+0x102/0x180 drivers/usb/core/driver.c:627 usb_forced_unbind_intf+0x4d/0xa0 drivers/usb/core/driver.c:1118 usb_reset_device+0x39b/0x9a0 drivers/usb/core/hub.c:6114 This turned out not to be an error in usb-storage but rather a nested device reset attempt. That is, as the rtl8712 driver was being unbound from a composite device in preparation for an unrelated USB reset (that driver does not have pre_reset or post_reset callbacks), its ->remove routine called usb_reset_device() -- thus nesting one reset call within another. Performing a reset as part of disconnect processing is a questionable practice at best. However, the bug report points out that the USB core does not have any protection against nested resets. Adding a reset_in_progress flag and testing it will prevent such errors in the future.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Prevent nested device-reset calls\n\nAutomatic kernel fuzzing revealed a recursive locking violation in\nusb-storage:\n\n============================================\nWARNING: possible recursive locking detected\n5.18.0 #3 Not tainted\n--------------------------------------------\nkworker/1:3/1205 is trying to acquire lock:\nffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at:\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\n\nbut task is already holding lock:\nffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at:\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\n\n...\n\nstack backtrace:\nCPU: 1 PID: 1205 Comm: kworker/1:3 Not tainted 5.18.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n<TASK>\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_deadlock_bug kernel/locking/lockdep.c:2988 [inline]\ncheck_deadlock kernel/locking/lockdep.c:3031 [inline]\nvalidate_chain kernel/locking/lockdep.c:3816 [inline]\n__lock_acquire.cold+0x152/0x3ca kernel/locking/lockdep.c:5053\nlock_acquire kernel/locking/lockdep.c:5665 [inline]\nlock_acquire+0x1ab/0x520 kernel/locking/lockdep.c:5630\n__mutex_lock_common kernel/locking/mutex.c:603 [inline]\n__mutex_lock+0x14f/0x1610 kernel/locking/mutex.c:747\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\nusb_reset_device+0x37d/0x9a0 drivers/usb/core/hub.c:6109\nr871xu_dev_remove+0x21a/0x270 drivers/staging/rtl8712/usb_intf.c:622\nusb_unbind_interface+0x1bd/0x890 drivers/usb/core/driver.c:458\ndevice_remove drivers/base/dd.c:545 [inline]\ndevice_remove+0x11f/0x170 drivers/base/dd.c:537\n__device_release_driver drivers/base/dd.c:1222 [inline]\ndevice_release_driver_internal+0x1a7/0x2f0 drivers/base/dd.c:1248\nusb_driver_release_interface+0x102/0x180 drivers/usb/core/driver.c:627\nusb_forced_unbind_intf+0x4d/0xa0 drivers/usb/core/driver.c:1118\nusb_reset_device+0x39b/0x9a0 drivers/usb/core/hub.c:6114\n\nThis turned out not to be an error in usb-storage but rather a nested\ndevice reset attempt. That is, as the rtl8712 driver was being\nunbound from a composite device in preparation for an unrelated USB\nreset (that driver does not have pre_reset or post_reset callbacks),\nits ->remove routine called usb_reset_device() -- thus nesting one\nreset call within another.\n\nPerforming a reset as part of disconnect processing is a questionable\npractice at best. However, the bug report points out that the USB\ncore does not have any protection against nested resets. Adding a\nreset_in_progress flag and testing it will prevent such errors in the\nfuture.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49936 was patched at 2025-06-17

312. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49942) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected When we are not connected to a channel, sending channel "switch" announcement doesn't make any sense. The BSS list is empty in that case. This causes the for loop in cfg80211_get_bss() to be bypassed, so the function returns NULL (check line 1424 of net/wireless/scan.c), causing the WARN_ON() in ieee80211_ibss_csa_beacon() to get triggered (check line 500 of net/mac80211/ibss.c), which was consequently reported on the syzkaller dashboard. Thus, check if we have an existing connection before generating the CSA beacon in ieee80211_ibss_finish_csa().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected\n\nWhen we are not connected to a channel, sending channel "switch"\nannouncement doesn't make any sense.\n\nThe BSS list is empty in that case. This causes the for loop in\ncfg80211_get_bss() to be bypassed, so the function returns NULL\n(check line 1424 of net/wireless/scan.c), causing the WARN_ON()\nin ieee80211_ibss_csa_beacon() to get triggered (check line 500\nof net/mac80211/ibss.c), which was consequently reported on the\nsyzkaller dashboard.\n\nThus, check if we have an existing connection before generating\nthe CSA beacon in ieee80211_ibss_finish_csa().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49942 was patched at 2025-06-17

313. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49945) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: hwmon: (gpio-fan) Fix array out of bounds access The driver does not check if the cooling state passed to gpio_fan_set_cur_state() exceeds the maximum cooling state as stored in fan_data->num_speeds. Since the cooling state is later used as an array index in set_fan_speed(), an array out of bounds access can occur. This can be exploited by setting the state of the thermal cooling device to arbitrary values, causing for example a kernel oops when unavailable memory is accessed this way. Example kernel oops: [ 807.987276] Unable to handle kernel paging request at virtual address ffffff80d0588064 [ 807.987369] Mem abort info: [ 807.987398] ESR = 0x96000005 [ 807.987428] EC = 0x25: DABT (current EL), IL = 32 bits [ 807.987477] SET = 0, FnV = 0 [ 807.987507] EA = 0, S1PTW = 0 [ 807.987536] FSC = 0x05: level 1 translation fault [ 807.987570] Data abort info: [ 807.987763] ISV = 0, ISS = 0x00000005 [ 807.987801] CM = 0, WnR = 0 [ 807.987832] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000001165000 [ 807.987872] [ffffff80d0588064] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 807.987961] Internal error: Oops: 96000005 [#1] PREEMPT SMP [ 807.987992] Modules linked in: cmac algif_hash aes_arm64 algif_skcipher af_alg bnep hci_uart btbcm bluetooth ecdh_generic ecc 8021q garp stp llc snd_soc_hdmi_codec brcmfmac vc4 brcmutil cec drm_kms_helper snd_soc_core cfg80211 snd_compress bcm2835_codec(C) snd_pcm_dmaengine syscopyarea bcm2835_isp(C) bcm2835_v4l2(C) sysfillrect v4l2_mem2mem bcm2835_mmal_vchiq(C) raspberrypi_hwmon sysimgblt videobuf2_dma_contig videobuf2_vmalloc fb_sys_fops videobuf2_memops rfkill videobuf2_v4l2 videobuf2_common i2c_bcm2835 snd_bcm2835(C) videodev snd_pcm snd_timer snd mc vc_sm_cma(C) gpio_fan uio_pdrv_genirq uio drm fuse drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [ 807.988508] CPU: 0 PID: 1321 Comm: bash Tainted: G C 5.15.56-v8+ #1575 [ 807.988548] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) [ 807.988574] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 807.988608] pc : set_fan_speed.part.5+0x34/0x80 [gpio_fan] [ 807.988654] lr : gpio_fan_set_cur_state+0x34/0x50 [gpio_fan] [ 807.988691] sp : ffffffc008cf3bd0 [ 807.988710] x29: ffffffc008cf3bd0 x28: ffffff80019edac0 x27: 0000000000000000 [ 807.988762] x26: 0000000000000000 x25: 0000000000000000 x24: ffffff800747c920 [ 807.988787] x23: 000000000000000a x22: ffffff800369f000 x21: 000000001999997c [ 807.988854] x20: ffffff800369f2e8 x19: ffffff8002ae8080 x18: 0000000000000000 [ 807.988877] x17: 0000000000000000 x16: 0000000000000000 x15: 000000559e271b70 [ 807.988938] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 807.988960] x11: 0000000000000000 x10: ffffffc008cf3c20 x9 : ffffffcfb60c741c [ 807.989018] x8 : 000000000000000a x7 : 00000000ffffffc9 x6 : 0000000000000009 [ 807.989040] x5 : 000000000000002a x4 : 0000000000000000 x3 : ffffff800369f2e8 [ 807.989062] x2 : 000000000000e780 x1 : 0000000000000001 x0 : ffffff80d0588060 [ 807.989084] Call trace: [ 807.989091] set_fan_speed.part.5+0x34/0x80 [gpio_fan] [ 807.989113] gpio_fan_set_cur_state+0x34/0x50 [gpio_fan] [ 807.989199] cur_state_store+0x84/0xd0 [ 807.989221] dev_attr_store+0x20/0x38 [ 807.989262] sysfs_kf_write+0x4c/0x60 [ 807.989282] kernfs_fop_write_iter+0x130/0x1c0 [ 807.989298] new_sync_write+0x10c/0x190 [ 807.989315] vfs_write+0x254/0x378 [ 807.989362] ksys_write+0x70/0xf8 [ 807.989379] __arm64_sys_write+0x24/0x30 [ 807.989424] invoke_syscall+0x4c/0x110 [ 807.989442] el0_svc_common.constprop.3+0xfc/0x120 [ 807.989458] do_el0_svc+0x2c/0x90 [ 807.989473] el0_svc+0x24/0x60 [ 807.989544] el0t_64_sync_handler+0x90/0xb8 [ 807.989558] el0t_64_sync+0x1a0/0x1a4 [ 807.989579] Code: b9403801 f9402800 7100003f 8b35cc00 (b9400416) [ 807.989627] ---[ end t ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (gpio-fan) Fix array out of bounds access\n\nThe driver does not check if the cooling state passed to\ngpio_fan_set_cur_state() exceeds the maximum cooling state as\nstored in fan_data->num_speeds. Since the cooling state is later\nused as an array index in set_fan_speed(), an array out of bounds\naccess can occur.\nThis can be exploited by setting the state of the thermal cooling device\nto arbitrary values, causing for example a kernel oops when unavailable\nmemory is accessed this way.\n\nExample kernel oops:\n[ 807.987276] Unable to handle kernel paging request at virtual address ffffff80d0588064\n[ 807.987369] Mem abort info:\n[ 807.987398] ESR = 0x96000005\n[ 807.987428] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 807.987477] SET = 0, FnV = 0\n[ 807.987507] EA = 0, S1PTW = 0\n[ 807.987536] FSC = 0x05: level 1 translation fault\n[ 807.987570] Data abort info:\n[ 807.987763] ISV = 0, ISS = 0x00000005\n[ 807.987801] CM = 0, WnR = 0\n[ 807.987832] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000001165000\n[ 807.987872] [ffffff80d0588064] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[ 807.987961] Internal error: Oops: 96000005 [#1] PREEMPT SMP\n[ 807.987992] Modules linked in: cmac algif_hash aes_arm64 algif_skcipher af_alg bnep hci_uart btbcm bluetooth ecdh_generic ecc 8021q garp stp llc snd_soc_hdmi_codec brcmfmac vc4 brcmutil cec drm_kms_helper snd_soc_core cfg80211 snd_compress bcm2835_codec(C) snd_pcm_dmaengine syscopyarea bcm2835_isp(C) bcm2835_v4l2(C) sysfillrect v4l2_mem2mem bcm2835_mmal_vchiq(C) raspberrypi_hwmon sysimgblt videobuf2_dma_contig videobuf2_vmalloc fb_sys_fops videobuf2_memops rfkill videobuf2_v4l2 videobuf2_common i2c_bcm2835 snd_bcm2835(C) videodev snd_pcm snd_timer snd mc vc_sm_cma(C) gpio_fan uio_pdrv_genirq uio drm fuse drm_panel_orientation_quirks backlight ip_tables x_tables ipv6\n[ 807.988508] CPU: 0 PID: 1321 Comm: bash Tainted: G C 5.15.56-v8+ #1575\n[ 807.988548] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT)\n[ 807.988574] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 807.988608] pc : set_fan_speed.part.5+0x34/0x80 [gpio_fan]\n[ 807.988654] lr : gpio_fan_set_cur_state+0x34/0x50 [gpio_fan]\n[ 807.988691] sp : ffffffc008cf3bd0\n[ 807.988710] x29: ffffffc008cf3bd0 x28: ffffff80019edac0 x27: 0000000000000000\n[ 807.988762] x26: 0000000000000000 x25: 0000000000000000 x24: ffffff800747c920\n[ 807.988787] x23: 000000000000000a x22: ffffff800369f000 x21: 000000001999997c\n[ 807.988854] x20: ffffff800369f2e8 x19: ffffff8002ae8080 x18: 0000000000000000\n[ 807.988877] x17: 0000000000000000 x16: 0000000000000000 x15: 000000559e271b70\n[ 807.988938] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 807.988960] x11: 0000000000000000 x10: ffffffc008cf3c20 x9 : ffffffcfb60c741c\n[ 807.989018] x8 : 000000000000000a x7 : 00000000ffffffc9 x6 : 0000000000000009\n[ 807.989040] x5 : 000000000000002a x4 : 0000000000000000 x3 : ffffff800369f2e8\n[ 807.989062] x2 : 000000000000e780 x1 : 0000000000000001 x0 : ffffff80d0588060\n[ 807.989084] Call trace:\n[ 807.989091] set_fan_speed.part.5+0x34/0x80 [gpio_fan]\n[ 807.989113] gpio_fan_set_cur_state+0x34/0x50 [gpio_fan]\n[ 807.989199] cur_state_store+0x84/0xd0\n[ 807.989221] dev_attr_store+0x20/0x38\n[ 807.989262] sysfs_kf_write+0x4c/0x60\n[ 807.989282] kernfs_fop_write_iter+0x130/0x1c0\n[ 807.989298] new_sync_write+0x10c/0x190\n[ 807.989315] vfs_write+0x254/0x378\n[ 807.989362] ksys_write+0x70/0xf8\n[ 807.989379] __arm64_sys_write+0x24/0x30\n[ 807.989424] invoke_syscall+0x4c/0x110\n[ 807.989442] el0_svc_common.constprop.3+0xfc/0x120\n[ 807.989458] do_el0_svc+0x2c/0x90\n[ 807.989473] el0_svc+0x24/0x60\n[ 807.989544] el0t_64_sync_handler+0x90/0xb8\n[ 807.989558] el0t_64_sync+0x1a0/0x1a4\n[ 807.989579] Code: b9403801 f9402800 7100003f 8b35cc00 (b9400416)\n[ 807.989627] ---[ end t\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.12474

debian: CVE-2022-49945 was patched at 2025-06-17

314. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49948) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: vt: Clear selection before changing the font When changing the console font with ioctl(KDFONTOP) the new font size can be bigger than the previous font. A previous selection may thus now be outside of the new screen size and thus trigger out-of-bounds accesses to graphics memory if the selection is removed in vc_do_resize(). Prevent such out-of-memory accesses by dropping the selection before the various con_font_set() console handlers are called.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvt: Clear selection before changing the font\n\nWhen changing the console font with ioctl(KDFONTOP) the new font size\ncan be bigger than the previous font. A previous selection may thus now\nbe outside of the new screen size and thus trigger out-of-bounds\naccesses to graphics memory if the selection is removed in\nvc_do_resize().\n\nPrevent such out-of-memory accesses by dropping the selection before the\nvarious con_font_set() console handlers are called.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49948 was patched at 2025-06-17

315. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49956) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs _Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl() functions don't do anything except free the "pcmd" pointer. It results in a use after free. Delete them.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix use after free bugs\n\n_Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl()\nfunctions don't do anything except free the "pcmd" pointer. It\nresults in a use after free. Delete them.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49956 was patched at 2025-06-17

316. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49957) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: kcm: fix strp_init() order and cleanup strp_init() is called just a few lines above this csk->sk_user_data check, it also initializes strp->work etc., therefore, it is unnecessary to call strp_done() to cancel the freshly initialized work. And if sk_user_data is already used by KCM, psock->strp should not be touched, particularly strp->work state, so we need to move strp_init() after the csk->sk_user_data check. This also makes a lockdep warning reported by syzbot go away.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: fix strp_init() order and cleanup\n\nstrp_init() is called just a few lines above this csk->sk_user_data\ncheck, it also initializes strp->work etc., therefore, it is\nunnecessary to call strp_done() to cancel the freshly initialized\nwork.\n\nAnd if sk_user_data is already used by KCM, psock->strp should not be\ntouched, particularly strp->work state, so we need to move strp_init()\nafter the csk->sk_user_data check.\n\nThis also makes a lockdep warning reported by syzbot go away.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49957 was patched at 2025-06-17

317. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49961) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO Precision markers need to be propagated whenever we have an ARG_CONST_* style argument, as the verifier cannot consider imprecise scalars to be equivalent for the purposes of states_equal check when such arguments refine the return value (in this case, set mem_size for PTR_TO_MEM). The resultant mem_size for the R0 is derived from the constant value, and if the verifier incorrectly prunes states considering them equivalent where such arguments exist (by seeing that both registers have reg->precise as false in regsafe), we can end up with invalid programs passing the verifier which can do access beyond what should have been the correct mem_size in that explored state. To show a concrete example of the problem: 0000000000000000 <prog>: 0: r2 = *(u32 *)(r1 + 80) 1: r1 = *(u32 *)(r1 + 76) 2: r3 = r1 3: r3 += 4 4: if r3 > r2 goto +18 <LBB5_5> 5: w2 = 0 6: *(u32 *)(r1 + 0) = r2 7: r1 = *(u32 *)(r1 + 0) 8: r2 = 1 9: if w1 == 0 goto +1 <LBB5_3> 10: r2 = -1 0000000000000058 <LBB5_3>: 11: r1 = 0 ll 13: r3 = 0 14: call bpf_ringbuf_reserve 15: if r0 == 0 goto +7 <LBB5_5> 16: r1 = r0 17: r1 += 16777215 18: w2 = 0 19: *(u8 *)(r1 + 0) = r2 20: r1 = r0 21: r2 = 0 22: call bpf_ringbuf_submit 00000000000000b8 <LBB5_5>: 23: w0 = 0 24: exit For the first case, the single line execution's exploration will prune the search at insn 14 for the branch insn 9's second leg as it will be verified first using r2 = -1 (UINT_MAX), while as w1 at insn 9 will always be 0 so at runtime we don't get error for being greater than UINT_MAX/4 from bpf_ringbuf_reserve. The verifier during regsafe just sees reg->precise as false for both r2 registers in both states, hence considers them equal for purposes of states_equal. If we propagated precise markers using the backtracking support, we would use the precise marking to then ensure that old r2 (UINT_MAX) was within the new r2 (1) and this would never be true, so the verification would rightfully fail. The end result is that the out of bounds access at instruction 19 would be permitted without this fix. Note that reg->precise is always set to true when user does not have CAP_BPF (or when subprog count is greater than 1 (i.e. use of any static or global functions)), hence this is only a problem when precision marks need to be explicitly propagated (i.e. privileged users with CAP_BPF). A simplified test case has been included in the next patch to prevent future regressions.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO\n\nPrecision markers need to be propagated whenever we have an ARG_CONST_*\nstyle argument, as the verifier cannot consider imprecise scalars to be\nequivalent for the purposes of states_equal check when such arguments\nrefine the return value (in this case, set mem_size for PTR_TO_MEM). The\nresultant mem_size for the R0 is derived from the constant value, and if\nthe verifier incorrectly prunes states considering them equivalent where\nsuch arguments exist (by seeing that both registers have reg->precise as\nfalse in regsafe), we can end up with invalid programs passing the\nverifier which can do access beyond what should have been the correct\nmem_size in that explored state.\n\nTo show a concrete example of the problem:\n\n0000000000000000 <prog>:\n 0: r2 = *(u32 *)(r1 + 80)\n 1: r1 = *(u32 *)(r1 + 76)\n 2: r3 = r1\n 3: r3 += 4\n 4: if r3 > r2 goto +18 <LBB5_5>\n 5: w2 = 0\n 6: *(u32 *)(r1 + 0) = r2\n 7: r1 = *(u32 *)(r1 + 0)\n 8: r2 = 1\n 9: if w1 == 0 goto +1 <LBB5_3>\n 10: r2 = -1\n\n0000000000000058 <LBB5_3>:\n 11: r1 = 0 ll\n 13: r3 = 0\n 14: call bpf_ringbuf_reserve\n 15: if r0 == 0 goto +7 <LBB5_5>\n 16: r1 = r0\n 17: r1 += 16777215\n 18: w2 = 0\n 19: *(u8 *)(r1 + 0) = r2\n 20: r1 = r0\n 21: r2 = 0\n 22: call bpf_ringbuf_submit\n\n00000000000000b8 <LBB5_5>:\n 23: w0 = 0\n 24: exit\n\nFor the first case, the single line execution's exploration will prune\nthe search at insn 14 for the branch insn 9's second leg as it will be\nverified first using r2 = -1 (UINT_MAX), while as w1 at insn 9 will\nalways be 0 so at runtime we don't get error for being greater than\nUINT_MAX/4 from bpf_ringbuf_reserve. The verifier during regsafe just\nsees reg->precise as false for both r2 registers in both states, hence\nconsiders them equal for purposes of states_equal.\n\nIf we propagated precise markers using the backtracking support, we\nwould use the precise marking to then ensure that old r2 (UINT_MAX) was\nwithin the new r2 (1) and this would never be true, so the verification\nwould rightfully fail.\n\nThe end result is that the out of bounds access at instruction 19 would\nbe permitted without this fix.\n\nNote that reg->precise is always set to true when user does not have\nCAP_BPF (or when subprog count is greater than 1 (i.e. use of any static\nor global functions)), hence this is only a problem when precision marks\nneed to be explicitly propagated (i.e. privileged users with CAP_BPF).\n\nA simplified test case has been included in the next patch to prevent\nfuture regressions.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00025, EPSS Percentile is 0.05193

debian: CVE-2022-49961 was patched at 2025-06-17

318. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49964) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level Though acpi_find_last_cache_level() always returned signed value and the document states it will return any errors caused by lack of a PPTT table, it never returned negative values before. Commit 0c80f9e165f8 ("ACPI: PPTT: Leave the table mapped for the runtime usage") however changed it by returning -ENOENT if no PPTT was found. The value returned from acpi_find_last_cache_level() is then assigned to unsigned fw_level. It will result in the number of cache leaves calculated incorrectly as a huge value which will then cause the following warning from __alloc_pages as the order would be great than MAX_ORDER because of incorrect and huge cache leaves value. | WARNING: CPU: 0 PID: 1 at mm/page_alloc.c:5407 __alloc_pages+0x74/0x314 | Modules linked in: | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-10393-g7c2a8d3ac4c0 #73 | pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : __alloc_pages+0x74/0x314 | lr : alloc_pages+0xe8/0x318 | Call trace: | __alloc_pages+0x74/0x314 | alloc_pages+0xe8/0x318 | kmalloc_order_trace+0x68/0x1dc | __kmalloc+0x240/0x338 | detect_cache_attributes+0xe0/0x56c | update_siblings_masks+0x38/0x284 | store_cpu_topology+0x78/0x84 | smp_prepare_cpus+0x48/0x134 | kernel_init_freeable+0xc4/0x14c | kernel_init+0x2c/0x1b4 | ret_from_fork+0x10/0x20 Fix the same by changing fw_level to be signed integer and return the error from init_cache_level() early in case of error.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level\n\nThough acpi_find_last_cache_level() always returned signed value and the\ndocument states it will return any errors caused by lack of a PPTT table,\nit never returned negative values before.\n\nCommit 0c80f9e165f8 ("ACPI: PPTT: Leave the table mapped for the runtime usage")\nhowever changed it by returning -ENOENT if no PPTT was found. The value\nreturned from acpi_find_last_cache_level() is then assigned to unsigned\nfw_level.\n\nIt will result in the number of cache leaves calculated incorrectly as\na huge value which will then cause the following warning from __alloc_pages\nas the order would be great than MAX_ORDER because of incorrect and huge\ncache leaves value.\n\n | WARNING: CPU: 0 PID: 1 at mm/page_alloc.c:5407 __alloc_pages+0x74/0x314\n | Modules linked in:\n | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-10393-g7c2a8d3ac4c0 #73\n | pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n | pc : __alloc_pages+0x74/0x314\n | lr : alloc_pages+0xe8/0x318\n | Call trace:\n | __alloc_pages+0x74/0x314\n | alloc_pages+0xe8/0x318\n | kmalloc_order_trace+0x68/0x1dc\n | __kmalloc+0x240/0x338\n | detect_cache_attributes+0xe0/0x56c\n | update_siblings_masks+0x38/0x284\n | store_cpu_topology+0x78/0x84\n | smp_prepare_cpus+0x48/0x134\n | kernel_init_freeable+0xc4/0x14c\n | kernel_init+0x2c/0x1b4\n | ret_from_fork+0x10/0x20\n\nFix the same by changing fw_level to be signed integer and return the\nerror from init_cache_level() early in case of error.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49964 was patched at 2025-06-17

319. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49969) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: clear optc underflow before turn off odm clock [Why] After ODM clock off, optc underflow bit will be kept there always and clear not work. We need to clear that before clock off. [How] Clear that if have when clock off.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: clear optc underflow before turn off odm clock\n\n[Why]\nAfter ODM clock off, optc underflow bit will be kept there always and clear not work.\nWe need to clear that before clock off.\n\n[How]\nClear that if have when clock off.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49969 was patched at 2025-06-17

320. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49978) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: fbdev: fb_pm2fb: Avoid potential divide by zero error In `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be copied from user, then go through `fb_set_var()` and `info->fbops->fb_check_var()` which could may be `pm2fb_check_var()`. Along the path, `var->pixclock` won't be modified. This function checks whether reciprocal of `var->pixclock` is too high. If `var->pixclock` is zero, there will be a divide by zero error. So, it is necessary to check whether denominator is zero to avoid crash. As this bug is found by Syzkaller, logs are listed below. divide error in pm2fb_check_var Call Trace: <TASK> fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fb_pm2fb: Avoid potential divide by zero error\n\nIn `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be\ncopied from user, then go through `fb_set_var()` and\n`info->fbops->fb_check_var()` which could may be `pm2fb_check_var()`.\nAlong the path, `var->pixclock` won't be modified. This function checks\nwhether reciprocal of `var->pixclock` is too high. If `var->pixclock` is\nzero, there will be a divide by zero error. So, it is necessary to check\nwhether denominator is zero to avoid crash. As this bug is found by\nSyzkaller, logs are listed below.\n\ndivide error in pm2fb_check_var\nCall Trace:\n <TASK>\n fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49978 was patched at 2025-06-17

321. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49986) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq storvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as it doesn't need to make forward progress under memory pressure. Marking this workqueue as WQ_MEM_RECLAIM may cause deadlock while flushing a non-WQ_MEM_RECLAIM workqueue. In the current state it causes the following warning: [ 14.506347] ------------[ cut here ]------------ [ 14.506354] workqueue: WQ_MEM_RECLAIM storvsc_error_wq_0:storvsc_remove_lun is flushing !WQ_MEM_RECLAIM events_freezable_power_:disk_events_workfn [ 14.506360] WARNING: CPU: 0 PID: 8 at <-snip->kernel/workqueue.c:2623 check_flush_dependency+0xb5/0x130 [ 14.506390] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.4.0-1086-azure #91~18.04.1-Ubuntu [ 14.506391] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022 [ 14.506393] Workqueue: storvsc_error_wq_0 storvsc_remove_lun [ 14.506395] RIP: 0010:check_flush_dependency+0xb5/0x130 \t\t<-snip-> [ 14.506408] Call Trace: [ 14.506412] __flush_work+0xf1/0x1c0 [ 14.506414] __cancel_work_timer+0x12f/0x1b0 [ 14.506417] ? kernfs_put+0xf0/0x190 [ 14.506418] cancel_delayed_work_sync+0x13/0x20 [ 14.506420] disk_block_events+0x78/0x80 [ 14.506421] del_gendisk+0x3d/0x2f0 [ 14.506423] sr_remove+0x28/0x70 [ 14.506427] device_release_driver_internal+0xef/0x1c0 [ 14.506428] device_release_driver+0x12/0x20 [ 14.506429] bus_remove_device+0xe1/0x150 [ 14.506431] device_del+0x167/0x380 [ 14.506432] __scsi_remove_device+0x11d/0x150 [ 14.506433] scsi_remove_device+0x26/0x40 [ 14.506434] storvsc_remove_lun+0x40/0x60 [ 14.506436] process_one_work+0x209/0x400 [ 14.506437] worker_thread+0x34/0x400 [ 14.506439] kthread+0x121/0x140 [ 14.506440] ? process_one_work+0x400/0x400 [ 14.506441] ? kthread_park+0x90/0x90 [ 14.506443] ret_from_fork+0x35/0x40 [ 14.506445] ---[ end trace 2d9633159fdc6ee7 ]---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq\n\nstorvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as it\ndoesn't need to make forward progress under memory pressure. Marking this\nworkqueue as WQ_MEM_RECLAIM may cause deadlock while flushing a\nnon-WQ_MEM_RECLAIM workqueue. In the current state it causes the following\nwarning:\n\n[ 14.506347] ------------[ cut here ]------------\n[ 14.506354] workqueue: WQ_MEM_RECLAIM storvsc_error_wq_0:storvsc_remove_lun is flushing !WQ_MEM_RECLAIM events_freezable_power_:disk_events_workfn\n[ 14.506360] WARNING: CPU: 0 PID: 8 at <-snip->kernel/workqueue.c:2623 check_flush_dependency+0xb5/0x130\n[ 14.506390] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.4.0-1086-azure #91~18.04.1-Ubuntu\n[ 14.506391] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022\n[ 14.506393] Workqueue: storvsc_error_wq_0 storvsc_remove_lun\n[ 14.506395] RIP: 0010:check_flush_dependency+0xb5/0x130\n\t\t<-snip->\n[ 14.506408] Call Trace:\n[ 14.506412] __flush_work+0xf1/0x1c0\n[ 14.506414] __cancel_work_timer+0x12f/0x1b0\n[ 14.506417] ? kernfs_put+0xf0/0x190\n[ 14.506418] cancel_delayed_work_sync+0x13/0x20\n[ 14.506420] disk_block_events+0x78/0x80\n[ 14.506421] del_gendisk+0x3d/0x2f0\n[ 14.506423] sr_remove+0x28/0x70\n[ 14.506427] device_release_driver_internal+0xef/0x1c0\n[ 14.506428] device_release_driver+0x12/0x20\n[ 14.506429] bus_remove_device+0xe1/0x150\n[ 14.506431] device_del+0x167/0x380\n[ 14.506432] __scsi_remove_device+0x11d/0x150\n[ 14.506433] scsi_remove_device+0x26/0x40\n[ 14.506434] storvsc_remove_lun+0x40/0x60\n[ 14.506436] process_one_work+0x209/0x400\n[ 14.506437] worker_thread+0x34/0x400\n[ 14.506439] kthread+0x121/0x140\n[ 14.506440] ? process_one_work+0x400/0x400\n[ 14.506441] ? kthread_park+0x90/0x90\n[ 14.506443] ret_from_fork+0x35/0x40\n[ 14.506445] ---[ end trace 2d9633159fdc6ee7 ]---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49986 was patched at 2025-06-17

322. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49987) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: md: call __md_stop_writes in md_stop From the link [1], we can see raid1d was running even after the path raid_dtr -> md_stop -> __md_stop. Let's stop write first in destructor to align with normal md-raid to fix the KASAN issue. [1]. https://lore.kernel.org/linux-raid/CAPhsuW5gc4AakdGNdF8ubpezAuDLFOYUO_sfMZcec6hQFm8nhg@mail.gmail.com/T/#m7f12bf90481c02c6d2da68c64aeed4779b7df74a', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmd: call __md_stop_writes in md_stop\n\nFrom the link [1], we can see raid1d was running even after the path\nraid_dtr -> md_stop -> __md_stop.\n\nLet's stop write first in destructor to align with normal md-raid to\nfix the KASAN issue.\n\n[1]. https://lore.kernel.org/linux-raid/CAPhsuW5gc4AakdGNdF8ubpezAuDLFOYUO_sfMZcec6hQFm8nhg@mail.gmail.com/T/#m7f12bf90481c02c6d2da68c64aeed4779b7df74a', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49987 was patched at 2025-06-17

323. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49990) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: s390: fix double free of GS and RI CBs on fork() failure The pointers for guarded storage and runtime instrumentation control blocks are stored in the thread_struct of the associated task. These pointers are initially copied on fork() via arch_dup_task_struct() and then cleared via copy_thread() before fork() returns. If fork() happens to fail after the initial task dup and before copy_thread(), the newly allocated task and associated thread_struct memory are freed via free_task() -> arch_release_task_struct(). This results in a double free of the guarded storage and runtime info structs because the fields in the failed task still refer to memory associated with the source task. This problem can manifest as a BUG_ON() in set_freepointer() (with CONFIG_SLAB_FREELIST_HARDENED enabled) or KASAN splat (if enabled) when running trinity syscall fuzz tests on s390x. To avoid this problem, clear the associated pointer fields in arch_dup_task_struct() immediately after the new task is copied. Note that the RI flag is still cleared in copy_thread() because it resides in thread stack memory and that is where stack info is copied.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390: fix double free of GS and RI CBs on fork() failure\n\nThe pointers for guarded storage and runtime instrumentation control\nblocks are stored in the thread_struct of the associated task. These\npointers are initially copied on fork() via arch_dup_task_struct()\nand then cleared via copy_thread() before fork() returns. If fork()\nhappens to fail after the initial task dup and before copy_thread(),\nthe newly allocated task and associated thread_struct memory are\nfreed via free_task() -> arch_release_task_struct(). This results in\na double free of the guarded storage and runtime info structs\nbecause the fields in the failed task still refer to memory\nassociated with the source task.\n\nThis problem can manifest as a BUG_ON() in set_freepointer() (with\nCONFIG_SLAB_FREELIST_HARDENED enabled) or KASAN splat (if enabled)\nwhen running trinity syscall fuzz tests on s390x. To avoid this\nproblem, clear the associated pointer fields in\narch_dup_task_struct() immediately after the new task is copied.\nNote that the RI flag is still cleared in copy_thread() because it\nresides in thread stack memory and that is where stack info is\ncopied.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49990 was patched at 2025-06-17

324. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49993) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop The userspace can configure a loop using an ioctl call, wherein a configuration of type loop_config is passed (see lo_ioctl()'s case on line 1550 of drivers/block/loop.c). This proceeds to call loop_configure() which in turn calls loop_set_status_from_info() (see line 1050 of loop.c), passing &config->info which is of type loop_info64*. This function then sets the appropriate values, like the offset. loop_device has lo_offset of type loff_t (see line 52 of loop.c), which is typdef-chained to long long, whereas loop_info64 has lo_offset of type __u64 (see line 56 of include/uapi/linux/loop.h). The function directly copies offset from info to the device as follows (See line 980 of loop.c): \tlo->lo_offset = info->lo_offset; This results in an overflow, which triggers a warning in iomap_iter() due to a call to iomap_iter_done() which has: \tWARN_ON_ONCE(iter->iomap.offset > iter->pos); Thus, check for negative value during loop_set_status_from_info(). Bug report: https://syzkaller.appspot.com/bug?id=c620fe14aac810396d3c3edc9ad73848bf69a29e', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nloop: Check for overflow while configuring loop\n\nThe userspace can configure a loop using an ioctl call, wherein\na configuration of type loop_config is passed (see lo_ioctl()'s\ncase on line 1550 of drivers/block/loop.c). This proceeds to call\nloop_configure() which in turn calls loop_set_status_from_info()\n(see line 1050 of loop.c), passing &config->info which is of type\nloop_info64*. This function then sets the appropriate values, like\nthe offset.\n\nloop_device has lo_offset of type loff_t (see line 52 of loop.c),\nwhich is typdef-chained to long long, whereas loop_info64 has\nlo_offset of type __u64 (see line 56 of include/uapi/linux/loop.h).\n\nThe function directly copies offset from info to the device as\nfollows (See line 980 of loop.c):\n\tlo->lo_offset = info->lo_offset;\n\nThis results in an overflow, which triggers a warning in iomap_iter()\ndue to a call to iomap_iter_done() which has:\n\tWARN_ON_ONCE(iter->iomap.offset > iter->pos);\n\nThus, check for negative value during loop_set_status_from_info().\n\nBug report: https://syzkaller.appspot.com/bug?id=c620fe14aac810396d3c3edc9ad73848bf69a29e', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-49993 was patched at 2025-06-17

325. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50001) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tproxy: restrict to prerouting hook TPROXY is only allowed from prerouting, but nft_tproxy doesn't check this. This fixes a crash (null dereference) when using tproxy from e.g. output.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_tproxy: restrict to prerouting hook\n\nTPROXY is only allowed from prerouting, but nft_tproxy doesn't check this.\nThis fixes a crash (null dereference) when using tproxy from e.g. output.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50001 was patched at 2025-06-17

326. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50007) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: xfrm: fix refcount leak in __xfrm_policy_check() The issue happens on an error path in __xfrm_policy_check(). When the fetching process of the object `pols[1]` fails, the function simply returns 0, forgetting to decrement the reference count of `pols[0]`, which is incremented earlier by either xfrm_sk_policy_lookup() or xfrm_policy_lookup(). This may result in memory leaks. Fix it by decreasing the reference count of `pols[0]` in that path.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: fix refcount leak in __xfrm_policy_check()\n\nThe issue happens on an error path in __xfrm_policy_check(). When the\nfetching process of the object `pols[1]` fails, the function simply\nreturns 0, forgetting to decrement the reference count of `pols[0]`,\nwhich is incremented earlier by either xfrm_sk_policy_lookup() or\nxfrm_policy_lookup(). This may result in memory leaks.\n\nFix it by decreasing the reference count of `pols[0]` in that path.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50007 was patched at 2025-06-17

327. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50008) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: kprobes: don't call disarm_kprobe() for disabled kprobes The assumption in __disable_kprobe() is wrong, and it could try to disarm an already disarmed kprobe and fire the WARN_ONCE() below. [0] We can easily reproduce this issue. 1. Write 0 to /sys/kernel/debug/kprobes/enabled. # echo 0 > /sys/kernel/debug/kprobes/enabled 2. Run execsnoop. At this time, one kprobe is disabled. # /usr/share/bcc/tools/execsnoop & [1] 2460 PCOMM PID PPID RET ARGS # cat /sys/kernel/debug/kprobes/list ffffffff91345650 r __x64_sys_execve+0x0 [FTRACE] ffffffff91345650 k __x64_sys_execve+0x0 [DISABLED][FTRACE] 3. Write 1 to /sys/kernel/debug/kprobes/enabled, which changes kprobes_all_disarmed to false but does not arm the disabled kprobe. # echo 1 > /sys/kernel/debug/kprobes/enabled # cat /sys/kernel/debug/kprobes/list ffffffff91345650 r __x64_sys_execve+0x0 [FTRACE] ffffffff91345650 k __x64_sys_execve+0x0 [DISABLED][FTRACE] 4. Kill execsnoop, when __disable_kprobe() calls disarm_kprobe() for the disabled kprobe and hits the WARN_ONCE() in __disarm_kprobe_ftrace(). # fg /usr/share/bcc/tools/execsnoop ^C Actually, WARN_ONCE() is fired twice, and __unregister_kprobe_top() misses some cleanups and leaves the aggregated kprobe in the hash table. Then, __unregister_trace_kprobe() initialises tk->rp.kp.list and creates an infinite loop like this. aggregated kprobe.list -> kprobe.list -. ^ | '.__.' In this situation, these commands fall into the infinite loop and result in RCU stall or soft lockup. cat /sys/kernel/debug/kprobes/list : show_kprobe_addr() enters into the infinite loop with RCU. /usr/share/bcc/tools/execsnoop : warn_kprobe_rereg() holds kprobe_mutex, and __get_valid_kprobe() is stuck in \t\t\t\t the loop. To avoid the issue, make sure we don't call disarm_kprobe() for disabled kprobes. [0] Failed to disarm kprobe-ftrace at __x64_sys_execve+0x0/0x40 (error -2) WARNING: CPU: 6 PID: 2460 at kernel/kprobes.c:1130 __disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129) Modules linked in: ena CPU: 6 PID: 2460 Comm: execsnoop Not tainted 5.19.0+ #28 Hardware name: Amazon EC2 c5.2xlarge/, BIOS 1.0 10/16/2017 RIP: 0010:__disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129) Code: 24 8b 02 eb c1 80 3d c4 83 f2 01 00 75 d4 48 8b 75 00 89 c2 48 c7 c7 90 fa 0f 92 89 04 24 c6 05 ab 83 01 e8 e4 94 f0 ff <0f> 0b 8b 04 24 eb b1 89 c6 48 c7 c7 60 fa 0f 92 89 04 24 e8 cc 94 RSP: 0018:ffff9e6ec154bd98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffffffff930f7b00 RCX: 0000000000000001 RDX: 0000000080000001 RSI: ffffffff921461c5 RDI: 00000000ffffffff RBP: ffff89c504286da8 R08: 0000000000000000 R09: c0000000fffeffff R10: 0000000000000000 R11: ffff9e6ec154bc28 R12: ffff89c502394e40 R13: ffff89c502394c00 R14: ffff9e6ec154bc00 R15: 0000000000000000 FS: 00007fe800398740(0000) GS:ffff89c812d80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c00057f010 CR3: 0000000103b54006 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> __disable_kprobe (kernel/kprobes.c:1716) disable_kprobe (kernel/kprobes.c:2392) __disable_trace_kprobe (kernel/trace/trace_kprobe.c:340) disable_trace_kprobe (kernel/trace/trace_kprobe.c:429) perf_trace_event_unreg.isra.2 (./include/linux/tracepoint.h:93 kernel/trace/trace_event_perf.c:168) perf_kprobe_destroy (kernel/trace/trace_event_perf.c:295) _free_event (kernel/events/core.c:4971) perf_event_release_kernel (kernel/events/core.c:5176) perf_release (kernel/events/core.c:5186) __fput (fs/file_table.c:321) task_work_run (./include/linux/ ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes: don't call disarm_kprobe() for disabled kprobes\n\nThe assumption in __disable_kprobe() is wrong, and it could try to disarm\nan already disarmed kprobe and fire the WARN_ONCE() below. [0] We can\neasily reproduce this issue.\n\n1. Write 0 to /sys/kernel/debug/kprobes/enabled.\n\n # echo 0 > /sys/kernel/debug/kprobes/enabled\n\n2. Run execsnoop. At this time, one kprobe is disabled.\n\n # /usr/share/bcc/tools/execsnoop &\n [1] 2460\n PCOMM PID PPID RET ARGS\n\n # cat /sys/kernel/debug/kprobes/list\n ffffffff91345650 r __x64_sys_execve+0x0 [FTRACE]\n ffffffff91345650 k __x64_sys_execve+0x0 [DISABLED][FTRACE]\n\n3. Write 1 to /sys/kernel/debug/kprobes/enabled, which changes\n kprobes_all_disarmed to false but does not arm the disabled kprobe.\n\n # echo 1 > /sys/kernel/debug/kprobes/enabled\n\n # cat /sys/kernel/debug/kprobes/list\n ffffffff91345650 r __x64_sys_execve+0x0 [FTRACE]\n ffffffff91345650 k __x64_sys_execve+0x0 [DISABLED][FTRACE]\n\n4. Kill execsnoop, when __disable_kprobe() calls disarm_kprobe() for the\n disabled kprobe and hits the WARN_ONCE() in __disarm_kprobe_ftrace().\n\n # fg\n /usr/share/bcc/tools/execsnoop\n ^C\n\nActually, WARN_ONCE() is fired twice, and __unregister_kprobe_top() misses\nsome cleanups and leaves the aggregated kprobe in the hash table. Then,\n__unregister_trace_kprobe() initialises tk->rp.kp.list and creates an\ninfinite loop like this.\n\n aggregated kprobe.list -> kprobe.list -.\n ^ |\n '.__.'\n\nIn this situation, these commands fall into the infinite loop and result\nin RCU stall or soft lockup.\n\n cat /sys/kernel/debug/kprobes/list : show_kprobe_addr() enters into the\n infinite loop with RCU.\n\n /usr/share/bcc/tools/execsnoop : warn_kprobe_rereg() holds kprobe_mutex,\n and __get_valid_kprobe() is stuck in\n\t\t\t\t the loop.\n\nTo avoid the issue, make sure we don't call disarm_kprobe() for disabled\nkprobes.\n\n[0]\nFailed to disarm kprobe-ftrace at __x64_sys_execve+0x0/0x40 (error -2)\nWARNING: CPU: 6 PID: 2460 at kernel/kprobes.c:1130 __disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129)\nModules linked in: ena\nCPU: 6 PID: 2460 Comm: execsnoop Not tainted 5.19.0+ #28\nHardware name: Amazon EC2 c5.2xlarge/, BIOS 1.0 10/16/2017\nRIP: 0010:__disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129)\nCode: 24 8b 02 eb c1 80 3d c4 83 f2 01 00 75 d4 48 8b 75 00 89 c2 48 c7 c7 90 fa 0f 92 89 04 24 c6 05 ab 83 01 e8 e4 94 f0 ff <0f> 0b 8b 04 24 eb b1 89 c6 48 c7 c7 60 fa 0f 92 89 04 24 e8 cc 94\nRSP: 0018:ffff9e6ec154bd98 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff930f7b00 RCX: 0000000000000001\nRDX: 0000000080000001 RSI: ffffffff921461c5 RDI: 00000000ffffffff\nRBP: ffff89c504286da8 R08: 0000000000000000 R09: c0000000fffeffff\nR10: 0000000000000000 R11: ffff9e6ec154bc28 R12: ffff89c502394e40\nR13: ffff89c502394c00 R14: ffff9e6ec154bc00 R15: 0000000000000000\nFS: 00007fe800398740(0000) GS:ffff89c812d80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000c00057f010 CR3: 0000000103b54006 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n<TASK>\n __disable_kprobe (kernel/kprobes.c:1716)\n disable_kprobe (kernel/kprobes.c:2392)\n __disable_trace_kprobe (kernel/trace/trace_kprobe.c:340)\n disable_trace_kprobe (kernel/trace/trace_kprobe.c:429)\n perf_trace_event_unreg.isra.2 (./include/linux/tracepoint.h:93 kernel/trace/trace_event_perf.c:168)\n perf_kprobe_destroy (kernel/trace/trace_event_perf.c:295)\n _free_event (kernel/events/core.c:4971)\n perf_event_release_kernel (kernel/events/core.c:5176)\n perf_release (kernel/events/core.c:5186)\n __fput (fs/file_table.c:321)\n task_work_run (./include/linux/\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50008 was patched at 2025-06-17

328. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50010) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: video: fbdev: i740fb: Check the argument of i740_calc_vclk() Since the user can control the arguments of the ioctl() from the user space, under special arguments that may result in a divide-by-zero bug. If the user provides an improper 'pixclock' value that makes the argumet of i740_calc_vclk() less than 'I740_RFREQ_FIX', it will cause a divide-by-zero bug in: drivers/video/fbdev/i740fb.c:353 p_best = min(15, ilog2(I740_MAX_VCO_FREQ / (freq / I740_RFREQ_FIX))); The following log can reveal it: divide error: 0000 [#1] PREEMPT SMP KASAN PTI RIP: 0010:i740_calc_vclk drivers/video/fbdev/i740fb.c:353 [inline] RIP: 0010:i740fb_decode_var drivers/video/fbdev/i740fb.c:646 [inline] RIP: 0010:i740fb_set_par+0x163f/0x3b70 drivers/video/fbdev/i740fb.c:742 Call Trace: fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189 Fix this by checking the argument of i740_calc_vclk() first.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: i740fb: Check the argument of i740_calc_vclk()\n\nSince the user can control the arguments of the ioctl() from the user\nspace, under special arguments that may result in a divide-by-zero bug.\n\nIf the user provides an improper 'pixclock' value that makes the argumet\nof i740_calc_vclk() less than 'I740_RFREQ_FIX', it will cause a\ndivide-by-zero bug in:\n drivers/video/fbdev/i740fb.c:353 p_best = min(15, ilog2(I740_MAX_VCO_FREQ / (freq / I740_RFREQ_FIX)));\n\nThe following log can reveal it:\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN PTI\nRIP: 0010:i740_calc_vclk drivers/video/fbdev/i740fb.c:353 [inline]\nRIP: 0010:i740fb_decode_var drivers/video/fbdev/i740fb.c:646 [inline]\nRIP: 0010:i740fb_set_par+0x163f/0x3b70 drivers/video/fbdev/i740fb.c:742\nCall Trace:\n fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189\n\nFix this by checking the argument of i740_calc_vclk() first.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50010 was patched at 2025-06-17

329. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50012) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parse_early_param() On 64-bit, calling jump_label_init() in setup_feature_keys() is too late because static keys may be used in subroutines of parse_early_param() which is again subroutine of early_init_devtree(). For example booting with "threadirqs": static_key_enable_cpuslocked(): static key '0xc000000002953260' used before call to jump_label_init() WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xfc/0x120 ... NIP static_key_enable_cpuslocked+0xfc/0x120 LR static_key_enable_cpuslocked+0xf8/0x120 Call Trace: static_key_enable_cpuslocked+0xf8/0x120 (unreliable) static_key_enable+0x30/0x50 setup_forced_irqthreads+0x28/0x40 do_early_param+0xa0/0x108 parse_args+0x290/0x4e0 parse_early_options+0x48/0x5c parse_early_param+0x58/0x84 early_init_devtree+0xd4/0x518 early_setup+0xb4/0x214 So call jump_label_init() just before parse_early_param() in early_init_devtree(). [mpe: Add call trace to change log and minor wording edits.]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64: Init jump labels before parse_early_param()\n\nOn 64-bit, calling jump_label_init() in setup_feature_keys() is too\nlate because static keys may be used in subroutines of\nparse_early_param() which is again subroutine of early_init_devtree().\n\nFor example booting with "threadirqs":\n\n static_key_enable_cpuslocked(): static key '0xc000000002953260' used before call to jump_label_init()\n WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xfc/0x120\n ...\n NIP static_key_enable_cpuslocked+0xfc/0x120\n LR static_key_enable_cpuslocked+0xf8/0x120\n Call Trace:\n static_key_enable_cpuslocked+0xf8/0x120 (unreliable)\n static_key_enable+0x30/0x50\n setup_forced_irqthreads+0x28/0x40\n do_early_param+0xa0/0x108\n parse_args+0x290/0x4e0\n parse_early_options+0x48/0x5c\n parse_early_param+0x58/0x84\n early_init_devtree+0xd4/0x518\n early_setup+0xb4/0x214\n\nSo call jump_label_init() just before parse_early_param() in\nearly_init_devtree().\n\n[mpe: Add call trace to change log and minor wording edits.]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50012 was patched at 2025-06-17

330. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50013) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() As Dipanjan Das <mail.dipanjan.das@gmail.com> reported, syzkaller found a f2fs bug as below: RIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295 Call Trace: write_all_xattrs fs/f2fs/xattr.c:487 [inline] __f2fs_setxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743 f2fs_setxattr+0x233/0xab0 fs/f2fs/xattr.c:790 f2fs_xattr_generic_set+0x133/0x170 fs/f2fs/xattr.c:86 __vfs_setxattr+0x115/0x180 fs/xattr.c:182 __vfs_setxattr_noperm+0x125/0x5f0 fs/xattr.c:216 __vfs_setxattr_locked+0x1cf/0x260 fs/xattr.c:277 vfs_setxattr+0x13f/0x330 fs/xattr.c:303 setxattr+0x146/0x160 fs/xattr.c:611 path_setxattr+0x1a7/0x1d0 fs/xattr.c:630 __do_sys_lsetxattr fs/xattr.c:653 [inline] __se_sys_lsetxattr fs/xattr.c:649 [inline] __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:649 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 NAT entry and nat bitmap can be inconsistent, e.g. one nid is free in nat bitmap, and blkaddr in its NAT entry is not NULL_ADDR, it may trigger BUG_ON() in f2fs_new_node_page(), fix it.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()\n\nAs Dipanjan Das <mail.dipanjan.das@gmail.com> reported, syzkaller\nfound a f2fs bug as below:\n\nRIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295\nCall Trace:\n write_all_xattrs fs/f2fs/xattr.c:487 [inline]\n __f2fs_setxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743\n f2fs_setxattr+0x233/0xab0 fs/f2fs/xattr.c:790\n f2fs_xattr_generic_set+0x133/0x170 fs/f2fs/xattr.c:86\n __vfs_setxattr+0x115/0x180 fs/xattr.c:182\n __vfs_setxattr_noperm+0x125/0x5f0 fs/xattr.c:216\n __vfs_setxattr_locked+0x1cf/0x260 fs/xattr.c:277\n vfs_setxattr+0x13f/0x330 fs/xattr.c:303\n setxattr+0x146/0x160 fs/xattr.c:611\n path_setxattr+0x1a7/0x1d0 fs/xattr.c:630\n __do_sys_lsetxattr fs/xattr.c:653 [inline]\n __se_sys_lsetxattr fs/xattr.c:649 [inline]\n __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:649\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nNAT entry and nat bitmap can be inconsistent, e.g. one nid is free\nin nat bitmap, and blkaddr in its NAT entry is not NULL_ADDR, it\nmay trigger BUG_ON() in f2fs_new_node_page(), fix it.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50013 was patched at 2025-06-17

331. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50017) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start We should call of_node_put() for the reference 'uctl_node' returned by of_get_parent() which will increase the refcount. Otherwise, there will be a refcount leak bug.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start\n\nWe should call of_node_put() for the reference 'uctl_node' returned by\nof_get_parent() which will increase the refcount. Otherwise, there will\nbe a refcount leak bug.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50017 was patched at 2025-06-17

332. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50019) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: tty: serial: Fix refcount leak bug in ucc_uart.c In soc_info(), of_find_node_by_type() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: Fix refcount leak bug in ucc_uart.c\n\nIn soc_info(), of_find_node_by_type() will return a node pointer\nwith refcount incremented. We should use of_node_put() when it is\nnot used anymore.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50019 was patched at 2025-06-17

333. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50020) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ext4: avoid resizing to a partial cluster size This patch avoids an attempt to resize the filesystem to an unaligned cluster boundary. An online resize to a size that is not integral to cluster size results in the last iteration attempting to grow the fs by a negative amount, which trips a BUG_ON and leaves the fs with a corrupted in-memory superblock.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid resizing to a partial cluster size\n\nThis patch avoids an attempt to resize the filesystem to an\nunaligned cluster boundary. An online resize to a size that is not\nintegral to cluster size results in the last iteration attempting to\ngrow the fs by a negative amount, which trips a BUG_ON and leaves the fs\nwith a corrupted in-memory superblock.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50020 was patched at 2025-06-17

334. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50028) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: gadgetfs: ep_io - wait until IRQ finishes after usb_ep_queue() if wait_for_completion_interruptible() is interrupted we need to wait until IRQ gets finished. Otherwise complete() from epio_complete() can corrupt stack.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngadgetfs: ep_io - wait until IRQ finishes\n\nafter usb_ep_queue() if wait_for_completion_interruptible() is\ninterrupted we need to wait until IRQ gets finished.\n\nOtherwise complete() from epio_complete() can corrupt stack.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50028 was patched at 2025-06-17

335. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50029) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ipq8074: dont disable gcc_sleep_clk_src Once the usb sleep clocks are disabled, clock framework is trying to disable the sleep clock source also. However, it seems that it cannot be disabled and trying to do so produces: [ 245.436390] ------------[ cut here ]------------ [ 245.441233] gcc_sleep_clk_src status stuck at 'on' [ 245.441254] WARNING: CPU: 2 PID: 223 at clk_branch_wait+0x130/0x140 [ 245.450435] Modules linked in: xhci_plat_hcd xhci_hcd dwc3 dwc3_qcom leds_gpio [ 245.456601] CPU: 2 PID: 223 Comm: sh Not tainted 5.18.0-rc4 #215 [ 245.463889] Hardware name: Xiaomi AX9000 (DT) [ 245.470050] pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 245.474307] pc : clk_branch_wait+0x130/0x140 [ 245.481073] lr : clk_branch_wait+0x130/0x140 [ 245.485588] sp : ffffffc009f2bad0 [ 245.489838] x29: ffffffc009f2bad0 x28: ffffff8003e6c800 x27: 0000000000000000 [ 245.493057] x26: 0000000000000000 x25: 0000000000000000 x24: ffffff800226ef20 [ 245.500175] x23: ffffffc0089ff550 x22: 0000000000000000 x21: ffffffc008476ad0 [ 245.507294] x20: 0000000000000000 x19: ffffffc00965ac70 x18: fffffffffffc51a7 [ 245.514413] x17: 68702e3030303837 x16: 3a6d726f6674616c x15: ffffffc089f2b777 [ 245.521531] x14: ffffffc0095c9d18 x13: 0000000000000129 x12: 0000000000000129 [ 245.528649] x11: 00000000ffffffea x10: ffffffc009621d18 x9 : 0000000000000001 [ 245.535767] x8 : 0000000000000001 x7 : 0000000000017fe8 x6 : 0000000000000001 [ 245.542885] x5 : ffffff803fdca6d8 x4 : 0000000000000000 x3 : 0000000000000027 [ 245.550002] x2 : 0000000000000027 x1 : 0000000000000023 x0 : 0000000000000026 [ 245.557122] Call trace: [ 245.564229] clk_branch_wait+0x130/0x140 [ 245.566490] clk_branch2_disable+0x2c/0x40 [ 245.570656] clk_core_disable+0x60/0xb0 [ 245.574561] clk_core_disable+0x68/0xb0 [ 245.578293] clk_disable+0x30/0x50 [ 245.582113] dwc3_qcom_remove+0x60/0xc0 [dwc3_qcom] [ 245.585588] platform_remove+0x28/0x60 [ 245.590361] device_remove+0x4c/0x80 [ 245.594179] device_release_driver_internal+0x1dc/0x230 [ 245.597914] device_driver_detach+0x18/0x30 [ 245.602861] unbind_store+0xec/0x110 [ 245.607027] drv_attr_store+0x24/0x40 [ 245.610847] sysfs_kf_write+0x44/0x60 [ 245.614405] kernfs_fop_write_iter+0x128/0x1c0 [ 245.618052] new_sync_write+0xc0/0x130 [ 245.622391] vfs_write+0x1d4/0x2a0 [ 245.626123] ksys_write+0x58/0xe0 [ 245.629508] __arm64_sys_write+0x1c/0x30 [ 245.632895] invoke_syscall.constprop.0+0x5c/0x110 [ 245.636890] do_el0_svc+0xa0/0x150 [ 245.641488] el0_svc+0x18/0x60 [ 245.644872] el0t_64_sync_handler+0xa4/0x130 [ 245.647914] el0t_64_sync+0x174/0x178 [ 245.652340] ---[ end trace 0000000000000000 ]--- So, add CLK_IS_CRITICAL flag to the clock so that the kernel won't try to disable the sleep clock.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: ipq8074: dont disable gcc_sleep_clk_src\n\nOnce the usb sleep clocks are disabled, clock framework is trying to\ndisable the sleep clock source also.\n\nHowever, it seems that it cannot be disabled and trying to do so produces:\n[ 245.436390] ------------[ cut here ]------------\n[ 245.441233] gcc_sleep_clk_src status stuck at 'on'\n[ 245.441254] WARNING: CPU: 2 PID: 223 at clk_branch_wait+0x130/0x140\n[ 245.450435] Modules linked in: xhci_plat_hcd xhci_hcd dwc3 dwc3_qcom leds_gpio\n[ 245.456601] CPU: 2 PID: 223 Comm: sh Not tainted 5.18.0-rc4 #215\n[ 245.463889] Hardware name: Xiaomi AX9000 (DT)\n[ 245.470050] pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 245.474307] pc : clk_branch_wait+0x130/0x140\n[ 245.481073] lr : clk_branch_wait+0x130/0x140\n[ 245.485588] sp : ffffffc009f2bad0\n[ 245.489838] x29: ffffffc009f2bad0 x28: ffffff8003e6c800 x27: 0000000000000000\n[ 245.493057] x26: 0000000000000000 x25: 0000000000000000 x24: ffffff800226ef20\n[ 245.500175] x23: ffffffc0089ff550 x22: 0000000000000000 x21: ffffffc008476ad0\n[ 245.507294] x20: 0000000000000000 x19: ffffffc00965ac70 x18: fffffffffffc51a7\n[ 245.514413] x17: 68702e3030303837 x16: 3a6d726f6674616c x15: ffffffc089f2b777\n[ 245.521531] x14: ffffffc0095c9d18 x13: 0000000000000129 x12: 0000000000000129\n[ 245.528649] x11: 00000000ffffffea x10: ffffffc009621d18 x9 : 0000000000000001\n[ 245.535767] x8 : 0000000000000001 x7 : 0000000000017fe8 x6 : 0000000000000001\n[ 245.542885] x5 : ffffff803fdca6d8 x4 : 0000000000000000 x3 : 0000000000000027\n[ 245.550002] x2 : 0000000000000027 x1 : 0000000000000023 x0 : 0000000000000026\n[ 245.557122] Call trace:\n[ 245.564229] clk_branch_wait+0x130/0x140\n[ 245.566490] clk_branch2_disable+0x2c/0x40\n[ 245.570656] clk_core_disable+0x60/0xb0\n[ 245.574561] clk_core_disable+0x68/0xb0\n[ 245.578293] clk_disable+0x30/0x50\n[ 245.582113] dwc3_qcom_remove+0x60/0xc0 [dwc3_qcom]\n[ 245.585588] platform_remove+0x28/0x60\n[ 245.590361] device_remove+0x4c/0x80\n[ 245.594179] device_release_driver_internal+0x1dc/0x230\n[ 245.597914] device_driver_detach+0x18/0x30\n[ 245.602861] unbind_store+0xec/0x110\n[ 245.607027] drv_attr_store+0x24/0x40\n[ 245.610847] sysfs_kf_write+0x44/0x60\n[ 245.614405] kernfs_fop_write_iter+0x128/0x1c0\n[ 245.618052] new_sync_write+0xc0/0x130\n[ 245.622391] vfs_write+0x1d4/0x2a0\n[ 245.626123] ksys_write+0x58/0xe0\n[ 245.629508] __arm64_sys_write+0x1c/0x30\n[ 245.632895] invoke_syscall.constprop.0+0x5c/0x110\n[ 245.636890] do_el0_svc+0xa0/0x150\n[ 245.641488] el0_svc+0x18/0x60\n[ 245.644872] el0t_64_sync_handler+0xa4/0x130\n[ 245.647914] el0t_64_sync+0x174/0x178\n[ 245.652340] ---[ end trace 0000000000000000 ]---\n\nSo, add CLK_IS_CRITICAL flag to the clock so that the kernel won't try\nto disable the sleep clock.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50029 was patched at 2025-06-17

336. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50032) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fix refcount leak bug In usbhs_rza1_hardware_init(), of_find_node_by_name() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: renesas: Fix refcount leak bug\n\nIn usbhs_rza1_hardware_init(), of_find_node_by_name() will return\na node pointer with refcount incremented. We should use of_node_put()\nwhen it is not used anymore.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50032 was patched at 2025-06-17

337. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50033) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: host: ohci-ppc-of: Fix refcount leak bug\n\nIn ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return\na node pointer with refcount incremented. We should use of_node_put()\nwhen it is not used anymore.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50033 was patched at 2025-06-17

338. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50038) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() In this function, there are two refcount leak bugs: (1) when breaking out of for_each_endpoint_of_node(), we need call the of_node_put() for the 'ep'; (2) we should call of_node_put() for the reference returned by of_graph_get_remote_port() when it is not used anymore.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()\n\nIn this function, there are two refcount leak bugs:\n(1) when breaking out of for_each_endpoint_of_node(), we need call\nthe of_node_put() for the 'ep';\n(2) we should call of_node_put() for the reference returned by\nof_graph_get_remote_port() when it is not used anymore.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50038 was patched at 2025-06-17

339. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50045) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: powerpc/pci: Fix get_phb_number() locking The recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEP warning on some systems: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 1 lock held by swapper/1: #0: c157efb0 (hose_spinlock){+.+.}-{2:2}, at: pcibios_alloc_controller+0x64/0x220 Preemption disabled at: [<00000000>] 0x0 CPU: 0 PID: 1 Comm: swapper Not tainted 5.19.0-yocto-standard+ #1 Call Trace: [d101dc90] [c073b264] dump_stack_lvl+0x50/0x8c (unreliable) [d101dcb0] [c0093b70] __might_resched+0x258/0x2a8 [d101dcd0] [c0d3e634] __mutex_lock+0x6c/0x6ec [d101dd50] [c0a84174] of_alias_get_id+0x50/0xf4 [d101dd80] [c002ec78] pcibios_alloc_controller+0x1b8/0x220 [d101ddd0] [c140c9dc] pmac_pci_init+0x198/0x784 [d101de50] [c140852c] discover_phbs+0x30/0x4c [d101de60] [c0007fd4] do_one_initcall+0x94/0x344 [d101ded0] [c1403b40] kernel_init_freeable+0x1a8/0x22c [d101df10] [c00086e0] kernel_init+0x34/0x160 [d101df30] [c001b334] ret_from_kernel_thread+0x5c/0x64 This is because pcibios_alloc_controller() holds hose_spinlock but of_alias_get_id() takes of_mutex which can sleep. The hose_spinlock protects the phb_bitmap, and also the hose_list, but it doesn't need to be held while get_phb_number() calls the OF routines, because those are only looking up information in the device tree. So fix it by having get_phb_number() take the hose_spinlock itself, only where required, and then dropping the lock before returning. pcibios_alloc_controller() then needs to take the lock again before the list_add() but that's safe, the order of the list is not important.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pci: Fix get_phb_number() locking\n\nThe recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEP\nwarning on some systems:\n\n BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n 1 lock held by swapper/1:\n #0: c157efb0 (hose_spinlock){+.+.}-{2:2}, at: pcibios_alloc_controller+0x64/0x220\n Preemption disabled at:\n [<00000000>] 0x0\n CPU: 0 PID: 1 Comm: swapper Not tainted 5.19.0-yocto-standard+ #1\n Call Trace:\n [d101dc90] [c073b264] dump_stack_lvl+0x50/0x8c (unreliable)\n [d101dcb0] [c0093b70] __might_resched+0x258/0x2a8\n [d101dcd0] [c0d3e634] __mutex_lock+0x6c/0x6ec\n [d101dd50] [c0a84174] of_alias_get_id+0x50/0xf4\n [d101dd80] [c002ec78] pcibios_alloc_controller+0x1b8/0x220\n [d101ddd0] [c140c9dc] pmac_pci_init+0x198/0x784\n [d101de50] [c140852c] discover_phbs+0x30/0x4c\n [d101de60] [c0007fd4] do_one_initcall+0x94/0x344\n [d101ded0] [c1403b40] kernel_init_freeable+0x1a8/0x22c\n [d101df10] [c00086e0] kernel_init+0x34/0x160\n [d101df30] [c001b334] ret_from_kernel_thread+0x5c/0x64\n\nThis is because pcibios_alloc_controller() holds hose_spinlock but\nof_alias_get_id() takes of_mutex which can sleep.\n\nThe hose_spinlock protects the phb_bitmap, and also the hose_list, but\nit doesn't need to be held while get_phb_number() calls the OF routines,\nbecause those are only looking up information in the device tree.\n\nSo fix it by having get_phb_number() take the hose_spinlock itself, only\nwhere required, and then dropping the lock before returning.\npcibios_alloc_controller() then needs to take the lock again before the\nlist_add() but that's safe, the order of the list is not important.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50045 was patched at 2025-06-17

340. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50049) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Don't pick up BE without substream When DPCM tries to add valid BE connections at dpcm_add_paths(), it doesn't check whether the picked BE actually supports for the given stream direction. Due to that, when an asymmetric BE stream is present, it picks up wrongly and this may result in a NULL dereference at a later point where the code assumes the existence of a corresponding BE substream. This patch adds the check for the presence of the substream for the target BE for avoiding the problem above. Note that we have already some fix for non-existing BE substream at commit 6246f283d5e0 ("ASoC: dpcm: skip missing substream while applying symmetry"). But the code path we've hit recently is rather happening before the previous fix. So this patch tries to fix at picking up a BE instead of parsing BE lists.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: DPCM: Don't pick up BE without substream\n\nWhen DPCM tries to add valid BE connections at dpcm_add_paths(), it\ndoesn't check whether the picked BE actually supports for the given\nstream direction. Due to that, when an asymmetric BE stream is\npresent, it picks up wrongly and this may result in a NULL dereference\nat a later point where the code assumes the existence of a\ncorresponding BE substream.\n\nThis patch adds the check for the presence of the substream for the\ntarget BE for avoiding the problem above.\n\nNote that we have already some fix for non-existing BE substream at\ncommit 6246f283d5e0 ("ASoC: dpcm: skip missing substream while\napplying symmetry"). But the code path we've hit recently is rather\nhappening before the previous fix. So this patch tries to fix at\npicking up a BE instead of parsing BE lists.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00025, EPSS Percentile is 0.05089

debian: CVE-2022-50049 was patched at 2025-06-17

341. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50061) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak."', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak."', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50061 was patched at 2025-06-17

342. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50074) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in aa_simple_write_to_buffer() When copy_from_user failed, the memory is freed by kvfree. however the management struct and data blob are allocated independently, so only kvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to fix this issue.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: Fix memleak in aa_simple_write_to_buffer()\n\nWhen copy_from_user failed, the memory is freed by kvfree. however the\nmanagement struct and data blob are allocated independently, so only\nkvfree(data) cause a memleak issue here. Use aa_put_loaddata(data) to\nfix this issue.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50074 was patched at 2025-06-17

343. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50077) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: apparmor: fix reference count leak in aa_pivotroot() The aa_pivotroot() function has a reference counting bug in a specific path. When aa_replace_current_label() returns on success, the function forgets to decrement the reference count of “target”, which is increased earlier by build_pivotroot(), causing a reference leak. Fix it by decreasing the refcount of “target” in that path.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix reference count leak in aa_pivotroot()\n\nThe aa_pivotroot() function has a reference counting bug in a specific\npath. When aa_replace_current_label() returns on success, the function\nforgets to decrement the reference count of “target”, which is\nincreased earlier by build_pivotroot(), causing a reference leak.\n\nFix it by decreasing the refcount of “target” in that path.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50077 was patched at 2025-06-17

344. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50083) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h When adding an xattr to an inode, we must ensure that the inode_size is not less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise, the end position may be greater than the start position, resulting in UAF.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h\n\nWhen adding an xattr to an inode, we must ensure that the inode_size is\nnot less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise,\nthe end position may be greater than the start position, resulting in UAF.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.12639

debian: CVE-2022-50083 was patched at 2025-06-17

345. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50084) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid ================================================================== BUG: KASAN: slab-out-of-bounds in raid_status+0x1747/0x2820 [dm_raid] Read of size 4 at addr ffff888079d2c7e8 by task lvcreate/13319 CPU: 0 PID: 13319 Comm: lvcreate Not tainted 5.18.0-0.rc3.<snip> #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 Call Trace: <TASK> dump_stack_lvl+0x6a/0x9c print_address_description.constprop.0+0x1f/0x1e0 print_report.cold+0x55/0x244 kasan_report+0xc9/0x100 raid_status+0x1747/0x2820 [dm_raid] dm_ima_measure_on_table_load+0x4b8/0xca0 [dm_mod] table_load+0x35c/0x630 [dm_mod] ctl_ioctl+0x411/0x630 [dm_mod] dm_ctl_ioctl+0xa/0x10 [dm_mod] __x64_sys_ioctl+0x12a/0x1a0 do_syscall_64+0x5b/0x80 The warning is caused by reading conf->max_nr_stripes in raid_status. The code in raid_status reads mddev->private, casts it to struct r5conf and reads the entry max_nr_stripes. However, if we have different raid type than 4/5/6, mddev->private doesn't point to struct r5conf; it may point to struct r0conf, struct r1conf, struct r10conf or struct mpconf. If we cast a pointer to one of these structs to struct r5conf, we will be reading invalid memory and KASAN warns about it. Fix this bug by reading struct r5conf only if raid type is 4, 5 or 6.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndm raid: fix address sanitizer warning in raid_status\n\nThere is this warning when using a kernel with the address sanitizer\nand running this testsuite:\nhttps://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid\n\n==================================================================\nBUG: KASAN: slab-out-of-bounds in raid_status+0x1747/0x2820 [dm_raid]\nRead of size 4 at addr ffff888079d2c7e8 by task lvcreate/13319\nCPU: 0 PID: 13319 Comm: lvcreate Not tainted 5.18.0-0.rc3.<snip> #1\nHardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\nCall Trace:\n <TASK>\n dump_stack_lvl+0x6a/0x9c\n print_address_description.constprop.0+0x1f/0x1e0\n print_report.cold+0x55/0x244\n kasan_report+0xc9/0x100\n raid_status+0x1747/0x2820 [dm_raid]\n dm_ima_measure_on_table_load+0x4b8/0xca0 [dm_mod]\n table_load+0x35c/0x630 [dm_mod]\n ctl_ioctl+0x411/0x630 [dm_mod]\n dm_ctl_ioctl+0xa/0x10 [dm_mod]\n __x64_sys_ioctl+0x12a/0x1a0\n do_syscall_64+0x5b/0x80\n\nThe warning is caused by reading conf->max_nr_stripes in raid_status. The\ncode in raid_status reads mddev->private, casts it to struct r5conf and\nreads the entry max_nr_stripes.\n\nHowever, if we have different raid type than 4/5/6, mddev->private\ndoesn't point to struct r5conf; it may point to struct r0conf, struct\nr1conf, struct r10conf or struct mpconf. If we cast a pointer to one\nof these structs to struct r5conf, we will be reading invalid memory\nand KASAN warns about it.\n\nFix this bug by reading struct r5conf only if raid type is 4, 5 or 6.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.12639

debian: CVE-2022-50084 was patched at 2025-06-17

346. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50085) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm test lvconvert-raid.sh. The reason for the warning is that mddev->raid_disks is greater than rs->raid_disks, so the loop touches one entry beyond the allocated length.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndm raid: fix address sanitizer warning in raid_resume\n\nThere is a KASAN warning in raid_resume when running the lvm test\nlvconvert-raid.sh. The reason for the warning is that mddev->raid_disks\nis greater than rs->raid_disks, so the loop touches one entry beyond\nthe allocated length.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50085 was patched at 2025-06-17

347. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50093) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) KASAN reports: [ 4.668325][ T0] BUG: KASAN: wild-memory-access in dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497) [ 4.676149][ T0] Read of size 8 at addr 1fffffff85115558 by task swapper/0/0 [ 4.683454][ T0] [ 4.685638][ T0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-rc3-00004-g0e862838f290 #1 [ 4.694331][ T0] Hardware name: Supermicro SYS-5018D-FN4T/X10SDV-8C-TLN4F, BIOS 1.1 03/02/2016 [ 4.703196][ T0] Call Trace: [ 4.706334][ T0] <TASK> [ 4.709133][ T0] ? dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497) after converting the type of the first argument (@nr, bit number) of arch_test_bit() from `long` to `unsigned long`[0]. Under certain conditions (for example, when ACPI NUMA is disabled via command line), pxm_to_node() can return %NUMA_NO_NODE (-1). It is valid 'magic' number of NUMA node, but not valid bit number to use in bitops. node_online() eventually descends to test_bit() without checking for the input, assuming it's on caller side (which might be good for perf-critical tasks). There, -1 becomes %ULONG_MAX which leads to an insane array index when calculating bit position in memory. For now, add an explicit check for @node being not %NUMA_NO_NODE before calling test_bit(). The actual logics didn't change here at all. [0] https://github.com/norov/linux/commit/0e862838f290147ea9c16db852d8d494b552d38d', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)\n\nKASAN reports:\n\n[ 4.668325][ T0] BUG: KASAN: wild-memory-access in dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497)\n[ 4.676149][ T0] Read of size 8 at addr 1fffffff85115558 by task swapper/0/0\n[ 4.683454][ T0]\n[ 4.685638][ T0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-rc3-00004-g0e862838f290 #1\n[ 4.694331][ T0] Hardware name: Supermicro SYS-5018D-FN4T/X10SDV-8C-TLN4F, BIOS 1.1 03/02/2016\n[ 4.703196][ T0] Call Trace:\n[ 4.706334][ T0] <TASK>\n[ 4.709133][ T0] ? dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497)\n\nafter converting the type of the first argument (@nr, bit number)\nof arch_test_bit() from `long` to `unsigned long`[0].\n\nUnder certain conditions (for example, when ACPI NUMA is disabled\nvia command line), pxm_to_node() can return %NUMA_NO_NODE (-1).\nIt is valid 'magic' number of NUMA node, but not valid bit number\nto use in bitops.\nnode_online() eventually descends to test_bit() without checking\nfor the input, assuming it's on caller side (which might be good\nfor perf-critical tasks). There, -1 becomes %ULONG_MAX which leads\nto an insane array index when calculating bit position in memory.\n\nFor now, add an explicit check for @node being not %NUMA_NO_NODE\nbefore calling test_bit(). The actual logics didn't change here\nat all.\n\n[0] https://github.com/norov/linux/commit/0e862838f290147ea9c16db852d8d494b552d38d', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50093 was patched at 2025-06-17

348. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50094) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions trace_spmi_write_begin() and trace_spmi_read_end() both call memcpy() with a length of "len + 1". This leads to one extra byte being read beyond the end of the specified buffer. Fix this out-of-bound memory access by using a length of "len" instead. Here is a KASAN log showing the issue: BUG: KASAN: stack-out-of-bounds in trace_event_raw_event_spmi_read_end+0x1d0/0x234 Read of size 2 at addr ffffffc0265b7540 by task thermal@2.0-ser/1314 ... Call trace: dump_backtrace+0x0/0x3e8 show_stack+0x2c/0x3c dump_stack_lvl+0xdc/0x11c print_address_description+0x74/0x384 kasan_report+0x188/0x268 kasan_check_range+0x270/0x2b0 memcpy+0x90/0xe8 trace_event_raw_event_spmi_read_end+0x1d0/0x234 spmi_read_cmd+0x294/0x3ac spmi_ext_register_readl+0x84/0x9c regmap_spmi_ext_read+0x144/0x1b0 [regmap_spmi] _regmap_raw_read+0x40c/0x754 regmap_raw_read+0x3a0/0x514 regmap_bulk_read+0x418/0x494 adc5_gen3_poll_wait_hs+0xe8/0x1e0 [qcom_spmi_adc5_gen3] ... __arm64_sys_read+0x4c/0x60 invoke_syscall+0x80/0x218 el0_svc_common+0xec/0x1c8 ... addr ffffffc0265b7540 is located in stack of task thermal@2.0-ser/1314 at offset 32 in frame: adc5_gen3_poll_wait_hs+0x0/0x1e0 [qcom_spmi_adc5_gen3] this frame has 1 object: [32, 33) 'status' Memory state around the buggy address: ffffffc0265b7400: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 ffffffc0265b7480: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 >ffffffc0265b7500: 00 00 00 00 f1 f1 f1 f1 01 f3 f3 f3 00 00 00 00 ^ ffffffc0265b7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffc0265b7600: f1 f1 f1 f1 01 f2 07 f2 f2 f2 01 f3 00 00 00 00 ==================================================================', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspmi: trace: fix stack-out-of-bound access in SPMI tracing functions\n\ntrace_spmi_write_begin() and trace_spmi_read_end() both call\nmemcpy() with a length of "len + 1". This leads to one extra\nbyte being read beyond the end of the specified buffer. Fix\nthis out-of-bound memory access by using a length of "len"\ninstead.\n\nHere is a KASAN log showing the issue:\n\nBUG: KASAN: stack-out-of-bounds in trace_event_raw_event_spmi_read_end+0x1d0/0x234\nRead of size 2 at addr ffffffc0265b7540 by task thermal@2.0-ser/1314\n...\nCall trace:\n dump_backtrace+0x0/0x3e8\n show_stack+0x2c/0x3c\n dump_stack_lvl+0xdc/0x11c\n print_address_description+0x74/0x384\n kasan_report+0x188/0x268\n kasan_check_range+0x270/0x2b0\n memcpy+0x90/0xe8\n trace_event_raw_event_spmi_read_end+0x1d0/0x234\n spmi_read_cmd+0x294/0x3ac\n spmi_ext_register_readl+0x84/0x9c\n regmap_spmi_ext_read+0x144/0x1b0 [regmap_spmi]\n _regmap_raw_read+0x40c/0x754\n regmap_raw_read+0x3a0/0x514\n regmap_bulk_read+0x418/0x494\n adc5_gen3_poll_wait_hs+0xe8/0x1e0 [qcom_spmi_adc5_gen3]\n ...\n __arm64_sys_read+0x4c/0x60\n invoke_syscall+0x80/0x218\n el0_svc_common+0xec/0x1c8\n ...\n\naddr ffffffc0265b7540 is located in stack of task thermal@2.0-ser/1314 at offset 32 in frame:\n adc5_gen3_poll_wait_hs+0x0/0x1e0 [qcom_spmi_adc5_gen3]\n\nthis frame has 1 object:\n [32, 33) 'status'\n\nMemory state around the buggy address:\n ffffffc0265b7400: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1\n ffffffc0265b7480: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\n>ffffffc0265b7500: 00 00 00 00 f1 f1 f1 f1 01 f3 f3 f3 00 00 00 00\n ^\n ffffffc0265b7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffffffc0265b7600: f1 f1 f1 f1 01 f2 07 f2 f2 f2 01 f3 00 00 00 00\n==================================================================', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.12639

debian: CVE-2022-50094 was patched at 2025-06-17

349. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50097) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memset_io() In the function s3fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 54.083733] BUG: unable to handle page fault for address: ffffc90003000000 [ 54.083742] #PF: supervisor write access in kernel mode [ 54.083744] #PF: error_code(0x0002) - not-present page [ 54.083760] RIP: 0010:memset_orig+0x33/0xb0 [ 54.083782] Call Trace: [ 54.083788] s3fb_set_par+0x1ec6/0x4040 [ 54.083806] fb_set_var+0x604/0xeb0 [ 54.083836] do_fb_ioctl+0x234/0x670 Fix the this by checking the value of 'screen_size' before memset_io().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: s3fb: Check the size of screen before memset_io()\n\nIn the function s3fb_set_par(), the value of 'screen_size' is\ncalculated by the user input. If the user provides the improper value,\nthe value of 'screen_size' may larger than 'info->screen_size', which\nmay cause the following bug:\n\n[ 54.083733] BUG: unable to handle page fault for address: ffffc90003000000\n[ 54.083742] #PF: supervisor write access in kernel mode\n[ 54.083744] #PF: error_code(0x0002) - not-present page\n[ 54.083760] RIP: 0010:memset_orig+0x33/0xb0\n[ 54.083782] Call Trace:\n[ 54.083788] s3fb_set_par+0x1ec6/0x4040\n[ 54.083806] fb_set_var+0x604/0xeb0\n[ 54.083836] do_fb_ioctl+0x234/0x670\n\nFix the this by checking the value of 'screen_size' before memset_io().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50097 was patched at 2025-06-17

350. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50099) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Check the size of screen before memset_io() In the function arkfb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 659.399066] BUG: unable to handle page fault for address: ffffc90003000000 [ 659.399077] #PF: supervisor write access in kernel mode [ 659.399079] #PF: error_code(0x0002) - not-present page [ 659.399094] RIP: 0010:memset_orig+0x33/0xb0 [ 659.399116] Call Trace: [ 659.399122] arkfb_set_par+0x143f/0x24c0 [ 659.399130] fb_set_var+0x604/0xeb0 [ 659.399161] do_fb_ioctl+0x234/0x670 [ 659.399189] fb_ioctl+0xdd/0x130 Fix the this by checking the value of 'screen_size' before memset_io().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: arkfb: Check the size of screen before memset_io()\n\nIn the function arkfb_set_par(), the value of 'screen_size' is\ncalculated by the user input. If the user provides the improper value,\nthe value of 'screen_size' may larger than 'info->screen_size', which\nmay cause the following bug:\n\n[ 659.399066] BUG: unable to handle page fault for address: ffffc90003000000\n[ 659.399077] #PF: supervisor write access in kernel mode\n[ 659.399079] #PF: error_code(0x0002) - not-present page\n[ 659.399094] RIP: 0010:memset_orig+0x33/0xb0\n[ 659.399116] Call Trace:\n[ 659.399122] arkfb_set_par+0x143f/0x24c0\n[ 659.399130] fb_set_var+0x604/0xeb0\n[ 659.399161] do_fb_ioctl+0x234/0x670\n[ 659.399189] fb_ioctl+0xdd/0x130\n\nFix the this by checking the value of 'screen_size' before memset_io().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50099 was patched at 2025-06-17

351. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50101) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: video: fbdev: vt8623fb: Check the size of screen before memset_io() In the function vt8623fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 583.339036] BUG: unable to handle page fault for address: ffffc90005000000 [ 583.339049] #PF: supervisor write access in kernel mode [ 583.339052] #PF: error_code(0x0002) - not-present page [ 583.339074] RIP: 0010:memset_orig+0x33/0xb0 [ 583.339110] Call Trace: [ 583.339118] vt8623fb_set_par+0x11cd/0x21e0 [ 583.339146] fb_set_var+0x604/0xeb0 [ 583.339181] do_fb_ioctl+0x234/0x670 [ 583.339209] fb_ioctl+0xdd/0x130 Fix the this by checking the value of 'screen_size' before memset_io().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: vt8623fb: Check the size of screen before memset_io()\n\nIn the function vt8623fb_set_par(), the value of 'screen_size' is\ncalculated by the user input. If the user provides the improper value,\nthe value of 'screen_size' may larger than 'info->screen_size', which\nmay cause the following bug:\n\n[ 583.339036] BUG: unable to handle page fault for address: ffffc90005000000\n[ 583.339049] #PF: supervisor write access in kernel mode\n[ 583.339052] #PF: error_code(0x0002) - not-present page\n[ 583.339074] RIP: 0010:memset_orig+0x33/0xb0\n[ 583.339110] Call Trace:\n[ 583.339118] vt8623fb_set_par+0x11cd/0x21e0\n[ 583.339146] fb_set_var+0x604/0xeb0\n[ 583.339181] do_fb_ioctl+0x234/0x670\n[ 583.339209] fb_ioctl+0xdd/0x130\n\nFix the this by checking the value of 'screen_size' before memset_io().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50101 was patched at 2025-06-17

352. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50102) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() Since the user can control the arguments of the ioctl() from the user space, under special arguments that may result in a divide-by-zero bug in: drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul); with hdiv=1, pixclock=1 and hmul=2 you end up with (1*1)/2 = (int) 0. and then in: drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par->dac, 0, 1000000000 / pixclock); we'll get a division-by-zero. The following log can reveal it: divide error: 0000 [#1] PREEMPT SMP KASAN PTI RIP: 0010:ark_set_pixclock drivers/video/fbdev/arkfb.c:504 [inline] RIP: 0010:arkfb_set_par+0x10fc/0x24c0 drivers/video/fbdev/arkfb.c:784 Call Trace: fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189 Fix this by checking the argument of ark_set_pixclock() first.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()\n\nSince the user can control the arguments of the ioctl() from the user\nspace, under special arguments that may result in a divide-by-zero bug\nin:\n drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul);\nwith hdiv=1, pixclock=1 and hmul=2 you end up with (1*1)/2 = (int) 0.\nand then in:\n drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par->dac, 0, 1000000000 / pixclock);\nwe'll get a division-by-zero.\n\nThe following log can reveal it:\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN PTI\nRIP: 0010:ark_set_pixclock drivers/video/fbdev/arkfb.c:504 [inline]\nRIP: 0010:arkfb_set_par+0x10fc/0x24c0 drivers/video/fbdev/arkfb.c:784\nCall Trace:\n fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034\n do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110\n fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189\n\nFix this by checking the argument of ark_set_pixclock() first.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50102 was patched at 2025-06-17

353. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50104) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xive_get_max_prio of_find_node_by_path() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/xive: Fix refcount leak in xive_get_max_prio\n\nof_find_node_by_path() returns a node pointer with\nrefcount incremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50104 was patched at 2025-06-17

354. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50105) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader of_find_node_by_path() returns remote device nodepointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/spufs: Fix refcount leak in spufs_init_isolated_loader\n\nof_find_node_by_path() returns remote device nodepointer with\nrefcount incremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50105 was patched at 2025-06-17

355. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50106) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address of_get_next_parent() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() in the error path to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address\n\nof_get_next_parent() returns a node pointer with refcount incremented,\nwe should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() in the error path to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50106 was patched at 2025-06-17

356. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50108) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mfd: max77620: Fix refcount leak in max77620_initialise_fps of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: max77620: Fix refcount leak in max77620_initialise_fps\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50108 was patched at 2025-06-17

357. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50109) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: video: fbdev: amba-clcd: Fix refcount leak bugs In clcdfb_of_init_display(), we should call of_node_put() for the references returned by of_graph_get_next_endpoint() and of_graph_get_remote_port_parent() which have increased the refcount. Besides, we should call of_node_put() both in fail path or when the references are not used anymore.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: amba-clcd: Fix refcount leak bugs\n\nIn clcdfb_of_init_display(), we should call of_node_put() for the\nreferences returned by of_graph_get_next_endpoint() and\nof_graph_get_remote_port_parent() which have increased the refcount.\n\nBesides, we should call of_node_put() both in fail path or when\nthe references are not used anymore.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50109 was patched at 2025-06-17

358. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50112) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50112 was patched at 2025-06-17

359. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50119) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: rpmsg: Fix possible refcount leak in rpmsg_register_device_override() rpmsg_register_device_override need to call put_device to free vch when driver_set_override fails. Fix this by adding a put_device() to the error path.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: Fix possible refcount leak in rpmsg_register_device_override()\n\nrpmsg_register_device_override need to call put_device to free vch when\ndriver_set_override fails.\n\nFix this by adding a put_device() to the error path.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50119 was patched at 2025-06-17

360. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50122) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Fix refcount leak in some error paths.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nFix refcount leak in some error paths.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50122 was patched at 2025-06-17

361. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50123) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Fix missing of_node_put() in error paths.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nFix missing of_node_put() in error paths.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50123 was patched at 2025-06-17

362. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50124) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50124 was patched at 2025-06-17

363. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50126) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted Following process will fail assertion 'jh->b_frozen_data == NULL' in jbd2_journal_dirty_metadata(): jbd2_journal_commit_transaction unlink(dir/a) jh->b_transaction = trans1 jh->b_jlist = BJ_Metadata journal->j_running_transaction = NULL trans1->t_state = T_COMMIT unlink(dir/b) handle->h_trans = trans2 do_get_write_access jh->b_modified = 0 jh->b_frozen_data = frozen_buffer jh->b_next_transaction = trans2 jbd2_journal_dirty_metadata is_handle_aborted is_journal_aborted // return false --> jbd2 abort <-- while (commit_transaction->t_buffers) if (is_journal_aborted) jbd2_journal_refile_buffer __jbd2_journal_refile_buffer WRITE_ONCE(jh->b_transaction, \t\t\t\t\t\tjh->b_next_transaction) WRITE_ONCE(jh->b_next_transaction, NULL) __jbd2_journal_file_buffer(jh, BJ_Reserved) J_ASSERT_JH(jh, jh->b_frozen_data == NULL) // assertion failure ! The reproducer (See detail in [Link]) reports: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1629! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 2 PID: 584 Comm: unlink Tainted: G W 5.19.0-rc6-00115-g4a57a8400075-dirty #697 RIP: 0010:jbd2_journal_dirty_metadata+0x3c5/0x470 RSP: 0018:ffffc90000be7ce0 EFLAGS: 00010202 Call Trace: <TASK> __ext4_handle_dirty_metadata+0xa0/0x290 ext4_handle_dirty_dirblock+0x10c/0x1d0 ext4_delete_entry+0x104/0x200 __ext4_unlink+0x22b/0x360 ext4_unlink+0x275/0x390 vfs_unlink+0x20b/0x4c0 do_unlinkat+0x42f/0x4c0 __x64_sys_unlink+0x37/0x50 do_syscall_64+0x35/0x80 After journal aborting, __jbd2_journal_refile_buffer() is executed with holding @jh->b_state_lock, we can fix it by moving 'is_handle_aborted()' into the area protected by @jh->b_state_lock.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted\n\nFollowing process will fail assertion 'jh->b_frozen_data == NULL' in\njbd2_journal_dirty_metadata():\n\n jbd2_journal_commit_transaction\nunlink(dir/a)\n jh->b_transaction = trans1\n jh->b_jlist = BJ_Metadata\n journal->j_running_transaction = NULL\n trans1->t_state = T_COMMIT\nunlink(dir/b)\n handle->h_trans = trans2\n do_get_write_access\n jh->b_modified = 0\n jh->b_frozen_data = frozen_buffer\n jh->b_next_transaction = trans2\n jbd2_journal_dirty_metadata\n is_handle_aborted\n is_journal_aborted // return false\n\n --> jbd2 abort <--\n\n while (commit_transaction->t_buffers)\n if (is_journal_aborted)\n jbd2_journal_refile_buffer\n __jbd2_journal_refile_buffer\n WRITE_ONCE(jh->b_transaction,\n\t\t\t\t\t\tjh->b_next_transaction)\n WRITE_ONCE(jh->b_next_transaction, NULL)\n __jbd2_journal_file_buffer(jh, BJ_Reserved)\n J_ASSERT_JH(jh, jh->b_frozen_data == NULL) // assertion failure !\n\nThe reproducer (See detail in [Link]) reports:\n ------------[ cut here ]------------\n kernel BUG at fs/jbd2/transaction.c:1629!\n invalid opcode: 0000 [#1] PREEMPT SMP\n CPU: 2 PID: 584 Comm: unlink Tainted: G W\n 5.19.0-rc6-00115-g4a57a8400075-dirty #697\n RIP: 0010:jbd2_journal_dirty_metadata+0x3c5/0x470\n RSP: 0018:ffffc90000be7ce0 EFLAGS: 00010202\n Call Trace:\n <TASK>\n __ext4_handle_dirty_metadata+0xa0/0x290\n ext4_handle_dirty_dirblock+0x10c/0x1d0\n ext4_delete_entry+0x104/0x200\n __ext4_unlink+0x22b/0x360\n ext4_unlink+0x275/0x390\n vfs_unlink+0x20b/0x4c0\n do_unlinkat+0x42f/0x4c0\n __x64_sys_unlink+0x37/0x50\n do_syscall_64+0x35/0x80\n\nAfter journal aborting, __jbd2_journal_refile_buffer() is executed with\nholding @jh->b_state_lock, we can fix it by moving 'is_handle_aborted()'\ninto the area protected by @jh->b_state_lock.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50126 was patched at 2025-06-17

364. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50127) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxe_create_qp() In the function rxe_create_qp(), rxe_qp_from_init() is called to initialize qp, internally things like the spin locks are not setup until rxe_qp_init_req(). If an error occures before this point then the unwind will call rxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task() which will oops when trying to access the uninitialized spinlock. Move the spinlock initializations earlier before any failures.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix error unwind in rxe_create_qp()\n\nIn the function rxe_create_qp(), rxe_qp_from_init() is called to\ninitialize qp, internally things like the spin locks are not setup until\nrxe_qp_init_req().\n\nIf an error occures before this point then the unwind will call\nrxe_cleanup() and eventually to rxe_qp_do_cleanup()/rxe_cleanup_task()\nwhich will oops when trying to access the uninitialized spinlock.\n\nMove the spinlock initializations earlier before any failures.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50127 was patched at 2025-06-17

365. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50136) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event If siw_recv_mpa_rr returns -EAGAIN, it means that the MPA reply hasn't been received completely, and should not report IW_CM_EVENT_CONNECT_REPLY in this case. This may trigger a call trace in iw_cm. A simple way to trigger this: server: ib_send_lat client: ib_send_lat -R <server_ip> The call trace looks like this: kernel BUG at drivers/infiniband/core/iwcm.c:894! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI <...> Workqueue: iw_cm_wq cm_work_handler [iw_cm] Call Trace: <TASK> cm_work_handler+0x1dd/0x370 [iw_cm] process_one_work+0x1e2/0x3b0 worker_thread+0x49/0x2e0 ? rescuer_thread+0x370/0x370 kthread+0xe5/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 </TASK>', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event\n\nIf siw_recv_mpa_rr returns -EAGAIN, it means that the MPA reply hasn't\nbeen received completely, and should not report IW_CM_EVENT_CONNECT_REPLY\nin this case. This may trigger a call trace in iw_cm. A simple way to\ntrigger this:\n server: ib_send_lat\n client: ib_send_lat -R <server_ip>\n\nThe call trace looks like this:\n\n kernel BUG at drivers/infiniband/core/iwcm.c:894!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n <...>\n Workqueue: iw_cm_wq cm_work_handler [iw_cm]\n Call Trace:\n <TASK>\n cm_work_handler+0x1dd/0x370 [iw_cm]\n process_one_work+0x1e2/0x3b0\n worker_thread+0x49/0x2e0\n ? rescuer_thread+0x370/0x370\n kthread+0xe5/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n </TASK>', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50136 was patched at 2025-06-17

366. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50142) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: intel_th: msu: Fix vmalloced buffers After commit f5ff79fddf0e ("dma-mapping: remove CONFIG_DMA_REMAP") there's a chance of DMA buffer getting allocated via vmalloc(), which messes up the mmapping code: > RIP: msc_mmap_fault [intel_th_msu] > Call Trace: > <TASK> > __do_fault > do_fault ... Fix this by accounting for vmalloc possibility.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nintel_th: msu: Fix vmalloced buffers\n\nAfter commit f5ff79fddf0e ("dma-mapping: remove CONFIG_DMA_REMAP") there's\na chance of DMA buffer getting allocated via vmalloc(), which messes up\nthe mmapping code:\n\n> RIP: msc_mmap_fault [intel_th_msu]\n> Call Trace:\n> <TASK>\n> __do_fault\n> do_fault\n...\n\nFix this by accounting for vmalloc possibility.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50142 was patched at 2025-06-17

367. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50143) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: intel_th: Fix a resource leak in an error handling path If an error occurs after calling 'pci_alloc_irq_vectors()', 'pci_free_irq_vectors()' must be called as already done in the remove function.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nintel_th: Fix a resource leak in an error handling path\n\nIf an error occurs after calling 'pci_alloc_irq_vectors()',\n'pci_free_irq_vectors()' must be called as already done in the remove\nfunction.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50143 was patched at 2025-06-17

368. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50149) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential deadlock in __driver_attach In __driver_attach function, There are also AA deadlock problem, like the commit b232b02bf3c2 ("driver core: fix deadlock in __device_attach"). stack like commit b232b02bf3c2 ("driver core: fix deadlock in __device_attach"). list below: In __driver_attach function, The lock holding logic is as follows: ... __driver_attach if (driver_allows_async_probing(drv)) device_lock(dev) // get lock dev async_schedule_dev(__driver_attach_async_helper, dev); // func async_schedule_node async_schedule_node_domain(func) entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC); /* when fail or work limit, sync to execute func, but __driver_attach_async_helper will get lock dev as will, which will lead to A-A deadlock. */ if (!entry || atomic_read(&entry_count) > MAX_WORK) { func; else queue_work_node(node, system_unbound_wq, &entry->work) device_unlock(dev) As above show, when it is allowed to do async probes, because of out of memory or work limit, async work is not be allowed, to do sync execute instead. it will lead to A-A deadlock because of __driver_attach_async_helper getting lock dev. Reproduce: and it can be reproduce by make the condition (if (!entry || atomic_read(&entry_count) > MAX_WORK)) untenable, like below: [ 370.785650] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 370.787154] task:swapper/0 state:D stack: 0 pid: 1 ppid: 0 flags:0x00004000 [ 370.788865] Call Trace: [ 370.789374] <TASK> [ 370.789841] __schedule+0x482/0x1050 [ 370.790613] schedule+0x92/0x1a0 [ 370.791290] schedule_preempt_disabled+0x2c/0x50 [ 370.792256] __mutex_lock.isra.0+0x757/0xec0 [ 370.793158] __mutex_lock_slowpath+0x1f/0x30 [ 370.794079] mutex_lock+0x50/0x60 [ 370.794795] __device_driver_lock+0x2f/0x70 [ 370.795677] ? driver_probe_device+0xd0/0xd0 [ 370.796576] __driver_attach_async_helper+0x1d/0xd0 [ 370.797318] ? driver_probe_device+0xd0/0xd0 [ 370.797957] async_schedule_node_domain+0xa5/0xc0 [ 370.798652] async_schedule_node+0x19/0x30 [ 370.799243] __driver_attach+0x246/0x290 [ 370.799828] ? driver_allows_async_probing+0xa0/0xa0 [ 370.800548] bus_for_each_dev+0x9d/0x130 [ 370.801132] driver_attach+0x22/0x30 [ 370.801666] bus_add_driver+0x290/0x340 [ 370.802246] driver_register+0x88/0x140 [ 370.802817] ? virtio_scsi_init+0x116/0x116 [ 370.803425] scsi_register_driver+0x1a/0x30 [ 370.804057] init_sd+0x184/0x226 [ 370.804533] do_one_initcall+0x71/0x3a0 [ 370.805107] kernel_init_freeable+0x39a/0x43a [ 370.805759] ? rest_init+0x150/0x150 [ 370.806283] kernel_init+0x26/0x230 [ 370.806799] ret_from_fork+0x1f/0x30 To fix the deadlock, move the async_schedule_dev outside device_lock, as we can see, in async_schedule_node_domain, the parameter of queue_work_node is system_unbound_wq, so it can accept concurrent operations. which will also not change the code logic, and will not lead to deadlock.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: fix potential deadlock in __driver_attach\n\nIn __driver_attach function, There are also AA deadlock problem,\nlike the commit b232b02bf3c2 ("driver core: fix deadlock in\n__device_attach").\n\nstack like commit b232b02bf3c2 ("driver core: fix deadlock in\n__device_attach").\nlist below:\n In __driver_attach function, The lock holding logic is as follows:\n ...\n __driver_attach\n if (driver_allows_async_probing(drv))\n device_lock(dev) // get lock dev\n async_schedule_dev(__driver_attach_async_helper, dev); // func\n async_schedule_node\n async_schedule_node_domain(func)\n entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC);\n /* when fail or work limit, sync to execute func, but\n __driver_attach_async_helper will get lock dev as\n will, which will lead to A-A deadlock. */\n if (!entry || atomic_read(&entry_count) > MAX_WORK) {\n func;\n else\n queue_work_node(node, system_unbound_wq, &entry->work)\n device_unlock(dev)\n\n As above show, when it is allowed to do async probes, because of\n out of memory or work limit, async work is not be allowed, to do\n sync execute instead. it will lead to A-A deadlock because of\n __driver_attach_async_helper getting lock dev.\n\nReproduce:\nand it can be reproduce by make the condition\n(if (!entry || atomic_read(&entry_count) > MAX_WORK)) untenable, like\nbelow:\n\n[ 370.785650] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables\nthis message.\n[ 370.787154] task:swapper/0 state:D stack: 0 pid: 1 ppid:\n0 flags:0x00004000\n[ 370.788865] Call Trace:\n[ 370.789374] <TASK>\n[ 370.789841] __schedule+0x482/0x1050\n[ 370.790613] schedule+0x92/0x1a0\n[ 370.791290] schedule_preempt_disabled+0x2c/0x50\n[ 370.792256] __mutex_lock.isra.0+0x757/0xec0\n[ 370.793158] __mutex_lock_slowpath+0x1f/0x30\n[ 370.794079] mutex_lock+0x50/0x60\n[ 370.794795] __device_driver_lock+0x2f/0x70\n[ 370.795677] ? driver_probe_device+0xd0/0xd0\n[ 370.796576] __driver_attach_async_helper+0x1d/0xd0\n[ 370.797318] ? driver_probe_device+0xd0/0xd0\n[ 370.797957] async_schedule_node_domain+0xa5/0xc0\n[ 370.798652] async_schedule_node+0x19/0x30\n[ 370.799243] __driver_attach+0x246/0x290\n[ 370.799828] ? driver_allows_async_probing+0xa0/0xa0\n[ 370.800548] bus_for_each_dev+0x9d/0x130\n[ 370.801132] driver_attach+0x22/0x30\n[ 370.801666] bus_add_driver+0x290/0x340\n[ 370.802246] driver_register+0x88/0x140\n[ 370.802817] ? virtio_scsi_init+0x116/0x116\n[ 370.803425] scsi_register_driver+0x1a/0x30\n[ 370.804057] init_sd+0x184/0x226\n[ 370.804533] do_one_initcall+0x71/0x3a0\n[ 370.805107] kernel_init_freeable+0x39a/0x43a\n[ 370.805759] ? rest_init+0x150/0x150\n[ 370.806283] kernel_init+0x26/0x230\n[ 370.806799] ret_from_fork+0x1f/0x30\n\nTo fix the deadlock, move the async_schedule_dev outside device_lock,\nas we can see, in async_schedule_node_domain, the parameter of\nqueue_work_node is system_unbound_wq, so it can accept concurrent\noperations. which will also not change the code logic, and will\nnot lead to deadlock.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50149 was patched at 2025-06-17

369. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50152) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50152 was patched at 2025-06-17

370. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50153) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: host: Fix refcount leak in ehci_hcd_ppc_of_probe\n\nof_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50153 was patched at 2025-06-17

371. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50158) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mtd: partitions: Fix refcount leak in parse_redboot_of of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: partitions: Fix refcount leak in parse_redboot_of\n\nof_get_child_by_name() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50158 was patched at 2025-06-17

372. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50160) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fix refcount leak in ap_flash_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: maps: Fix refcount leak in ap_flash_init\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50160 was patched at 2025-06-17

373. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50161) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mtd: maps: Fix refcount leak in of_flash_probe_versatile of_find_matching_node_and_match() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: maps: Fix refcount leak in of_flash_probe_versatile\n\nof_find_matching_node_and_match() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50161 was patched at 2025-06-17

374. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50162) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: Fix possible refcount leak in if_usb_probe() usb_get_dev will be called before lbs_get_firmware_async which means that usb_put_dev need to be called when lbs_get_firmware_async fails.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: Fix possible refcount leak in if_usb_probe()\n\nusb_get_dev will be called before lbs_get_firmware_async which means that\nusb_put_dev need to be called when lbs_get_firmware_async fails.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50162 was patched at 2025-06-17

375. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50164) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue After successfull station association, if station queues are disabled for some reason, the related lists are not emptied. So if some new element is added to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old one and produce a BUG like this: [ 46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388). [ 46.535283] ------------[ cut here ]------------ [ 46.535284] kernel BUG at lib/list_debug.c:26! [ 46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1 [ 46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN , BIOS A07 08/24/2012 [ 46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f [ 46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1 [ 46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286 [ 46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000 [ 46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff [ 46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666 [ 46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388 [ 46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0 [ 46.666108] FS: 00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000 [ 46.674331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0 [ 46.687422] Call Trace: [ 46.689906] <TASK> [ 46.691950] iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm] [ 46.697601] ieee80211_queue_skb+0x4b3/0x720 [mac80211] [ 46.702973] ? sta_info_get+0x46/0x60 [mac80211] [ 46.707703] ieee80211_tx+0xad/0x110 [mac80211] [ 46.712355] __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211] ... In order to avoid this problem, we must also remove the related lists when station queues are disabled.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue\n\nAfter successfull station association, if station queues are disabled for\nsome reason, the related lists are not emptied. So if some new element is\nadded to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old\none and produce a BUG like this:\n\n[ 46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388).\n[ 46.535283] ------------[ cut here ]------------\n[ 46.535284] kernel BUG at lib/list_debug.c:26!\n[ 46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[ 46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1\n[ 46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN , BIOS A07 08/24/2012\n[ 46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f\n[ 46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1\n[ 46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286\n[ 46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000\n[ 46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff\n[ 46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666\n[ 46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388\n[ 46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0\n[ 46.666108] FS: 00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000\n[ 46.674331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0\n[ 46.687422] Call Trace:\n[ 46.689906] <TASK>\n[ 46.691950] iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm]\n[ 46.697601] ieee80211_queue_skb+0x4b3/0x720 [mac80211]\n[ 46.702973] ? sta_info_get+0x46/0x60 [mac80211]\n[ 46.707703] ieee80211_tx+0xad/0x110 [mac80211]\n[ 46.712355] __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211]\n...\n\nIn order to avoid this problem, we must also remove the related lists when\nstation queues are disabled.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50164 was patched at 2025-06-17

376. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50165) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` Commit 7a4836560a61 changes simple_write_to_buffer() with memdup_user() but it forgets to change the value to be returned that came from simple_write_to_buffer() call. It results in the following warning: warning: variable 'rc' is uninitialized when used here [-Wuninitialized] return rc; ^~ Remove rc variable and just return the passed in length if the memdup_user() succeeds.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`\n\nCommit 7a4836560a61 changes simple_write_to_buffer() with memdup_user()\nbut it forgets to change the value to be returned that came from\nsimple_write_to_buffer() call. It results in the following warning:\n\n warning: variable 'rc' is uninitialized when used here [-Wuninitialized]\n return rc;\n ^~\n\nRemove rc variable and just return the passed in length if the\nmemdup_user() succeeds.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50165 was patched at 2025-06-17

377. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50169) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() The simple_write_to_buffer() function will succeed if even a single byte is initialized. However, we need to initialize the whole buffer to prevent information leaks. Just use memdup_user().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()\n\nThe simple_write_to_buffer() function will succeed if even a single\nbyte is initialized. However, we need to initialize the whole buffer\nto prevent information leaks. Just use memdup_user().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50169 was patched at 2025-06-17

378. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50173) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for !hwpipe case. Otherwise, we could have hit contention yet still returned 0. Fixes an issue that the new CONFIG_DRM_DEBUG_MODESET_LOCK stuff flagged in CI: WARNING: CPU: 0 PID: 282 at drivers/gpu/drm/drm_modeset_lock.c:296 drm_modeset_lock+0xf8/0x154 Modules linked in: CPU: 0 PID: 282 Comm: kms_cursor_lega Tainted: G W 5.19.0-rc2-15930-g875cc8bc536a #1 Hardware name: Qualcomm Technologies, Inc. DB820c (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : drm_modeset_lock+0xf8/0x154 lr : drm_atomic_get_private_obj_state+0x84/0x170 sp : ffff80000cfab6a0 x29: ffff80000cfab6a0 x28: 0000000000000000 x27: ffff000083bc4d00 x26: 0000000000000038 x25: 0000000000000000 x24: ffff80000957ca58 x23: 0000000000000000 x22: ffff000081ace080 x21: 0000000000000001 x20: ffff000081acec18 x19: ffff80000cfabb80 x18: 0000000000000038 x17: 0000000000000000 x16: 0000000000000000 x15: fffffffffffea0d0 x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 5f534b434f4c5f47 x11: ffff80000a386aa8 x10: 0000000000000029 x9 : ffff80000cfab610 x8 : 0000000000000029 x7 : 0000000000000014 x6 : 0000000000000000 x5 : 0000000000000001 x4 : ffff8000081ad904 x3 : 0000000000000029 x2 : ffff0000801db4c0 x1 : ffff80000cfabb80 x0 : ffff000081aceb58 Call trace: drm_modeset_lock+0xf8/0x154 drm_atomic_get_private_obj_state+0x84/0x170 mdp5_get_global_state+0x54/0x6c mdp5_pipe_release+0x2c/0xd4 mdp5_plane_atomic_check+0x2ec/0x414 drm_atomic_helper_check_planes+0xd8/0x210 drm_atomic_helper_check+0x54/0xb0 ... ---[ end trace 0000000000000000 ]--- drm_modeset_lock attempting to lock a contended lock without backoff: drm_modeset_lock+0x148/0x154 mdp5_get_global_state+0x30/0x6c mdp5_pipe_release+0x2c/0xd4 mdp5_plane_atomic_check+0x290/0x414 drm_atomic_helper_check_planes+0xd8/0x210 drm_atomic_helper_check+0x54/0xb0 drm_atomic_check_only+0x4b0/0x8f4 drm_atomic_commit+0x68/0xe0 Patchwork: https://patchwork.freedesktop.org/patch/492701/', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/mdp5: Fix global state lock backoff\n\nWe need to grab the lock after the early return for !hwpipe case.\nOtherwise, we could have hit contention yet still returned 0.\n\nFixes an issue that the new CONFIG_DRM_DEBUG_MODESET_LOCK stuff flagged\nin CI:\n\n WARNING: CPU: 0 PID: 282 at drivers/gpu/drm/drm_modeset_lock.c:296 drm_modeset_lock+0xf8/0x154\n Modules linked in:\n CPU: 0 PID: 282 Comm: kms_cursor_lega Tainted: G W 5.19.0-rc2-15930-g875cc8bc536a #1\n Hardware name: Qualcomm Technologies, Inc. DB820c (DT)\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : drm_modeset_lock+0xf8/0x154\n lr : drm_atomic_get_private_obj_state+0x84/0x170\n sp : ffff80000cfab6a0\n x29: ffff80000cfab6a0 x28: 0000000000000000 x27: ffff000083bc4d00\n x26: 0000000000000038 x25: 0000000000000000 x24: ffff80000957ca58\n x23: 0000000000000000 x22: ffff000081ace080 x21: 0000000000000001\n x20: ffff000081acec18 x19: ffff80000cfabb80 x18: 0000000000000038\n x17: 0000000000000000 x16: 0000000000000000 x15: fffffffffffea0d0\n x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 5f534b434f4c5f47\n x11: ffff80000a386aa8 x10: 0000000000000029 x9 : ffff80000cfab610\n x8 : 0000000000000029 x7 : 0000000000000014 x6 : 0000000000000000\n x5 : 0000000000000001 x4 : ffff8000081ad904 x3 : 0000000000000029\n x2 : ffff0000801db4c0 x1 : ffff80000cfabb80 x0 : ffff000081aceb58\n Call trace:\n drm_modeset_lock+0xf8/0x154\n drm_atomic_get_private_obj_state+0x84/0x170\n mdp5_get_global_state+0x54/0x6c\n mdp5_pipe_release+0x2c/0xd4\n mdp5_plane_atomic_check+0x2ec/0x414\n drm_atomic_helper_check_planes+0xd8/0x210\n drm_atomic_helper_check+0x54/0xb0\n ...\n ---[ end trace 0000000000000000 ]---\n drm_modeset_lock attempting to lock a contended lock without backoff:\n drm_modeset_lock+0x148/0x154\n mdp5_get_global_state+0x30/0x6c\n mdp5_pipe_release+0x2c/0xd4\n mdp5_plane_atomic_check+0x290/0x414\n drm_atomic_helper_check_planes+0xd8/0x210\n drm_atomic_helper_check+0x54/0xb0\n drm_atomic_check_only+0x4b0/0x8f4\n drm_atomic_commit+0x68/0xe0\n\nPatchwork: https://patchwork.freedesktop.org/patch/492701/', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50173 was patched at 2025-06-17

379. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50176) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/mcde: Fix refcount leak in mcde_dsi_bind Every iteration of for_each_available_child_of_node() decrements the reference counter of the previous node. There is no decrement when break out from the loop and results in refcount leak. Add missing of_node_put() to fix this.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mcde: Fix refcount leak in mcde_dsi_bind\n\nEvery iteration of for_each_available_child_of_node() decrements\nthe reference counter of the previous node. There is no decrement\nwhen break out from the loop and results in refcount leak.\nAdd missing of_node_put() to fix this.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50176 was patched at 2025-06-17

380. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50191) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: regulator: of: Fix refcount leak bug in of_get_regulation_constraints() We should call the of_node_put() for the reference returned by of_get_child_by_name() which has increased the refcount.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: of: Fix refcount leak bug in of_get_regulation_constraints()\n\nWe should call the of_node_put() for the reference returned by\nof_get_child_by_name() which has increased the refcount.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50191 was patched at 2025-06-17

381. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50194) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register Every iteration of for_each_available_child_of_node() decrements the reference count of the previous node. When breaking early from a for_each_available_child_of_node() loop, we need to explicitly call of_node_put() on the child node. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register\n\nEvery iteration of for_each_available_child_of_node() decrements\nthe reference count of the previous node.\nWhen breaking early from a for_each_available_child_of_node() loop,\nwe need to explicitly call of_node_put() on the child node.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50194 was patched at 2025-06-17

382. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50197) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: cpufreq: zynq: Fix refcount leak in zynq_get_revision of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: zynq: Fix refcount leak in zynq_get_revision\n\nof_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50197 was patched at 2025-06-17

383. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50198) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50198 was patched at 2025-06-17

384. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50199) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: Fix refcount leak in omapdss_init_of omapdss_find_dss_of_node() calls of_find_compatible_node() to get device node. of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() in later error path and normal path.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nARM: OMAP2+: Fix refcount leak in omapdss_init_of\n\nomapdss_find_dss_of_node() calls of_find_compatible_node() to get device\nnode. of_find_compatible_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() in later error path and normal path.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50199 was patched at 2025-06-17

385. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50200) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: selinux: Add boundary check in put_entry() Just like next_entry(), boundary check is necessary to prevent memory out-of-bound access.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: Add boundary check in put_entry()\n\nJust like next_entry(), boundary check is necessary to prevent memory\nout-of-bound access.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50200 was patched at 2025-06-17

386. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50202) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: defer device probing when resuming from hibernation syzbot is reporting hung task at misc_open() [1], for there is a race window of AB-BA deadlock which involves probe_count variable. Currently wait_for_device_probe() from snapshot_open() from misc_open() can sleep forever with misc_mtx held if probe_count cannot become 0. When a device is probed by hub_event() work function, probe_count is incremented before the probe function starts, and probe_count is decremented after the probe function completed. There are three cases that can prevent probe_count from dropping to 0. (a) A device being probed stopped responding (i.e. broken/malicious hardware). (b) A process emulating a USB device using /dev/raw-gadget interface stopped responding for some reason. (c) New device probe requests keeps coming in before existing device probe requests complete. The phenomenon syzbot is reporting is (b). A process which is holding system_transition_mutex and misc_mtx is waiting for probe_count to become 0 inside wait_for_device_probe(), but the probe function which is called from hub_event() work function is waiting for the processes which are blocked at mutex_lock(&misc_mtx) to respond via /dev/raw-gadget interface. This patch mitigates (b) by deferring wait_for_device_probe() from snapshot_open() to snapshot_write() and snapshot_ioctl(). Please note that the possibility of (b) remains as long as any thread which is emulating a USB device via /dev/raw-gadget interface can be blocked by uninterruptible blocking operations (e.g. mutex_lock()). Please also note that (a) and (c) are not addressed. Regarding (c), we should change the code to wait for only one device which contains the image for resuming from hibernation. I don't know how to address (a), for use of timeout for wait_for_device_probe() might result in loss of user data in the image. Maybe we should require the userland to wait for the image device before opening /dev/snapshot interface.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPM: hibernate: defer device probing when resuming from hibernation\n\nsyzbot is reporting hung task at misc_open() [1], for there is a race\nwindow of AB-BA deadlock which involves probe_count variable. Currently\nwait_for_device_probe() from snapshot_open() from misc_open() can sleep\nforever with misc_mtx held if probe_count cannot become 0.\n\nWhen a device is probed by hub_event() work function, probe_count is\nincremented before the probe function starts, and probe_count is\ndecremented after the probe function completed.\n\nThere are three cases that can prevent probe_count from dropping to 0.\n\n (a) A device being probed stopped responding (i.e. broken/malicious\n hardware).\n\n (b) A process emulating a USB device using /dev/raw-gadget interface\n stopped responding for some reason.\n\n (c) New device probe requests keeps coming in before existing device\n probe requests complete.\n\nThe phenomenon syzbot is reporting is (b). A process which is holding\nsystem_transition_mutex and misc_mtx is waiting for probe_count to become\n0 inside wait_for_device_probe(), but the probe function which is called\n from hub_event() work function is waiting for the processes which are\nblocked at mutex_lock(&misc_mtx) to respond via /dev/raw-gadget interface.\n\nThis patch mitigates (b) by deferring wait_for_device_probe() from\nsnapshot_open() to snapshot_write() and snapshot_ioctl(). Please note that\nthe possibility of (b) remains as long as any thread which is emulating a\nUSB device via /dev/raw-gadget interface can be blocked by uninterruptible\nblocking operations (e.g. mutex_lock()).\n\nPlease also note that (a) and (c) are not addressed. Regarding (c), we\nshould change the code to wait for only one device which contains the\nimage for resuming from hibernation. I don't know how to address (a), for\nuse of timeout for wait_for_device_probe() might result in loss of user\ndata in the image. Maybe we should require the userland to wait for the\nimage device before opening /dev/snapshot interface.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50202 was patched at 2025-06-17

387. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50203) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: display: Fix refcount leak bug In omapdss_init_fbdev(), of_find_node_by_name() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nARM: OMAP2+: display: Fix refcount leak bug\n\nIn omapdss_init_fbdev(), of_find_node_by_name() will return a node\npointer with refcount incremented. We should use of_node_put() when\nit is not used anymore.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50203 was patched at 2025-06-17

388. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50205) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ext2: Add more validity checks for inode counts Add checks verifying number of inodes stored in the superblock matches the number computed from number of inodes per group. Also verify we have at least one block worth of inodes per group. This prevents crashes on corrupted filesystems.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\next2: Add more validity checks for inode counts\n\nAdd checks verifying number of inodes stored in the superblock matches\nthe number computed from number of inodes per group. Also verify we have\nat least one block worth of inodes per group. This prevents crashes on\ncorrupted filesystems.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50205 was patched at 2025-06-17

389. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50207) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ARM: bcm: Fix refcount leak in bcm_kona_smc_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nARM: bcm: Fix refcount leak in bcm_kona_smc_init\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50207 was patched at 2025-06-17

390. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50209) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmeson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init\n\nof_find_matching_node() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50209 was patched at 2025-06-17

391. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50210) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0 [ 3.070072] Modules linked in: efivarfs autofs4 [ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052 [ 3.084034] Hardware name: Loongson Loongson-3A4000-7A1000-1w-V0.1-CRB/Loongson-LS3A4000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27 [ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000 [ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430 [ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff [ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890 [ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa [ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000 [ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000 [ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000 [ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286 [ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c [ 3.195868] ... [ 3.199917] Call Trace: [ 3.203941] [<98000000002086d8>] show_stack+0x38/0x14c [ 3.210666] [<9800000000cf846c>] dump_stack_lvl+0x60/0x88 [ 3.217625] [<980000000023d268>] __warn+0xd0/0x100 [ 3.223958] [<9800000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc [ 3.231150] [<9800000000210220>] show_cpuinfo+0x5e8/0x5f0 [ 3.238080] [<98000000004f578c>] seq_read_iter+0x354/0x4b4 [ 3.245098] [<98000000004c2e90>] new_sync_read+0x17c/0x1c4 [ 3.252114] [<98000000004c5174>] vfs_read+0x138/0x1d0 [ 3.258694] [<98000000004c55f8>] ksys_read+0x70/0x100 [ 3.265265] [<9800000000cfde9c>] do_syscall+0x7c/0x94 [ 3.271820] [<9800000000202fe4>] handle_syscall+0xc4/0x160 [ 3.281824] ---[ end trace 8b484262b4b8c24c ]---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK\n\nWhen CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected,\ncpu_max_bits_warn() generates a runtime warning similar as below while\nwe show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)\ninstead of NR_CPUS to iterate CPUs.\n\n[ 3.052463] ------------[ cut here ]------------\n[ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0\n[ 3.070072] Modules linked in: efivarfs autofs4\n[ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052\n[ 3.084034] Hardware name: Loongson Loongson-3A4000-7A1000-1w-V0.1-CRB/Loongson-LS3A4000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27\n[ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000\n[ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430\n[ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff\n[ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890\n[ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa\n[ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000\n[ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000\n[ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000\n[ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286\n[ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c\n[ 3.195868] ...\n[ 3.199917] Call Trace:\n[ 3.203941] [<98000000002086d8>] show_stack+0x38/0x14c\n[ 3.210666] [<9800000000cf846c>] dump_stack_lvl+0x60/0x88\n[ 3.217625] [<980000000023d268>] __warn+0xd0/0x100\n[ 3.223958] [<9800000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc\n[ 3.231150] [<9800000000210220>] show_cpuinfo+0x5e8/0x5f0\n[ 3.238080] [<98000000004f578c>] seq_read_iter+0x354/0x4b4\n[ 3.245098] [<98000000004c2e90>] new_sync_read+0x17c/0x1c4\n[ 3.252114] [<98000000004c5174>] vfs_read+0x138/0x1d0\n[ 3.258694] [<98000000004c55f8>] ksys_read+0x70/0x100\n[ 3.265265] [<9800000000cfde9c>] do_syscall+0x7c/0x94\n[ 3.271820] [<9800000000202fe4>] handle_syscall+0xc4/0x160\n[ 3.281824] ---[ end trace 8b484262b4b8c24c ]---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.12639

debian: CVE-2022-50210 was patched at 2025-06-17

392. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50211) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: md-raid10: fix KASAN warning There's a KASAN warning in raid10_remove_disk when running the lvm test lvconvert-raid-reshape.sh. We fix this warning by verifying that the value "number" is valid. BUG: KASAN: slab-out-of-bounds in raid10_remove_disk+0x61/0x2a0 [raid10] Read of size 8 at addr ffff889108f3d300 by task mdX_raid10/124682 CPU: 3 PID: 124682 Comm: mdX_raid10 Not tainted 5.19.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report.cold+0x45/0x57a ? __lock_text_start+0x18/0x18 ? raid10_remove_disk+0x61/0x2a0 [raid10] kasan_report+0xa8/0xe0 ? raid10_remove_disk+0x61/0x2a0 [raid10] raid10_remove_disk+0x61/0x2a0 [raid10] Buffer I/O error on dev dm-76, logical block 15344, async page read ? __mutex_unlock_slowpath.constprop.0+0x1e0/0x1e0 remove_and_add_spares+0x367/0x8a0 [md_mod] ? super_written+0x1c0/0x1c0 [md_mod] ? mutex_trylock+0xac/0x120 ? _raw_spin_lock+0x72/0xc0 ? _raw_spin_lock_bh+0xc0/0xc0 md_check_recovery+0x848/0x960 [md_mod] raid10d+0xcf/0x3360 [raid10] ? sched_clock_cpu+0x185/0x1a0 ? rb_erase+0x4d4/0x620 ? var_wake_function+0xe0/0xe0 ? psi_group_change+0x411/0x500 ? preempt_count_sub+0xf/0xc0 ? _raw_spin_lock_irqsave+0x78/0xc0 ? __lock_text_start+0x18/0x18 ? raid10_sync_request+0x36c0/0x36c0 [raid10] ? preempt_count_sub+0xf/0xc0 ? _raw_spin_unlock_irqrestore+0x19/0x40 ? del_timer_sync+0xa9/0x100 ? try_to_del_timer_sync+0xc0/0xc0 ? _raw_spin_lock_irqsave+0x78/0xc0 ? __lock_text_start+0x18/0x18 ? _raw_spin_unlock_irq+0x11/0x24 ? __list_del_entry_valid+0x68/0xa0 ? finish_wait+0xa3/0x100 md_thread+0x161/0x260 [md_mod] ? unregister_md_personality+0xa0/0xa0 [md_mod] ? _raw_spin_lock_irqsave+0x78/0xc0 ? prepare_to_wait_event+0x2c0/0x2c0 ? unregister_md_personality+0xa0/0xa0 [md_mod] kthread+0x148/0x180 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 </TASK> Allocated by task 124495: kasan_save_stack+0x1e/0x40 __kasan_kmalloc+0x80/0xa0 setup_conf+0x140/0x5c0 [raid10] raid10_run+0x4cd/0x740 [raid10] md_run+0x6f9/0x1300 [md_mod] raid_ctr+0x2531/0x4ac0 [dm_raid] dm_table_add_target+0x2b0/0x620 [dm_mod] table_load+0x1c8/0x400 [dm_mod] ctl_ioctl+0x29e/0x560 [dm_mod] dm_compat_ctl_ioctl+0x7/0x20 [dm_mod] __do_compat_sys_ioctl+0xfa/0x160 do_syscall_64+0x90/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x9e/0xc0 kvfree_call_rcu+0x84/0x480 timerfd_release+0x82/0x140 L __fput+0xfa/0x400 task_work_run+0x80/0xc0 exit_to_user_mode_prepare+0x155/0x160 syscall_exit_to_user_mode+0x12/0x40 do_syscall_64+0x42/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Second to last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x9e/0xc0 kvfree_call_rcu+0x84/0x480 timerfd_release+0x82/0x140 __fput+0xfa/0x400 task_work_run+0x80/0xc0 exit_to_user_mode_prepare+0x155/0x160 syscall_exit_to_user_mode+0x12/0x40 do_syscall_64+0x42/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 The buggy address belongs to the object at ffff889108f3d200 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 0 bytes to the right of 256-byte region [ffff889108f3d200, ffff889108f3d300) The buggy address belongs to the physical page: page:000000007ef2a34c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1108f3c head:000000007ef2a34c order:2 compound_mapcount:0 compound_pincount:0 flags: 0x4000000000010200(slab|head|zone=2) raw: 4000000000010200 0000000000000000 dead000000000001 ffff889100042b40 raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff889108f3d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff889108f3d280: 00 00 ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmd-raid10: fix KASAN warning\n\nThere's a KASAN warning in raid10_remove_disk when running the lvm\ntest lvconvert-raid-reshape.sh. We fix this warning by verifying that the\nvalue "number" is valid.\n\nBUG: KASAN: slab-out-of-bounds in raid10_remove_disk+0x61/0x2a0 [raid10]\nRead of size 8 at addr ffff889108f3d300 by task mdX_raid10/124682\n\nCPU: 3 PID: 124682 Comm: mdX_raid10 Not tainted 5.19.0-rc6 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x34/0x44\n print_report.cold+0x45/0x57a\n ? __lock_text_start+0x18/0x18\n ? raid10_remove_disk+0x61/0x2a0 [raid10]\n kasan_report+0xa8/0xe0\n ? raid10_remove_disk+0x61/0x2a0 [raid10]\n raid10_remove_disk+0x61/0x2a0 [raid10]\nBuffer I/O error on dev dm-76, logical block 15344, async page read\n ? __mutex_unlock_slowpath.constprop.0+0x1e0/0x1e0\n remove_and_add_spares+0x367/0x8a0 [md_mod]\n ? super_written+0x1c0/0x1c0 [md_mod]\n ? mutex_trylock+0xac/0x120\n ? _raw_spin_lock+0x72/0xc0\n ? _raw_spin_lock_bh+0xc0/0xc0\n md_check_recovery+0x848/0x960 [md_mod]\n raid10d+0xcf/0x3360 [raid10]\n ? sched_clock_cpu+0x185/0x1a0\n ? rb_erase+0x4d4/0x620\n ? var_wake_function+0xe0/0xe0\n ? psi_group_change+0x411/0x500\n ? preempt_count_sub+0xf/0xc0\n ? _raw_spin_lock_irqsave+0x78/0xc0\n ? __lock_text_start+0x18/0x18\n ? raid10_sync_request+0x36c0/0x36c0 [raid10]\n ? preempt_count_sub+0xf/0xc0\n ? _raw_spin_unlock_irqrestore+0x19/0x40\n ? del_timer_sync+0xa9/0x100\n ? try_to_del_timer_sync+0xc0/0xc0\n ? _raw_spin_lock_irqsave+0x78/0xc0\n ? __lock_text_start+0x18/0x18\n ? _raw_spin_unlock_irq+0x11/0x24\n ? __list_del_entry_valid+0x68/0xa0\n ? finish_wait+0xa3/0x100\n md_thread+0x161/0x260 [md_mod]\n ? unregister_md_personality+0xa0/0xa0 [md_mod]\n ? _raw_spin_lock_irqsave+0x78/0xc0\n ? prepare_to_wait_event+0x2c0/0x2c0\n ? unregister_md_personality+0xa0/0xa0 [md_mod]\n kthread+0x148/0x180\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n </TASK>\n\nAllocated by task 124495:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0x80/0xa0\n setup_conf+0x140/0x5c0 [raid10]\n raid10_run+0x4cd/0x740 [raid10]\n md_run+0x6f9/0x1300 [md_mod]\n raid_ctr+0x2531/0x4ac0 [dm_raid]\n dm_table_add_target+0x2b0/0x620 [dm_mod]\n table_load+0x1c8/0x400 [dm_mod]\n ctl_ioctl+0x29e/0x560 [dm_mod]\n dm_compat_ctl_ioctl+0x7/0x20 [dm_mod]\n __do_compat_sys_ioctl+0xfa/0x160\n do_syscall_64+0x90/0xc0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nLast potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0x9e/0xc0\n kvfree_call_rcu+0x84/0x480\n timerfd_release+0x82/0x140\nL __fput+0xfa/0x400\n task_work_run+0x80/0xc0\n exit_to_user_mode_prepare+0x155/0x160\n syscall_exit_to_user_mode+0x12/0x40\n do_syscall_64+0x42/0xc0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0x9e/0xc0\n kvfree_call_rcu+0x84/0x480\n timerfd_release+0x82/0x140\n __fput+0xfa/0x400\n task_work_run+0x80/0xc0\n exit_to_user_mode_prepare+0x155/0x160\n syscall_exit_to_user_mode+0x12/0x40\n do_syscall_64+0x42/0xc0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThe buggy address belongs to the object at ffff889108f3d200\n which belongs to the cache kmalloc-256 of size 256\nThe buggy address is located 0 bytes to the right of\n 256-byte region [ffff889108f3d200, ffff889108f3d300)\n\nThe buggy address belongs to the physical page:\npage:000000007ef2a34c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1108f3c\nhead:000000007ef2a34c order:2 compound_mapcount:0 compound_pincount:0\nflags: 0x4000000000010200(slab|head|zone=2)\nraw: 4000000000010200 0000000000000000 dead000000000001 ffff889100042b40\nraw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff889108f3d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff889108f3d280: 00 00\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.12639

debian: CVE-2022-50211 was patched at 2025-06-17

393. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50215) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg will immediately return -ENODEV on any attempt to wait for active commands that were sent before the removal. This is problematic for commands that use SG_FLAG_DIRECT_IO since the data buffer may still be in use by the kernel when userspace frees or reuses it after getting ENODEV, leading to corrupted userspace memory (in the case of READ-type commands) or corrupted data being sent to the device (in the case of WRITE-type commands). This has been seen in practice when logging out of a iscsi_tcp session, where the iSCSI driver may still be processing commands after the device has been marked for removal. Change the policy to allow userspace to wait for active sg commands even when the device is being removed. Return -ENODEV only when there are no more responses to read.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sg: Allow waiting for commands to complete on removed device\n\nWhen a SCSI device is removed while in active use, currently sg will\nimmediately return -ENODEV on any attempt to wait for active commands that\nwere sent before the removal. This is problematic for commands that use\nSG_FLAG_DIRECT_IO since the data buffer may still be in use by the kernel\nwhen userspace frees or reuses it after getting ENODEV, leading to\ncorrupted userspace memory (in the case of READ-type commands) or corrupted\ndata being sent to the device (in the case of WRITE-type commands). This\nhas been seen in practice when logging out of a iscsi_tcp session, where\nthe iSCSI driver may still be processing commands after the device has been\nmarked for removal.\n\nChange the policy to allow userspace to wait for active sg commands even\nwhen the device is being removed. Return -ENODEV only when there are no\nmore responses to read.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.12639

debian: CVE-2022-50215 was patched at 2025-06-17

394. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50218) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fix the warning in isl29028_remove() The driver use the non-managed form of the register function in isl29028_remove(). To keep the release order as mirroring the ordering in probe, the driver should use non-managed form in probe, too. The following log reveals it: [ 32.374955] isl29028 0-0010: remove [ 32.376861] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI [ 32.377676] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 32.379432] RIP: 0010:kernfs_find_and_get_ns+0x28/0xe0 [ 32.385461] Call Trace: [ 32.385807] sysfs_unmerge_group+0x59/0x110 [ 32.386110] dpm_sysfs_remove+0x58/0xc0 [ 32.386391] device_del+0x296/0xe50 [ 32.386959] cdev_device_del+0x1d/0xd0 [ 32.387231] devm_iio_device_unreg+0x27/0xb0 [ 32.387542] devres_release_group+0x319/0x3d0 [ 32.388162] i2c_device_remove+0x93/0x1f0', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: isl29028: Fix the warning in isl29028_remove()\n\nThe driver use the non-managed form of the register function in\nisl29028_remove(). To keep the release order as mirroring the ordering\nin probe, the driver should use non-managed form in probe, too.\n\nThe following log reveals it:\n\n[ 32.374955] isl29028 0-0010: remove\n[ 32.376861] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 32.377676] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[ 32.379432] RIP: 0010:kernfs_find_and_get_ns+0x28/0xe0\n[ 32.385461] Call Trace:\n[ 32.385807] sysfs_unmerge_group+0x59/0x110\n[ 32.386110] dpm_sysfs_remove+0x58/0xc0\n[ 32.386391] device_del+0x296/0xe50\n[ 32.386959] cdev_device_del+0x1d/0xd0\n[ 32.387231] devm_iio_device_unreg+0x27/0xb0\n[ 32.387542] devres_release_group+0x319/0x3d0\n[ 32.388162] i2c_device_remove+0x93/0x1f0', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50218 was patched at 2025-06-17

395. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50222) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcs_read() [1], for buffer can be read immediately after resize operation. Initialize buffer using kzalloc(). ---------- #include <fcntl.h> #include <unistd.h> #include <sys/ioctl.h> #include <linux/fb.h> int main(int argc, char *argv[]) { struct fb_var_screeninfo var = { }; const int fb_fd = open("/dev/fb0", 3); ioctl(fb_fd, FBIOGET_VSCREENINFO, &var); var.yres = 0x21; ioctl(fb_fd, FBIOPUT_VSCREENINFO, &var); return read(open("/dev/vcsu", O_RDONLY), &var, sizeof(var)) == -1; } ----------', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: vt: initialize unicode screen buffer\n\nsyzbot reports kernel infoleak at vcs_read() [1], for buffer can be read\nimmediately after resize operation. Initialize buffer using kzalloc().\n\n ----------\n #include <fcntl.h>\n #include <unistd.h>\n #include <sys/ioctl.h>\n #include <linux/fb.h>\n\n int main(int argc, char *argv[])\n {\n struct fb_var_screeninfo var = { };\n const int fb_fd = open("/dev/fb0", 3);\n ioctl(fb_fd, FBIOGET_VSCREENINFO, &var);\n var.yres = 0x21;\n ioctl(fb_fd, FBIOPUT_VSCREENINFO, &var);\n return read(open("/dev/vcsu", O_RDONLY), &var, sizeof(var)) == -1;\n }\n ----------', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2022-50222 was patched at 2025-06-17

396. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50228) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVM_SET_VCPU_EVENTS (even if having at least a WARN there would be correct for KVM internally generated injections). kernel BUG at arch/x86/kvm/svm/svm.c:3386! invalid opcode: 0000 [#1] SMP CPU: 15 PID: 926 Comm: smm_test Not tainted 5.17.0-rc3+ #264 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:svm_inject_irq+0xab/0xb0 [kvm_amd] Code: <0f> 0b 0f 1f 00 0f 1f 44 00 00 80 3d ac b3 01 00 00 55 48 89 f5 53 RSP: 0018:ffffc90000b37d88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88810a234ac0 RCX: 0000000000000006 RDX: 0000000000000000 RSI: ffffc90000b37df7 RDI: ffff88810a234ac0 RBP: ffffc90000b37df7 R08: ffff88810a1fa410 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff888109571000 R14: ffff88810a234ac0 R15: 0000000000000000 FS: 0000000001821380(0000) GS:ffff88846fdc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f74fc550008 CR3: 000000010a6fe000 CR4: 0000000000350ea0 Call Trace: <TASK> inject_pending_event+0x2f7/0x4c0 [kvm] kvm_arch_vcpu_ioctl_run+0x791/0x17a0 [kvm] kvm_vcpu_ioctl+0x26d/0x650 [kvm] __x64_sys_ioctl+0x82/0xb0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae </TASK>', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0\n\nDon't BUG/WARN on interrupt injection due to GIF being cleared,\nsince it's trivial for userspace to force the situation via\nKVM_SET_VCPU_EVENTS (even if having at least a WARN there would be correct\nfor KVM internally generated injections).\n\n kernel BUG at arch/x86/kvm/svm/svm.c:3386!\n invalid opcode: 0000 [#1] SMP\n CPU: 15 PID: 926 Comm: smm_test Not tainted 5.17.0-rc3+ #264\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:svm_inject_irq+0xab/0xb0 [kvm_amd]\n Code: <0f> 0b 0f 1f 00 0f 1f 44 00 00 80 3d ac b3 01 00 00 55 48 89 f5 53\n RSP: 0018:ffffc90000b37d88 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff88810a234ac0 RCX: 0000000000000006\n RDX: 0000000000000000 RSI: ffffc90000b37df7 RDI: ffff88810a234ac0\n RBP: ffffc90000b37df7 R08: ffff88810a1fa410 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\n R13: ffff888109571000 R14: ffff88810a234ac0 R15: 0000000000000000\n FS: 0000000001821380(0000) GS:ffff88846fdc0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f74fc550008 CR3: 000000010a6fe000 CR4: 0000000000350ea0\n Call Trace:\n <TASK>\n inject_pending_event+0x2f7/0x4c0 [kvm]\n kvm_arch_vcpu_ioctl_run+0x791/0x17a0 [kvm]\n kvm_vcpu_ioctl+0x26d/0x650 [kvm]\n __x64_sys_ioctl+0x82/0xb0\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n </TASK>', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.12639

debian: CVE-2022-50228 was patched at 2025-06-17

397. Unknown Vulnerability Type - Linux Kernel (CVE-2025-37995) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()' on error handling path causes an attempt to use an uninitialized completion pointer in 'module_kobject_release()'. In this scenario, we just want to release kobject without an extra synchronization required for a regular module unloading process, so adding an extra check whether 'complete()' is actually required makes 'kobject_put()' safe.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmodule: ensure that kobject_put() is safe for module type kobjects\n\nIn 'lookup_or_create_module_kobject()', an internal kobject is created\nusing 'module_ktype'. So call to 'kobject_put()' on error handling\npath causes an attempt to use an uninitialized completion pointer in\n'module_kobject_release()'. In this scenario, we just want to release\nkobject without an extra synchronization required for a regular module\nunloading process, so adding an extra check whether 'complete()' is\nactually required makes 'kobject_put()' safe.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-37995 was patched at 2025-06-17

398. Unknown Vulnerability Type - Linux Kernel (CVE-2025-37998) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed attributes are processed.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: Fix unsafe attribute parsing in output_userspace()\n\nThis patch replaces the manual Netlink attribute iteration in\noutput_userspace() with nla_for_each_nested(), which ensures that only\nwell-formed attributes are processed.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00037, EPSS Percentile is 0.09823

debian: CVE-2025-37998 was patched at 2025-06-17

399. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38001) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF." To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Address reentrant enqueue adding class to eltree twice\n\nSavino says:\n "We are writing to report that this recent patch\n (141d34391abbb315d68556b7c67ad97885407547) [1]\n can be bypassed, and a UAF can still occur when HFSC is utilized with\n NETEM.\n\n The patch only checks the cl->cl_nactive field to determine whether\n it is the first insertion or not [2], but this field is only\n incremented by init_vf [3].\n\n By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the\n check and insert the class twice in the eltree.\n Under normal conditions, this would lead to an infinite loop in\n hfsc_dequeue for the reasons we already explained in this report [5].\n\n However, if TBF is added as root qdisc and it is configured with a\n very low rate,\n it can be utilized to prevent packets from being dequeued.\n This behavior can be exploited to perform subsequent insertions in the\n HFSC eltree and cause a UAF."\n\nTo fix both the UAF and the infinite loop, with netem as an hfsc child,\ncheck explicitly in hfsc_enqueue whether the class is already in the eltree\nwhenever the HFSC_RSC flag is set.\n\n[1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547\n[2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572\n[3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677\n[4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574\n[5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00043, EPSS Percentile is 0.12639

debian: CVE-2025-38001 was patched at 2025-06-17

400. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38003) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: add missing rcu read protection for procfs content\n\nWhen the procfs content is generated for a bcm_op which is in the process\nto be removed the procfs output might show unreliable data (UAF).\n\nAs the removal of bcm_op's is already implemented with rcu handling this\npatch adds the missing rcu_read_lock() and makes sure the list entries\nare properly removed under rcu protection.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38003 was patched at 2025-06-17

401. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38005) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add missing locking Recent kernels complain about a missing lock in k3-udma.c when the lock validator is enabled: [ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h:169 udma_start.isra.0+0x34/0x238 [ 4.137352] CPU: 0 UID: 0 PID: 746 Comm: kworker/0:3 Not tainted 6.12.9-arm64 #28 [ 4.144867] Hardware name: pp-v12 (DT) [ 4.148648] Workqueue: events udma_check_tx_completion [ 4.153841] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 4.160834] pc : udma_start.isra.0+0x34/0x238 [ 4.165227] lr : udma_start.isra.0+0x30/0x238 [ 4.169618] sp : ffffffc083cabcf0 [ 4.172963] x29: ffffffc083cabcf0 x28: 0000000000000000 x27: ffffff800001b005 [ 4.180167] x26: ffffffc0812f0000 x25: 0000000000000000 x24: 0000000000000000 [ 4.187370] x23: 0000000000000001 x22: 00000000e21eabe9 x21: ffffff8000fa0670 [ 4.194571] x20: ffffff8001b6bf00 x19: ffffff8000fa0430 x18: ffffffc083b95030 [ 4.201773] x17: 0000000000000000 x16: 00000000f0000000 x15: 0000000000000048 [ 4.208976] x14: 0000000000000048 x13: 0000000000000000 x12: 0000000000000001 [ 4.216179] x11: ffffffc08151a240 x10: 0000000000003ea1 x9 : ffffffc08046ab68 [ 4.223381] x8 : ffffffc083cabac0 x7 : ffffffc081df3718 x6 : 0000000000029fc8 [ 4.230583] x5 : ffffffc0817ee6d8 x4 : 0000000000000bc0 x3 : 0000000000000000 [ 4.237784] x2 : 0000000000000000 x1 : 00000000001fffff x0 : 0000000000000000 [ 4.244986] Call trace: [ 4.247463] udma_start.isra.0+0x34/0x238 [ 4.251509] udma_check_tx_completion+0xd0/0xdc [ 4.256076] process_one_work+0x244/0x3fc [ 4.260129] process_scheduled_works+0x6c/0x74 [ 4.264610] worker_thread+0x150/0x1dc [ 4.268398] kthread+0xd8/0xe8 [ 4.271492] ret_from_fork+0x10/0x20 [ 4.275107] irq event stamp: 220 [ 4.278363] hardirqs last enabled at (219): [<ffffffc080a27c7c>] _raw_spin_unlock_irq+0x38/0x50 [ 4.287183] hardirqs last disabled at (220): [<ffffffc080a1c154>] el1_dbg+0x24/0x50 [ 4.294879] softirqs last enabled at (182): [<ffffffc080037e68>] handle_softirqs+0x1c0/0x3cc [ 4.303437] softirqs last disabled at (177): [<ffffffc080010170>] __do_softirq+0x1c/0x28 [ 4.311559] ---[ end trace 0000000000000000 ]--- This commit adds the missing locking.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: k3-udma: Add missing locking\n\nRecent kernels complain about a missing lock in k3-udma.c when the lock\nvalidator is enabled:\n\n[ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h:169 udma_start.isra.0+0x34/0x238\n[ 4.137352] CPU: 0 UID: 0 PID: 746 Comm: kworker/0:3 Not tainted 6.12.9-arm64 #28\n[ 4.144867] Hardware name: pp-v12 (DT)\n[ 4.148648] Workqueue: events udma_check_tx_completion\n[ 4.153841] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 4.160834] pc : udma_start.isra.0+0x34/0x238\n[ 4.165227] lr : udma_start.isra.0+0x30/0x238\n[ 4.169618] sp : ffffffc083cabcf0\n[ 4.172963] x29: ffffffc083cabcf0 x28: 0000000000000000 x27: ffffff800001b005\n[ 4.180167] x26: ffffffc0812f0000 x25: 0000000000000000 x24: 0000000000000000\n[ 4.187370] x23: 0000000000000001 x22: 00000000e21eabe9 x21: ffffff8000fa0670\n[ 4.194571] x20: ffffff8001b6bf00 x19: ffffff8000fa0430 x18: ffffffc083b95030\n[ 4.201773] x17: 0000000000000000 x16: 00000000f0000000 x15: 0000000000000048\n[ 4.208976] x14: 0000000000000048 x13: 0000000000000000 x12: 0000000000000001\n[ 4.216179] x11: ffffffc08151a240 x10: 0000000000003ea1 x9 : ffffffc08046ab68\n[ 4.223381] x8 : ffffffc083cabac0 x7 : ffffffc081df3718 x6 : 0000000000029fc8\n[ 4.230583] x5 : ffffffc0817ee6d8 x4 : 0000000000000bc0 x3 : 0000000000000000\n[ 4.237784] x2 : 0000000000000000 x1 : 00000000001fffff x0 : 0000000000000000\n[ 4.244986] Call trace:\n[ 4.247463] udma_start.isra.0+0x34/0x238\n[ 4.251509] udma_check_tx_completion+0xd0/0xdc\n[ 4.256076] process_one_work+0x244/0x3fc\n[ 4.260129] process_scheduled_works+0x6c/0x74\n[ 4.264610] worker_thread+0x150/0x1dc\n[ 4.268398] kthread+0xd8/0xe8\n[ 4.271492] ret_from_fork+0x10/0x20\n[ 4.275107] irq event stamp: 220\n[ 4.278363] hardirqs last enabled at (219): [<ffffffc080a27c7c>] _raw_spin_unlock_irq+0x38/0x50\n[ 4.287183] hardirqs last disabled at (220): [<ffffffc080a1c154>] el1_dbg+0x24/0x50\n[ 4.294879] softirqs last enabled at (182): [<ffffffc080037e68>] handle_softirqs+0x1c0/0x3cc\n[ 4.303437] softirqs last disabled at (177): [<ffffffc080010170>] __do_softirq+0x1c/0x28\n[ 4.311559] ---[ end trace 0000000000000000 ]---\n\nThis commit adds the missing locking.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38005 was patched at 2025-06-17

402. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38009) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after commit 9dd05df8403b ("net: warn if NAPI instance wasn't shut down"). Disable tx napi before deleting it in mt76_dma_cleanup(). WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 __netif_napi_del_locked+0xf0/0x100 CPU: 4 UID: 0 PID: 18828 Comm: modprobe Not tainted 6.15.0-rc4 #4 PREEMPT(lazy) Hardware name: ASUS System Product Name/PRIME X670E-PRO WIFI, BIOS 3035 09/05/2024 RIP: 0010:__netif_napi_del_locked+0xf0/0x100 Call Trace: <TASK> mt76_dma_cleanup+0x54/0x2f0 [mt76] mt7921_pci_remove+0xd5/0x190 [mt7921e] pci_device_remove+0x47/0xc0 device_release_driver_internal+0x19e/0x200 driver_detach+0x48/0x90 bus_remove_driver+0x6d/0xf0 pci_unregister_driver+0x2e/0xb0 __do_sys_delete_module.isra.0+0x197/0x2e0 do_syscall_64+0x7b/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e Tested with mt7921e but the same pattern can be actually applied to other mt76 drivers calling mt76_dma_cleanup() during removal. Tx napi is enabled in their *_dma_init() functions and only toggled off and on again inside their suspend/resume/reset paths. So it should be okay to disable tx napi in such a generic way. Found by Linux Verification Center (linuxtesting.org).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: disable napi on driver removal\n\nA warning on driver removal started occurring after commit 9dd05df8403b\n("net: warn if NAPI instance wasn't shut down"). Disable tx napi before\ndeleting it in mt76_dma_cleanup().\n\n WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 __netif_napi_del_locked+0xf0/0x100\n CPU: 4 UID: 0 PID: 18828 Comm: modprobe Not tainted 6.15.0-rc4 #4 PREEMPT(lazy)\n Hardware name: ASUS System Product Name/PRIME X670E-PRO WIFI, BIOS 3035 09/05/2024\n RIP: 0010:__netif_napi_del_locked+0xf0/0x100\n Call Trace:\n <TASK>\n mt76_dma_cleanup+0x54/0x2f0 [mt76]\n mt7921_pci_remove+0xd5/0x190 [mt7921e]\n pci_device_remove+0x47/0xc0\n device_release_driver_internal+0x19e/0x200\n driver_detach+0x48/0x90\n bus_remove_driver+0x6d/0xf0\n pci_unregister_driver+0x2e/0xb0\n __do_sys_delete_module.isra.0+0x197/0x2e0\n do_syscall_64+0x7b/0x160\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTested with mt7921e but the same pattern can be actually applied to other\nmt76 drivers calling mt76_dma_cleanup() during removal. Tx napi is enabled\nin their *_dma_init() functions and only toggled off and on again inside\ntheir suspend/resume/reset paths. So it should be okay to disable tx\nnapi in such a generic way.\n\nFound by Linux Verification Center (linuxtesting.org).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38009 was patched at 2025-06-17

403. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38031) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: padata: do not leak refcount in reorder_work A recent patch that addressed a UAF introduced a reference count leak: the parallel_data refcount is incremented unconditionally, regardless of the return value of queue_work(). If the work item is already queued, the incremented refcount is never decremented. Fix this by checking the return value of queue_work() and decrementing the refcount when necessary. Resolves: Unreferenced object 0xffff9d9f421e3d80 (size 192): comm "cryptomgr_probe", pid 157, jiffies 4294694003 hex dump (first 32 bytes): 80 8b cf 41 9f 9d ff ff b8 97 e0 89 ff ff ff ff ...A............ d0 97 e0 89 ff ff ff ff 19 00 00 00 1f 88 23 00 ..............#. backtrace (crc 838fb36): __kmalloc_cache_noprof+0x284/0x320 padata_alloc_pd+0x20/0x1e0 padata_alloc_shell+0x3b/0xa0 0xffffffffc040a54d cryptomgr_probe+0x43/0xc0 kthread+0xf6/0x1f0 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npadata: do not leak refcount in reorder_work\n\nA recent patch that addressed a UAF introduced a reference count leak:\nthe parallel_data refcount is incremented unconditionally, regardless\nof the return value of queue_work(). If the work item is already queued,\nthe incremented refcount is never decremented.\n\nFix this by checking the return value of queue_work() and decrementing\nthe refcount when necessary.\n\nResolves:\n\nUnreferenced object 0xffff9d9f421e3d80 (size 192):\n comm "cryptomgr_probe", pid 157, jiffies 4294694003\n hex dump (first 32 bytes):\n 80 8b cf 41 9f 9d ff ff b8 97 e0 89 ff ff ff ff ...A............\n d0 97 e0 89 ff ff ff ff 19 00 00 00 1f 88 23 00 ..............#.\n backtrace (crc 838fb36):\n __kmalloc_cache_noprof+0x284/0x320\n padata_alloc_pd+0x20/0x1e0\n padata_alloc_shell+0x3b/0xa0\n 0xffffffffc040a54d\n cryptomgr_probe+0x43/0xc0\n kthread+0xf6/0x1f0\n ret_from_fork+0x2f/0x50\n ret_from_fork_asm+0x1a/0x30', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38031 was patched at 2025-06-17

404. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38037) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as [1]. Can be reproduced using [2]. Suppress these reports by annotating these accesses using READ_ONCE() / WRITE_ONCE(). [1] BUG: KCSAN: data-race in vxlan_xmit / vxlan_xmit write to 0xffff942604d263a8 of 8 bytes by task 286 on cpu 0: vxlan_xmit+0xb29/0x2380 dev_hard_start_xmit+0x84/0x2f0 __dev_queue_xmit+0x45a/0x1650 packet_xmit+0x100/0x150 packet_sendmsg+0x2114/0x2ac0 __sys_sendto+0x318/0x330 __x64_sys_sendto+0x76/0x90 x64_sys_call+0x14e8/0x1c00 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f read to 0xffff942604d263a8 of 8 bytes by task 287 on cpu 2: vxlan_xmit+0xadf/0x2380 dev_hard_start_xmit+0x84/0x2f0 __dev_queue_xmit+0x45a/0x1650 packet_xmit+0x100/0x150 packet_sendmsg+0x2114/0x2ac0 __sys_sendto+0x318/0x330 __x64_sys_sendto+0x76/0x90 x64_sys_call+0x14e8/0x1c00 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x00000000fffbac6e -> 0x00000000fffbac6f Reported by Kernel Concurrency Sanitizer on: CPU: 2 UID: 0 PID: 287 Comm: mausezahn Not tainted 6.13.0-rc7-01544-gb4b270f11a02 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 [2] #!/bin/bash set +H echo whitelist > /sys/kernel/debug/kcsan echo !vxlan_xmit > /sys/kernel/debug/kcsan ip link add name vx0 up type vxlan id 10010 dstport 4789 local 192.0.2.1 bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 198.51.100.1 taskset -c 0 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q & taskset -c 2 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q &', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Annotate FDB data races\n\nThe 'used' and 'updated' fields in the FDB entry structure can be\naccessed concurrently by multiple threads, leading to reports such as\n[1]. Can be reproduced using [2].\n\nSuppress these reports by annotating these accesses using\nREAD_ONCE() / WRITE_ONCE().\n\n[1]\nBUG: KCSAN: data-race in vxlan_xmit / vxlan_xmit\n\nwrite to 0xffff942604d263a8 of 8 bytes by task 286 on cpu 0:\n vxlan_xmit+0xb29/0x2380\n dev_hard_start_xmit+0x84/0x2f0\n __dev_queue_xmit+0x45a/0x1650\n packet_xmit+0x100/0x150\n packet_sendmsg+0x2114/0x2ac0\n __sys_sendto+0x318/0x330\n __x64_sys_sendto+0x76/0x90\n x64_sys_call+0x14e8/0x1c00\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nread to 0xffff942604d263a8 of 8 bytes by task 287 on cpu 2:\n vxlan_xmit+0xadf/0x2380\n dev_hard_start_xmit+0x84/0x2f0\n __dev_queue_xmit+0x45a/0x1650\n packet_xmit+0x100/0x150\n packet_sendmsg+0x2114/0x2ac0\n __sys_sendto+0x318/0x330\n __x64_sys_sendto+0x76/0x90\n x64_sys_call+0x14e8/0x1c00\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nvalue changed: 0x00000000fffbac6e -> 0x00000000fffbac6f\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 2 UID: 0 PID: 287 Comm: mausezahn Not tainted 6.13.0-rc7-01544-gb4b270f11a02 #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n\n[2]\n #!/bin/bash\n\n set +H\n echo whitelist > /sys/kernel/debug/kcsan\n echo !vxlan_xmit > /sys/kernel/debug/kcsan\n\n ip link add name vx0 up type vxlan id 10010 dstport 4789 local 192.0.2.1\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 198.51.100.1\n taskset -c 0 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q &\n taskset -c 2 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q &', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38037 was patched at 2025-06-17

405. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38043) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Set dma_mask for ffa devices Set dma_mask for FFA devices, otherwise DMA allocation using the device pointer lead to following warning: WARNING: CPU: 1 PID: 1 at kernel/dma/mapping.c:597 dma_alloc_attrs+0xe0/0x124', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_ffa: Set dma_mask for ffa devices\n\nSet dma_mask for FFA devices, otherwise DMA allocation using the device pointer\nlead to following warning:\n\nWARNING: CPU: 1 PID: 1 at kernel/dma/mapping.c:597 dma_alloc_attrs+0xe0/0x124', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38043 was patched at 2025-06-17

406. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38044) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set device_caps for 417 The video_device for the MPEG encoder did not set device_caps. Add this, otherwise the video device can't be registered (you get a WARN_ON instead). Not seen before since currently 417 support is disabled, but I found this while experimenting with it.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx231xx: set device_caps for 417\n\nThe video_device for the MPEG encoder did not set device_caps.\n\nAdd this, otherwise the video device can't be registered (you get a\nWARN_ON instead).\n\nNot seen before since currently 417 support is disabled, but I found\nthis while experimenting with it.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38044 was patched at 2025-06-17

407. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38058) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock ... or we risk stealing final mntput from sync umount - raising mnt_count after umount(2) has verified that victim is not busy, but before it has set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see that it's safe to quietly undo mnt_count increment and leaves dropping the reference to caller, where it'll be a full-blown mntput(). Check under mount_lock is needed; leaving the current one done before taking that makes no sense - it's nowhere near common enough to bother with.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\n__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock\n\n... or we risk stealing final mntput from sync umount - raising mnt_count\nafter umount(2) has verified that victim is not busy, but before it\nhas set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see\nthat it's safe to quietly undo mnt_count increment and leaves dropping\nthe reference to caller, where it'll be a full-blown mntput().\n\nCheck under mount_lock is needed; leaving the current one done before\ntaking that makes no sense - it's nowhere near common enough to bother\nwith.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38058 was patched at 2025-06-17

408. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38061) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Honour the user given buffer size for the strn_len() calls (otherwise strn_len() will access memory outside of the user given buffer).', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: pktgen: fix access outside of user given buffer in pktgen_thread_write()\n\nHonour the user given buffer size for the strn_len() calls (otherwise\nstrn_len() will access memory outside of the user given buffer).', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38061 was patched at 2025-06-17

409. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38065) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of i_size_read(), so making 'len' a size_t results in truncation to 4GiB on 32-bit systems.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: Do not truncate file size\n\n'len' is used to store the result of i_size_read(), so making 'len'\na size_t results in truncation to 4GiB on 32-bit systems.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38065 was patched at 2025-06-17

410. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38066) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: dm cache: prevent BUG_ON by blocking retries on failed device resumes A cache device failing to resume due to mapping errors should not be retried, as the failure leaves a partially initialized policy object. Repeating the resume operation risks triggering BUG_ON when reloading cache mappings into the incomplete policy object. Reproduce steps: 1. create a cache metadata consisting of 512 or more cache blocks, with some mappings stored in the first array block of the mapping array. Here we use cache_restore v1.0 to build the metadata. cat <<EOF >> cmeta.xml <superblock uuid="" block_size="128" nr_cache_blocks="512" \\ policy="smq" hint_width="4"> <mappings> <mapping cache_block="0" origin_block="0" dirty="false"/> </mappings> </superblock> EOF dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" cache_restore -i cmeta.xml -o /dev/mapper/cmeta --metadata-version=2 dmsetup remove cmeta 2. wipe the second array block of the mapping array to simulate data degradations. mapping_root=$(dd if=/dev/sdc bs=1c count=8 skip=192 \\ 2>/dev/null | hexdump -e '1/8 "%u\\n"') ablock=$(dd if=/dev/sdc bs=1c count=8 skip=$((4096*mapping_root+2056)) \\ 2>/dev/null | hexdump -e '1/8 "%u\\n"') dd if=/dev/zero of=/dev/sdc bs=4k count=1 seek=$ablock 3. try bringing up the cache device. The resume is expected to fail due to the broken array block. dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dmsetup create cache --notable dmsetup load cache --table "0 524288 cache /dev/mapper/cmeta \\ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" dmsetup resume cache 4. try resuming the cache again. An unexpected BUG_ON is triggered while loading cache mappings. dmsetup resume cache Kernel logs: (snip) ------------[ cut here ]------------ kernel BUG at drivers/md/dm-cache-policy-smq.c:752! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 332 Comm: dmsetup Not tainted 6.13.4 #3 RIP: 0010:smq_load_mapping+0x3e5/0x570 Fix by disallowing resume operations for devices that failed the initial attempt.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: prevent BUG_ON by blocking retries on failed device resumes\n\nA cache device failing to resume due to mapping errors should not be\nretried, as the failure leaves a partially initialized policy object.\nRepeating the resume operation risks triggering BUG_ON when reloading\ncache mappings into the incomplete policy object.\n\nReproduce steps:\n\n1. create a cache metadata consisting of 512 or more cache blocks,\n with some mappings stored in the first array block of the mapping\n array. Here we use cache_restore v1.0 to build the metadata.\n\ncat <<EOF >> cmeta.xml\n<superblock uuid="" block_size="128" nr_cache_blocks="512" \\\npolicy="smq" hint_width="4">\n <mappings>\n <mapping cache_block="0" origin_block="0" dirty="false"/>\n </mappings>\n</superblock>\nEOF\ndmsetup create cmeta --table "0 8192 linear /dev/sdc 0"\ncache_restore -i cmeta.xml -o /dev/mapper/cmeta --metadata-version=2\ndmsetup remove cmeta\n\n2. wipe the second array block of the mapping array to simulate\n data degradations.\n\nmapping_root=$(dd if=/dev/sdc bs=1c count=8 skip=192 \\\n2>/dev/null | hexdump -e '1/8 "%u\\n"')\nablock=$(dd if=/dev/sdc bs=1c count=8 skip=$((4096*mapping_root+2056)) \\\n2>/dev/null | hexdump -e '1/8 "%u\\n"')\ndd if=/dev/zero of=/dev/sdc bs=4k count=1 seek=$ablock\n\n3. try bringing up the cache device. The resume is expected to fail\n due to the broken array block.\n\ndmsetup create cmeta --table "0 8192 linear /dev/sdc 0"\ndmsetup create cdata --table "0 65536 linear /dev/sdc 8192"\ndmsetup create corig --table "0 524288 linear /dev/sdc 262144"\ndmsetup create cache --notable\ndmsetup load cache --table "0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0"\ndmsetup resume cache\n\n4. try resuming the cache again. An unexpected BUG_ON is triggered\n while loading cache mappings.\n\ndmsetup resume cache\n\nKernel logs:\n\n(snip)\n------------[ cut here ]------------\nkernel BUG at drivers/md/dm-cache-policy-smq.c:752!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 332 Comm: dmsetup Not tainted 6.13.4 #3\nRIP: 0010:smq_load_mapping+0x3e5/0x570\n\nFix by disallowing resume operations for devices that failed the\ninitial attempt.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38066 was patched at 2025-06-17

411. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38068) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space, disregarding the buffer length provided by the caller. Add a safe compression interface that checks for the end of buffer before each write. Use the safe interface in crypto/lzo.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: lzo - Fix compression buffer overrun\n\nUnlike the decompression code, the compression code in LZO never\nchecked for output overruns. It instead assumes that the caller\nalways provides enough buffer space, disregarding the buffer length\nprovided by the caller.\n\nAdd a safe compression interface that checks for the end of buffer\nbefore each write. Use the safe interface in crypto/lzo.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38068 was patched at 2025-06-17

412. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38072) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: libnvdimm/labels: Fix divide error in nd_label_data_init() If a faulty CXL memory device returns a broken zero LSA size in its memory device information (Identify Memory Device (Opcode 4000h), CXL spec. 3.1, 8.2.9.9.1.1), a divide error occurs in the libnvdimm driver: Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm] Code and flow: 1) CXL Command 4000h returns LSA size = 0 2) config_size is assigned to zero LSA size (CXL pmem driver): drivers/cxl/pmem.c: .config_size = mds->lsa_size, 3) max_xfer is set to zero (nvdimm driver): drivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd->nsarea.max_xfer, config_size); 4) A subsequent DIV_ROUND_UP() causes a division by zero: drivers/nvdimm/label.c: /* Make our initial read size a multiple of max_xfer size */ drivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) * max_xfer, drivers/nvdimm/label.c- config_size); Fix this by checking the config size parameter by extending an existing check.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlibnvdimm/labels: Fix divide error in nd_label_data_init()\n\nIf a faulty CXL memory device returns a broken zero LSA size in its\nmemory device information (Identify Memory Device (Opcode 4000h), CXL\nspec. 3.1, 8.2.9.9.1.1), a divide error occurs in the libnvdimm\ndriver:\n\n Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI\n RIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm]\n\nCode and flow:\n\n1) CXL Command 4000h returns LSA size = 0\n2) config_size is assigned to zero LSA size (CXL pmem driver):\n\ndrivers/cxl/pmem.c: .config_size = mds->lsa_size,\n\n3) max_xfer is set to zero (nvdimm driver):\n\ndrivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd->nsarea.max_xfer, config_size);\n\n4) A subsequent DIV_ROUND_UP() causes a division by zero:\n\ndrivers/nvdimm/label.c: /* Make our initial read size a multiple of max_xfer size */\ndrivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) * max_xfer,\ndrivers/nvdimm/label.c- config_size);\n\nFix this by checking the config size parameter by extending an\nexisting check.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38072 was patched at 2025-06-17

413. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38078) - Low [161]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silence data at initialization (or reconfiguration) of a stream with the explicit call of snd_pcm_format_set_silence() with runtime->dma_area. But this may lead to a UAF because the accessed runtime->dma_area might be freed concurrently, as it's performed outside the PCM ops. For avoiding it, move the code into the PCM core and perform it inside the buffer access lock, so that it won't be changed during the operation.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Fix race of buffer access at PCM OSS layer\n\nThe PCM OSS layer tries to clear the buffer with the silence data at\ninitialization (or reconfiguration) of a stream with the explicit call\nof snd_pcm_format_set_silence() with runtime->dma_area. But this may\nlead to a UAF because the accessed runtime->dma_area might be freed\nconcurrently, as it's performed outside the PCM ops.\n\nFor avoiding it, move the code into the PCM core and perform it inside\nthe buffer access lock, so that it won't be changed during the\noperation.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07485

debian: CVE-2025-38078 was patched at 2025-06-17

414. Denial of Service - Unknown Product (CVE-2023-47466) - Low [160]

Description: {'nvd_cve_data_all': 'TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.9. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00018, EPSS Percentile is 0.02936

debian: CVE-2023-47466 was patched at 2025-06-17

415. Denial of Service - Unknown Product (CVE-2025-6140) - Low [160]

Description: {'nvd_cve_data_all': 'A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.0174

debian: CVE-2025-6140 was patched at 2025-06-17

416. Denial of Service - Unknown Product (CVE-2025-6273) - Low [160]

Description: {'nvd_cve_data_all': 'A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs".', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs".', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01724

debian: CVE-2025-6273 was patched at 2025-06-17

417. Denial of Service - Unknown Product (CVE-2025-6274) - Low [160]

Description: {'nvd_cve_data_all': 'A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01724

debian: CVE-2025-6274 was patched at 2025-06-17

418. Denial of Service - Unknown Product (CVE-2025-6497) - Low [160]

Description: {'nvd_cve_data_all': 'A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01724

debian: CVE-2025-6497 was patched at 2025-06-17

419. Denial of Service - Unknown Product (CVE-2025-6536) - Low [160]

Description: {'nvd_cve_data_all': 'A vulnerability has been found in Tarantool up to 3.3.1 and classified as problematic. Affected by this vulnerability is the function tm_to_datetime in the library src/lib/core/datetime.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability has been found in Tarantool up to 3.3.1 and classified as problematic. Affected by this vulnerability is the function tm_to_datetime in the library src/lib/core/datetime.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00013, EPSS Percentile is 0.0138

debian: CVE-2025-6536 was patched at 2025-06-17

420. Memory Corruption - Unknown Product (CVE-2025-49133) - Low [160]

Description: {'nvd_cve_data_all': 'Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds (OOB) read vulnerability. The vulnerability occurs in the ‘CryptHmacSign’ function with an inconsistent pairing of the signKey and signScheme parameters, where the signKey is ALG_KEYEDHASH key and inScheme is an ECC or RSA scheme. The reported vulnerability is in the ‘CryptHmacSign’ function, which is defined in the "Part 4: Supporting Routines – Code" document, section "7.151 - /tpm/src/crypt/CryptUtil.c ". This vulnerability can be triggered from user-mode applications by sending malicious commands to a TPM 2.0/vTPM (swtpm) whose firmware is based on an affected TCG reference implementation. The effect on libtpms is that it will cause an abort due to the detection of the out-of-bounds access, thus for example making a vTPM (swtpm) unavailable to a VM. This vulnerability is fixed in 0.7.12, 0.8.10, 0.9.7, and 0.10.1.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds (OOB) read vulnerability. The vulnerability occurs in the ‘CryptHmacSign’ function with an inconsistent pairing of the signKey and signScheme parameters, where the signKey is ALG_KEYEDHASH key and inScheme is an ECC or RSA scheme. The reported vulnerability is in the ‘CryptHmacSign’ function, which is defined in the "Part 4: Supporting Routines – Code" document, section "7.151 - /tpm/src/crypt/CryptUtil.c ". This vulnerability can be triggered from user-mode applications by sending malicious commands to a TPM 2.0/vTPM (swtpm) whose firmware is based on an affected TCG reference implementation. The effect on libtpms is that it will cause an abort due to the detection of the out-of-bounds access, thus for example making a vTPM (swtpm) unavailable to a VM. This vulnerability is fixed in 0.7.12, 0.8.10, 0.9.7, and 0.10.1.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00012, EPSS Percentile is 0.01142

debian: CVE-2025-49133 was patched at 2025-06-17

421. Memory Corruption - Unknown Product (CVE-2025-49175) - Low [160]

Description: {'nvd_cve_data_all': 'A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00013, EPSS Percentile is 0.01447

debian: CVE-2025-49175 was patched at 2025-06-17, 2025-06-23

oraclelinux: CVE-2025-49175 was patched at 2025-06-23

ubuntu: CVE-2025-49175 was patched at 2025-06-17, 2025-06-18

422. Memory Corruption - Unknown Product (CVE-2025-52993) - Low [160]

Description: {'nvd_cve_data_all': 'A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user (e.g., nixbld* or guixbuild*). This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user (e.g., nixbld* or guixbuild*). This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.6. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00012, EPSS Percentile is 0.01138

debian: CVE-2025-52993 was patched at 2025-06-17

423. Memory Corruption - Unknown Product (CVE-2025-5318) - Low [160]

Description: {'nvd_cve_data_all': 'A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00037, EPSS Percentile is 0.0986

debian: CVE-2025-5318 was patched at 2025-06-17

424. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49935) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later Previously when we added a fence to a dma_resv object we always assumed the the newer than all the existing fences. With Jason's work to add an UAPI to explicit export/import that's not necessary the case any more. So without this check we would allow userspace to force the kernel into an use after free error. Since the change is very small and defensive it's probably a good idea to backport this to stable kernels as well just in case others are using the dma_resv object in the same way.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/dma-resv: check if the new fence is really later\n\nPreviously when we added a fence to a dma_resv object we always\nassumed the the newer than all the existing fences.\n\nWith Jason's work to add an UAPI to explicit export/import that's not\nnecessary the case any more. So without this check we would allow\nuserspace to force the kernel into an use after free error.\n\nSince the change is very small and defensive it's probably a good\nidea to backport this to stable kernels as well just in case others\nare using the dma_resv object in the same way.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49935 was patched at 2025-06-17

425. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49937) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usb_control_msg_*() routines Automatic kernel fuzzing led to a WARN about invalid pipe direction in the mceusb driver: ------------[ cut here ]------------ usb 6-1: BOGUS control dir, pipe 80000380 doesn't match bRequestType 40 WARNING: CPU: 0 PID: 2465 at drivers/usb/core/urb.c:410 usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410 Modules linked in: CPU: 0 PID: 2465 Comm: kworker/0:2 Not tainted 5.19.0-rc4-00208-g69cb6c6556ad #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410 Code: 7c 24 40 e8 ac 23 91 fd 48 8b 7c 24 40 e8 b2 70 1b ff 45 89 e8 44 89 f1 4c 89 e2 48 89 c6 48 c7 c7 a0 30 a9 86 e8 48 07 11 02 <0f> 0b e9 1c f0 ff ff e8 7e 23 91 fd 0f b6 1d 63 22 83 05 31 ff 41 RSP: 0018:ffffc900032becf0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff8881100f3058 RCX: 0000000000000000 RDX: ffffc90004961000 RSI: ffff888114c6d580 RDI: fffff52000657d90 RBP: ffff888105ad90f0 R08: ffffffff812c3638 R09: 0000000000000000 R10: 0000000000000005 R11: ffffed1023504ef1 R12: ffff888105ad9000 R13: 0000000000000040 R14: 0000000080000380 R15: ffff88810ba96500 FS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe810bda58 CR3: 000000010b720000 CR4: 0000000000350ef0 Call Trace: <TASK> usb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58 usb_internal_control_msg drivers/usb/core/message.c:102 [inline] usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153 mceusb_gen1_init drivers/media/rc/mceusb.c:1431 [inline] mceusb_dev_probe+0x258e/0x33f0 drivers/media/rc/mceusb.c:1807 The reason for the warning is clear enough; the driver sends an unusual read request on endpoint 0 but does not set the USB_DIR_IN bit in the bRequestType field. More importantly, the whole situation can be avoided and the driver simplified by converting it over to the relatively new usb_control_msg_recv() and usb_control_msg_send() routines. That's what this fix does.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mceusb: Use new usb_control_msg_*() routines\n\nAutomatic kernel fuzzing led to a WARN about invalid pipe direction in\nthe mceusb driver:\n\n------------[ cut here ]------------\nusb 6-1: BOGUS control dir, pipe 80000380 doesn't match bRequestType 40\nWARNING: CPU: 0 PID: 2465 at drivers/usb/core/urb.c:410\nusb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410\nModules linked in:\nCPU: 0 PID: 2465 Comm: kworker/0:2 Not tainted 5.19.0-rc4-00208-g69cb6c6556ad #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410\nCode: 7c 24 40 e8 ac 23 91 fd 48 8b 7c 24 40 e8 b2 70 1b ff 45 89 e8\n44 89 f1 4c 89 e2 48 89 c6 48 c7 c7 a0 30 a9 86 e8 48 07 11 02 <0f> 0b\ne9 1c f0 ff ff e8 7e 23 91 fd 0f b6 1d 63 22 83 05 31 ff 41\nRSP: 0018:ffffc900032becf0 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff8881100f3058 RCX: 0000000000000000\nRDX: ffffc90004961000 RSI: ffff888114c6d580 RDI: fffff52000657d90\nRBP: ffff888105ad90f0 R08: ffffffff812c3638 R09: 0000000000000000\nR10: 0000000000000005 R11: ffffed1023504ef1 R12: ffff888105ad9000\nR13: 0000000000000040 R14: 0000000080000380 R15: ffff88810ba96500\nFS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffe810bda58 CR3: 000000010b720000 CR4: 0000000000350ef0\nCall Trace:\n<TASK>\nusb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58\nusb_internal_control_msg drivers/usb/core/message.c:102 [inline]\nusb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153\nmceusb_gen1_init drivers/media/rc/mceusb.c:1431 [inline]\nmceusb_dev_probe+0x258e/0x33f0 drivers/media/rc/mceusb.c:1807\n\nThe reason for the warning is clear enough; the driver sends an\nunusual read request on endpoint 0 but does not set the USB_DIR_IN bit\nin the bRequestType field.\n\nMore importantly, the whole situation can be avoided and the driver\nsimplified by converting it over to the relatively new\nusb_control_msg_recv() and usb_control_msg_send() routines. That's\nwhat this fix does.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-49937 was patched at 2025-06-17

426. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49938) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), after the request is sent, the checks would return -EIO when they should be rather setting rc = -EIO and jumping to neg_exit to free the response buffer from mempool.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix small mempool leak in SMB2_negotiate()\n\nIn some cases of failure (dialect mismatches) in SMB2_negotiate(), after\nthe request is sent, the checks would return -EIO when they should be\nrather setting rc = -EIO and jumping to neg_exit to free the response\nbuffer from mempool.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-49938 was patched at 2025-06-17

427. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49943) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix obscure lockdep violation for udc_mutex A recent commit expanding the scope of the udc_lock mutex in the gadget core managed to cause an obscure and slightly bizarre lockdep violation. In abbreviated form: ====================================================== WARNING: possible circular locking dependency detected 5.19.0-rc7+ #12510 Not tainted ------------------------------------------------------ udevadm/312 is trying to acquire lock: ffff80000aae1058 (udc_lock){+.+.}-{3:3}, at: usb_udc_uevent+0x54/0xe0 but task is already holding lock: ffff000002277548 (kn->active#4){++++}-{0:0}, at: kernfs_seq_start+0x34/0xe0 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #3 (kn->active#4){++++}-{0:0}: lock_acquire+0x68/0x84 __kernfs_remove+0x268/0x380 kernfs_remove_by_name_ns+0x58/0xac sysfs_remove_file_ns+0x18/0x24 device_del+0x15c/0x440 -> #2 (device_links_lock){+.+.}-{3:3}: lock_acquire+0x68/0x84 __mutex_lock+0x9c/0x430 mutex_lock_nested+0x38/0x64 device_link_remove+0x3c/0xa0 _regulator_put.part.0+0x168/0x190 regulator_put+0x3c/0x54 devm_regulator_release+0x14/0x20 -> #1 (regulator_list_mutex){+.+.}-{3:3}: lock_acquire+0x68/0x84 __mutex_lock+0x9c/0x430 mutex_lock_nested+0x38/0x64 regulator_lock_dependent+0x54/0x284 regulator_enable+0x34/0x80 phy_power_on+0x24/0x130 __dwc2_lowlevel_hw_enable+0x100/0x130 dwc2_lowlevel_hw_enable+0x18/0x40 dwc2_hsotg_udc_start+0x6c/0x2f0 gadget_bind_driver+0x124/0x1f4 -> #0 (udc_lock){+.+.}-{3:3}: __lock_acquire+0x1298/0x20cc lock_acquire.part.0+0xe0/0x230 lock_acquire+0x68/0x84 __mutex_lock+0x9c/0x430 mutex_lock_nested+0x38/0x64 usb_udc_uevent+0x54/0xe0 Evidently this was caused by the scope of udc_mutex being too large. The mutex is only meant to protect udc->driver along with a few other things. As far as I can tell, there's no reason for the mutex to be held while the gadget core calls a gadget driver's ->bind or ->unbind routine, or while a UDC is being started or stopped. (This accounts for link #1 in the chain above, where the mutex is held while the dwc2_hsotg_udc is started as part of driver probing.) Gadget drivers' ->disconnect callbacks are problematic. Even though usb_gadget_disconnect() will now acquire the udc_mutex, there's a window in usb_gadget_bind_driver() between the times when the mutex is released and the ->bind callback is invoked. If a disconnect occurred during that window, we could call the driver's ->disconnect routine before its ->bind routine. To prevent this from happening, it will be necessary to prevent a UDC from connecting while it has no gadget driver. This should be done already but it doesn't seem to be; currently usb_gadget_connect() has no check for this. Such a check will have to be added later. Some degree of mutual exclusion is required in soft_connect_store(), which can dereference udc->driver at arbitrary times since it is a sysfs callback. The solution here is to acquire the gadget's device lock rather than the udc_mutex. Since the driver core guarantees that the device lock is always held during driver binding and unbinding, this will make the accesses in soft_connect_store() mutually exclusive with any changes to udc->driver. Lastly, it turns out there is one place which should hold the udc_mutex but currently does not: The function_show() routine needs protection while it dereferences udc->driver. The missing lock and unlock calls are added.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix obscure lockdep violation for udc_mutex\n\nA recent commit expanding the scope of the udc_lock mutex in the\ngadget core managed to cause an obscure and slightly bizarre lockdep\nviolation. In abbreviated form:\n\n======================================================\nWARNING: possible circular locking dependency detected\n5.19.0-rc7+ #12510 Not tainted\n------------------------------------------------------\nudevadm/312 is trying to acquire lock:\nffff80000aae1058 (udc_lock){+.+.}-{3:3}, at: usb_udc_uevent+0x54/0xe0\n\nbut task is already holding lock:\nffff000002277548 (kn->active#4){++++}-{0:0}, at: kernfs_seq_start+0x34/0xe0\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #3 (kn->active#4){++++}-{0:0}:\n \xa0\xa0\xa0\xa0\xa0\xa0 lock_acquire+0x68/0x84\n \xa0\xa0\xa0\xa0\xa0\xa0 __kernfs_remove+0x268/0x380\n \xa0\xa0\xa0\xa0\xa0\xa0 kernfs_remove_by_name_ns+0x58/0xac\n \xa0\xa0\xa0\xa0\xa0\xa0 sysfs_remove_file_ns+0x18/0x24\n \xa0\xa0\xa0\xa0\xa0\xa0 device_del+0x15c/0x440\n\n-> #2 (device_links_lock){+.+.}-{3:3}:\n \xa0\xa0\xa0\xa0\xa0\xa0 lock_acquire+0x68/0x84\n \xa0\xa0\xa0\xa0\xa0\xa0 __mutex_lock+0x9c/0x430\n \xa0\xa0\xa0\xa0\xa0\xa0 mutex_lock_nested+0x38/0x64\n \xa0\xa0\xa0\xa0\xa0\xa0 device_link_remove+0x3c/0xa0\n \xa0\xa0\xa0\xa0\xa0\xa0 _regulator_put.part.0+0x168/0x190\n \xa0\xa0\xa0\xa0\xa0\xa0 regulator_put+0x3c/0x54\n \xa0\xa0\xa0\xa0\xa0\xa0 devm_regulator_release+0x14/0x20\n\n-> #1 (regulator_list_mutex){+.+.}-{3:3}:\n \xa0\xa0\xa0\xa0\xa0\xa0 lock_acquire+0x68/0x84\n \xa0\xa0\xa0\xa0\xa0\xa0 __mutex_lock+0x9c/0x430\n \xa0\xa0\xa0\xa0\xa0\xa0 mutex_lock_nested+0x38/0x64\n \xa0\xa0\xa0\xa0\xa0\xa0 regulator_lock_dependent+0x54/0x284\n \xa0\xa0\xa0\xa0\xa0\xa0 regulator_enable+0x34/0x80\n \xa0\xa0\xa0\xa0\xa0\xa0 phy_power_on+0x24/0x130\n \xa0\xa0\xa0\xa0\xa0\xa0 __dwc2_lowlevel_hw_enable+0x100/0x130\n \xa0\xa0\xa0\xa0\xa0\xa0 dwc2_lowlevel_hw_enable+0x18/0x40\n \xa0\xa0\xa0\xa0\xa0\xa0 dwc2_hsotg_udc_start+0x6c/0x2f0\n \xa0\xa0\xa0\xa0\xa0\xa0 gadget_bind_driver+0x124/0x1f4\n\n-> #0 (udc_lock){+.+.}-{3:3}:\n \xa0\xa0\xa0\xa0\xa0\xa0 __lock_acquire+0x1298/0x20cc\n \xa0\xa0\xa0\xa0\xa0\xa0 lock_acquire.part.0+0xe0/0x230\n \xa0\xa0\xa0\xa0\xa0\xa0 lock_acquire+0x68/0x84\n \xa0\xa0\xa0\xa0\xa0\xa0 __mutex_lock+0x9c/0x430\n \xa0\xa0\xa0\xa0\xa0\xa0 mutex_lock_nested+0x38/0x64\n \xa0\xa0\xa0\xa0\xa0\xa0 usb_udc_uevent+0x54/0xe0\n\nEvidently this was caused by the scope of udc_mutex being too large.\nThe mutex is only meant to protect udc->driver along with a few other\nthings. As far as I can tell, there's no reason for the mutex to be\nheld while the gadget core calls a gadget driver's ->bind or ->unbind\nroutine, or while a UDC is being started or stopped. (This accounts\nfor link #1 in the chain above, where the mutex is held while the\ndwc2_hsotg_udc is started as part of driver probing.)\n\nGadget drivers' ->disconnect callbacks are problematic. Even though\nusb_gadget_disconnect() will now acquire the udc_mutex, there's a\nwindow in usb_gadget_bind_driver() between the times when the mutex is\nreleased and the ->bind callback is invoked. If a disconnect occurred\nduring that window, we could call the driver's ->disconnect routine\nbefore its ->bind routine. To prevent this from happening, it will be\nnecessary to prevent a UDC from connecting while it has no gadget\ndriver. This should be done already but it doesn't seem to be;\ncurrently usb_gadget_connect() has no check for this. Such a check\nwill have to be added later.\n\nSome degree of mutual exclusion is required in soft_connect_store(),\nwhich can dereference udc->driver at arbitrary times since it is a\nsysfs callback. The solution here is to acquire the gadget's device\nlock rather than the udc_mutex. Since the driver core guarantees that\nthe device lock is always held during driver binding and unbinding,\nthis will make the accesses in soft_connect_store() mutually exclusive\nwith any changes to udc->driver.\n\nLastly, it turns out there is one place which should hold the\nudc_mutex but currently does not: The function_show() routine needs\nprotection while it dereferences udc->driver. The missing lock and\nunlock calls are added.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49943 was patched at 2025-06-17

428. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49944) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: Revert "usb: typec: ucsi: add a common function ucsi_unregister_connectors()" The recent commit 87d0e2f41b8c ("usb: typec: ucsi: add a common function ucsi_unregister_connectors()") introduced a regression that caused NULL dereference at reading the power supply sysfs. It's a stale sysfs entry that should have been removed but remains with NULL ops. The commit changed the error handling to skip the entries after a NULL con->wq, and this leaves the power device unreleased. For addressing the regression, the straight revert is applied here. Further code improvements can be done from the scratch again.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "usb: typec: ucsi: add a common function ucsi_unregister_connectors()"\n\nThe recent commit 87d0e2f41b8c ("usb: typec: ucsi: add a common\nfunction ucsi_unregister_connectors()") introduced a regression that\ncaused NULL dereference at reading the power supply sysfs. It's a\nstale sysfs entry that should have been removed but remains with NULL\nops. The commit changed the error handling to skip the entries after\na NULL con->wq, and this leaves the power device unreleased.\n\nFor addressing the regression, the straight revert is applied here.\nFurther code improvements can be done from the scratch again.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49944 was patched at 2025-06-17

429. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49946) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Prevent out-of-bounds access The while loop in raspberrypi_discover_clocks() relies on the assumption that the id of the last clock element is zero. Because this data comes from the Videocore firmware and it doesn't guarantuee such a behavior this could lead to out-of-bounds access. So fix this by providing a sentinel element.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Prevent out-of-bounds access\n\nThe while loop in raspberrypi_discover_clocks() relies on the assumption\nthat the id of the last clock element is zero. Because this data comes\nfrom the Videocore firmware and it doesn't guarantuee such a behavior\nthis could lead to out-of-bounds access. So fix this by providing\na sentinel element.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-49946 was patched at 2025-06-17

430. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49947) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: binder: fix alloc->vma_vm_mm null-ptr dereference Syzbot reported a couple issues introduced by commit 44e602b4e52f ("binder_alloc: add missing mmap_lock calls when using the VMA"), in which we attempt to acquire the mmap_lock when alloc->vma_vm_mm has not been initialized yet. This can happen if a binder_proc receives a transaction without having previously called mmap() to setup the binder_proc->alloc space in [1]. Also, a similar issue occurs via binder_alloc_print_pages() when we try to dump the debugfs binder stats file in [2]. Sample of syzbot's crash report: ================================================================== KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f] CPU: 0 PID: 3755 Comm: syz-executor229 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0 syz-executor229[3755] cmdline: ./syz-executor2294415195 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 RIP: 0010:__lock_acquire+0xd83/0x56d0 kernel/locking/lockdep.c:4923 [...] Call Trace: <TASK> lock_acquire kernel/locking/lockdep.c:5666 [inline] lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631 down_read+0x98/0x450 kernel/locking/rwsem.c:1499 mmap_read_lock include/linux/mmap_lock.h:117 [inline] binder_alloc_new_buf_locked drivers/android/binder_alloc.c:405 [inline] binder_alloc_new_buf+0xa5/0x19e0 drivers/android/binder_alloc.c:593 binder_transaction+0x242e/0x9a80 drivers/android/binder.c:3199 binder_thread_write+0x664/0x3220 drivers/android/binder.c:3986 binder_ioctl_write_read drivers/android/binder.c:5036 [inline] binder_ioctl+0x3470/0x6d00 drivers/android/binder.c:5323 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd [...] ================================================================== Fix these issues by setting up alloc->vma_vm_mm pointer during open() and caching directly from current->mm. This guarantees we have a valid reference to take the mmap_lock during scenarios described above. [1] https://syzkaller.appspot.com/bug?extid=f7dc54e5be28950ac459 [2] https://syzkaller.appspot.com/bug?extid=a75ebe0452711c9e56d9', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix alloc->vma_vm_mm null-ptr dereference\n\nSyzbot reported a couple issues introduced by commit 44e602b4e52f\n("binder_alloc: add missing mmap_lock calls when using the VMA"), in\nwhich we attempt to acquire the mmap_lock when alloc->vma_vm_mm has not\nbeen initialized yet.\n\nThis can happen if a binder_proc receives a transaction without having\npreviously called mmap() to setup the binder_proc->alloc space in [1].\nAlso, a similar issue occurs via binder_alloc_print_pages() when we try\nto dump the debugfs binder stats file in [2].\n\nSample of syzbot's crash report:\n ==================================================================\n KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f]\n CPU: 0 PID: 3755 Comm: syz-executor229 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0\n syz-executor229[3755] cmdline: ./syz-executor2294415195\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022\n RIP: 0010:__lock_acquire+0xd83/0x56d0 kernel/locking/lockdep.c:4923\n [...]\n Call Trace:\n <TASK>\n lock_acquire kernel/locking/lockdep.c:5666 [inline]\n lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631\n down_read+0x98/0x450 kernel/locking/rwsem.c:1499\n mmap_read_lock include/linux/mmap_lock.h:117 [inline]\n binder_alloc_new_buf_locked drivers/android/binder_alloc.c:405 [inline]\n binder_alloc_new_buf+0xa5/0x19e0 drivers/android/binder_alloc.c:593\n binder_transaction+0x242e/0x9a80 drivers/android/binder.c:3199\n binder_thread_write+0x664/0x3220 drivers/android/binder.c:3986\n binder_ioctl_write_read drivers/android/binder.c:5036 [inline]\n binder_ioctl+0x3470/0x6d00 drivers/android/binder.c:5323\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n [...]\n ==================================================================\n\nFix these issues by setting up alloc->vma_vm_mm pointer during open()\nand caching directly from current->mm. This guarantees we have a valid\nreference to take the mmap_lock during scenarios described above.\n\n[1] https://syzkaller.appspot.com/bug?extid=f7dc54e5be28950ac459\n[2] https://syzkaller.appspot.com/bug?extid=a75ebe0452711c9e56d9', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-49947 was patched at 2025-06-17

431. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49953) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: iio: light: cm3605: Fix an error handling path in cm3605_probe() The commit in Fixes also introduced a new error handling path which should goto the existing error handling path. Otherwise some resources leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: cm3605: Fix an error handling path in cm3605_probe()\n\nThe commit in Fixes also introduced a new error handling path which should\ngoto the existing error handling path.\nOtherwise some resources leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49953 was patched at 2025-06-17

432. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49954) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag syzbot is reporting hung task at __input_unregister_device() [1], for iforce_close() waiting at wait_event_interruptible() with dev->mutex held is blocking input_disconnect_device() from __input_unregister_device(). It seems that the cause is simply that commit c2b27ef672992a20 ("Input: iforce - wait for command completion when closing the device") forgot to call wake_up() after clear_bit(). Fix this problem by introducing a helper that calls clear_bit() followed by wake_up_all().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag\n\nsyzbot is reporting hung task at __input_unregister_device() [1], for\niforce_close() waiting at wait_event_interruptible() with dev->mutex held\nis blocking input_disconnect_device() from __input_unregister_device().\n\nIt seems that the cause is simply that commit c2b27ef672992a20 ("Input:\niforce - wait for command completion when closing the device") forgot to\ncall wake_up() after clear_bit().\n\nFix this problem by introducing a helper that calls clear_bit() followed\nby wake_up_all().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-49954 was patched at 2025-06-17

433. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49955) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Fix RTAS MSR[HV] handling for Cell The semi-recent changes to MSR handling when entering RTAS (firmware) cause crashes on IBM Cell machines. An example trace: kernel tried to execute user page (2fff01a8) - exploit attempt? (uid: 0) BUG: Unable to handle kernel instruction fetch Faulting instruction address: 0x2fff01a8 Oops: Kernel access of bad area, sig: 11 [#1] BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 NUMA Cell Modules linked in: CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.0.0-rc2-00433-gede0a8d3307a #207 NIP: 000000002fff01a8 LR: 0000000000032608 CTR: 0000000000000000 REGS: c0000000015236b0 TRAP: 0400 Tainted: G W (6.0.0-rc2-00433-gede0a8d3307a) MSR: 0000000008001002 <ME,RI> CR: 00000000 XER: 20000000 ... NIP 0x2fff01a8 LR 0x32608 Call Trace: 0xc00000000143c5f8 (unreliable) .rtas_call+0x224/0x320 .rtas_get_boot_time+0x70/0x150 .read_persistent_clock64+0x114/0x140 .read_persistent_wall_and_boot_offset+0x24/0x80 .timekeeping_init+0x40/0x29c .start_kernel+0x674/0x8f0 start_here_common+0x1c/0x50 Unlike PAPR platforms where RTAS is only used in guests, on the IBM Cell machines Linux runs with MSR[HV] set but also uses RTAS, provided by SLOF. Fix it by copying the MSR[HV] bit from the MSR value we've just read using mfmsr into the value used for RTAS. It seems like we could also fix it using an #ifdef CELL to set MSR[HV], but that doesn't work because it's possible to build a single kernel image that runs on both Cell native and pseries.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: Fix RTAS MSR[HV] handling for Cell\n\nThe semi-recent changes to MSR handling when entering RTAS (firmware)\ncause crashes on IBM Cell machines. An example trace:\n\n kernel tried to execute user page (2fff01a8) - exploit attempt? (uid: 0)\n BUG: Unable to handle kernel instruction fetch\n Faulting instruction address: 0x2fff01a8\n Oops: Kernel access of bad area, sig: 11 [#1]\n BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 NUMA Cell\n Modules linked in:\n CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.0.0-rc2-00433-gede0a8d3307a #207\n NIP: 000000002fff01a8 LR: 0000000000032608 CTR: 0000000000000000\n REGS: c0000000015236b0 TRAP: 0400 Tainted: G W (6.0.0-rc2-00433-gede0a8d3307a)\n MSR: 0000000008001002 <ME,RI> CR: 00000000 XER: 20000000\n ...\n NIP 0x2fff01a8\n LR 0x32608\n Call Trace:\n 0xc00000000143c5f8 (unreliable)\n .rtas_call+0x224/0x320\n .rtas_get_boot_time+0x70/0x150\n .read_persistent_clock64+0x114/0x140\n .read_persistent_wall_and_boot_offset+0x24/0x80\n .timekeeping_init+0x40/0x29c\n .start_kernel+0x674/0x8f0\n start_here_common+0x1c/0x50\n\nUnlike PAPR platforms where RTAS is only used in guests, on the IBM Cell\nmachines Linux runs with MSR[HV] set but also uses RTAS, provided by\nSLOF.\n\nFix it by copying the MSR[HV] bit from the MSR value we've just read\nusing mfmsr into the value used for RTAS.\n\nIt seems like we could also fix it using an #ifdef CELL to set MSR[HV],\nbut that doesn't work because it's possible to build a single kernel\nimage that runs on both Cell native and pseries.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49955 was patched at 2025-06-17

434. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49958) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net/sched: fix netdevice reference leaks in attach_default_qdiscs() In attach_default_qdiscs(), if a dev has multiple queues and queue 0 fails to attach qdisc because there is no memory in attach_one_default_qdisc(). Then dev->qdisc will be noop_qdisc by default. But the other queues may be able to successfully attach to default qdisc. In this case, the fallback to noqueue process will be triggered. If the original attached qdisc is not released and a new one is directly attached, this will cause netdevice reference leaks. The following is the bug log: veth0: default qdisc (fq_codel) fail, fallback to noqueue unregister_netdevice: waiting for veth0 to become free. Usage count = 32 leaked reference. qdisc_alloc+0x12e/0x210 qdisc_create_dflt+0x62/0x140 attach_one_default_qdisc.constprop.41+0x44/0x70 dev_activate+0x128/0x290 __dev_open+0x12a/0x190 __dev_change_flags+0x1a2/0x1f0 dev_change_flags+0x23/0x60 do_setlink+0x332/0x1150 __rtnl_newlink+0x52f/0x8e0 rtnl_newlink+0x43/0x70 rtnetlink_rcv_msg+0x140/0x3b0 netlink_rcv_skb+0x50/0x100 netlink_unicast+0x1bb/0x290 netlink_sendmsg+0x37c/0x4e0 sock_sendmsg+0x5f/0x70 ____sys_sendmsg+0x208/0x280 Fix this bug by clearing any non-noop qdiscs that may have been assigned before trying to re-attach.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix netdevice reference leaks in attach_default_qdiscs()\n\nIn attach_default_qdiscs(), if a dev has multiple queues and queue 0 fails\nto attach qdisc because there is no memory in attach_one_default_qdisc().\nThen dev->qdisc will be noop_qdisc by default. But the other queues may be\nable to successfully attach to default qdisc.\n\nIn this case, the fallback to noqueue process will be triggered. If the\noriginal attached qdisc is not released and a new one is directly\nattached, this will cause netdevice reference leaks.\n\nThe following is the bug log:\n\nveth0: default qdisc (fq_codel) fail, fallback to noqueue\nunregister_netdevice: waiting for veth0 to become free. Usage count = 32\nleaked reference.\n qdisc_alloc+0x12e/0x210\n qdisc_create_dflt+0x62/0x140\n attach_one_default_qdisc.constprop.41+0x44/0x70\n dev_activate+0x128/0x290\n __dev_open+0x12a/0x190\n __dev_change_flags+0x1a2/0x1f0\n dev_change_flags+0x23/0x60\n do_setlink+0x332/0x1150\n __rtnl_newlink+0x52f/0x8e0\n rtnl_newlink+0x43/0x70\n rtnetlink_rcv_msg+0x140/0x3b0\n netlink_rcv_skb+0x50/0x100\n netlink_unicast+0x1bb/0x290\n netlink_sendmsg+0x37c/0x4e0\n sock_sendmsg+0x5f/0x70\n ____sys_sendmsg+0x208/0x280\n\nFix this bug by clearing any non-noop qdiscs that may have been assigned\nbefore trying to re-attach.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-49958 was patched at 2025-06-17

435. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49963) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: fix CCS handling Crucible + recent Mesa seems to sometimes hit: GEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER) And it looks like we can also trigger this with gem_lmem_swapping, if we modify the test to use slightly larger object sizes. Looking closer it looks like we have the following issues in migrate_copy(): - We are using plain integer in various places, which we can easily overflow with a large object. - We pass the entire object size (when the src is lmem) into emit_pte() and then try to copy it, which doesn't work, since we only have a few fixed sized windows in which to map the pages and perform the copy. With an object > 8M we therefore aren't properly copying the pages. And then with an object > 64M we trigger the GEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER). So it looks like our copy handling for any object > 8M (which is our CHUNK_SZ) is currently broken on DG2. Testcase: igt@gem_lmem_swapping (cherry picked from commit 8676145eb2f53a9940ff70910caf0125bd8a4bc2)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/ttm: fix CCS handling\n\nCrucible + recent Mesa seems to sometimes hit:\n\nGEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER)\n\nAnd it looks like we can also trigger this with gem_lmem_swapping, if we\nmodify the test to use slightly larger object sizes.\n\nLooking closer it looks like we have the following issues in\nmigrate_copy():\n\n - We are using plain integer in various places, which we can easily\n overflow with a large object.\n\n - We pass the entire object size (when the src is lmem) into\n emit_pte() and then try to copy it, which doesn't work, since we\n only have a few fixed sized windows in which to map the pages and\n perform the copy. With an object > 8M we therefore aren't properly\n copying the pages. And then with an object > 64M we trigger the\n GEM_BUG_ON(num_ccs_blks > NUM_CCS_BLKS_PER_XFER).\n\nSo it looks like our copy handling for any object > 8M (which is our\nCHUNK_SZ) is currently broken on DG2.\n\nTestcase: igt@gem_lmem_swapping\n(cherry picked from commit 8676145eb2f53a9940ff70910caf0125bd8a4bc2)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49963 was patched at 2025-06-17

436. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49967) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpf_jit_limit. While reading bpf_jit_limit, it can be changed concurrently via sysctl, WRITE_ONCE() in __do_proc_doulongvec_minmax(). The size of bpf_jit_limit is long, so we need to add a paired READ_ONCE() to avoid load-tearing.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a data-race around bpf_jit_limit.\n\nWhile reading bpf_jit_limit, it can be changed concurrently via sysctl,\nWRITE_ONCE() in __do_proc_doulongvec_minmax(). The size of bpf_jit_limit\nis long, so we need to add a paired READ_ONCE() to avoid load-tearing.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49967 was patched at 2025-06-17

437. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49970) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purge_effective_progs Syzkaller reported a triggered kernel BUG as follows: ------------[ cut here ]------------ kernel BUG at kernel/bpf/cgroup.c:925! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 194 Comm: detach Not tainted 5.19.0-14184-g69dac8e431af #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:__cgroup_bpf_detach+0x1f2/0x2a0 Code: 00 e8 92 60 30 00 84 c0 75 d8 4c 89 e0 31 f6 85 f6 74 19 42 f6 84 28 48 05 00 00 02 75 0e 48 8b 80 c0 00 00 00 48 85 c0 75 e5 <0f> 0b 48 8b 0c5 RSP: 0018:ffffc9000055bdb0 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff888100ec0800 RCX: ffffc900000f1000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888100ec4578 RBP: 0000000000000000 R08: ffff888100ec0800 R09: 0000000000000040 R10: 0000000000000000 R11: 0000000000000000 R12: ffff888100ec4000 R13: 000000000000000d R14: ffffc90000199000 R15: ffff888100effb00 FS: 00007f68213d2b80(0000) GS:ffff88813bc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f74a0e5850 CR3: 0000000102836000 CR4: 00000000000006e0 Call Trace: <TASK> cgroup_bpf_prog_detach+0xcc/0x100 __sys_bpf+0x2273/0x2a00 __x64_sys_bpf+0x17/0x20 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f68214dbcb9 Code: 08 44 89 e0 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff8 RSP: 002b:00007ffeb487db68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f68214dbcb9 RDX: 0000000000000090 RSI: 00007ffeb487db70 RDI: 0000000000000009 RBP: 0000000000000003 R08: 0000000000000012 R09: 0000000b00000003 R10: 00007ffeb487db70 R11: 0000000000000246 R12: 00007ffeb487dc20 R13: 0000000000000004 R14: 0000000000000001 R15: 000055f74a1011b0 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- Repetition steps: For the following cgroup tree, root | cg1 | cg2 1. attach prog2 to cg2, and then attach prog1 to cg1, both bpf progs attach type is NONE or OVERRIDE. 2. write 1 to /proc/thread-self/fail-nth for failslab. 3. detach prog1 for cg1, and then kernel BUG occur. Failslab injection will cause kmalloc fail and fall back to purge_effective_progs. The problem is that cg2 have attached another prog, so when go through cg2 layer, iteration will add pos to 1, and subsequent operations will be skipped by the following condition, and cg will meet NULL in the end. `if (pos && !(cg->bpf.flags[atype] & BPF_F_ALLOW_MULTI))` The NULL cg means no link or prog match, this is as expected, and it's not a bug. So here just skip the no match situation.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cgroup: Fix kernel BUG in purge_effective_progs\n\nSyzkaller reported a triggered kernel BUG as follows:\n\n ------------[ cut here ]------------\n kernel BUG at kernel/bpf/cgroup.c:925!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 194 Comm: detach Not tainted 5.19.0-14184-g69dac8e431af #8\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n RIP: 0010:__cgroup_bpf_detach+0x1f2/0x2a0\n Code: 00 e8 92 60 30 00 84 c0 75 d8 4c 89 e0 31 f6 85 f6 74 19 42 f6 84\n 28 48 05 00 00 02 75 0e 48 8b 80 c0 00 00 00 48 85 c0 75 e5 <0f> 0b 48\n 8b 0c5\n RSP: 0018:ffffc9000055bdb0 EFLAGS: 00000246\n RAX: 0000000000000000 RBX: ffff888100ec0800 RCX: ffffc900000f1000\n RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff888100ec4578\n RBP: 0000000000000000 R08: ffff888100ec0800 R09: 0000000000000040\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff888100ec4000\n R13: 000000000000000d R14: ffffc90000199000 R15: ffff888100effb00\n FS: 00007f68213d2b80(0000) GS:ffff88813bc80000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055f74a0e5850 CR3: 0000000102836000 CR4: 00000000000006e0\n Call Trace:\n <TASK>\n cgroup_bpf_prog_detach+0xcc/0x100\n __sys_bpf+0x2273/0x2a00\n __x64_sys_bpf+0x17/0x20\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x7f68214dbcb9\n Code: 08 44 89 e0 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\n f0 ff8\n RSP: 002b:00007ffeb487db68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141\n RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f68214dbcb9\n RDX: 0000000000000090 RSI: 00007ffeb487db70 RDI: 0000000000000009\n RBP: 0000000000000003 R08: 0000000000000012 R09: 0000000b00000003\n R10: 00007ffeb487db70 R11: 0000000000000246 R12: 00007ffeb487dc20\n R13: 0000000000000004 R14: 0000000000000001 R15: 000055f74a1011b0\n </TASK>\n Modules linked in:\n ---[ end trace 0000000000000000 ]---\n\nRepetition steps:\n\nFor the following cgroup tree,\n\n root\n |\n cg1\n |\n cg2\n\n 1. attach prog2 to cg2, and then attach prog1 to cg1, both bpf progs\n attach type is NONE or OVERRIDE.\n 2. write 1 to /proc/thread-self/fail-nth for failslab.\n 3. detach prog1 for cg1, and then kernel BUG occur.\n\nFailslab injection will cause kmalloc fail and fall back to\npurge_effective_progs. The problem is that cg2 have attached another prog,\nso when go through cg2 layer, iteration will add pos to 1, and subsequent\noperations will be skipped by the following condition, and cg will meet\nNULL in the end.\n\n `if (pos && !(cg->bpf.flags[atype] & BPF_F_ALLOW_MULTI))`\n\nThe NULL cg means no link or prog match, this is as expected, and it's not\na bug. So here just skip the no match situation.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-49970 was patched at 2025-06-17

438. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49972) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: xsk: Fix corrupted packets for XDP_SHARED_UMEM Fix an issue in XDP_SHARED_UMEM mode together with aligned mode where packets are corrupted for the second and any further sockets bound to the same umem. In other words, this does not affect the first socket bound to the umem. The culprit for this bug is that the initialization of the DMA addresses for the pre-populated xsk buffer pool entries was not performed for any socket but the first one bound to the umem. Only the linear array of DMA addresses was populated. Fix this by populating the DMA addresses in the xsk buffer pool for every socket bound to the same umem.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix corrupted packets for XDP_SHARED_UMEM\n\nFix an issue in XDP_SHARED_UMEM mode together with aligned mode where\npackets are corrupted for the second and any further sockets bound to\nthe same umem. In other words, this does not affect the first socket\nbound to the umem. The culprit for this bug is that the initialization\nof the DMA addresses for the pre-populated xsk buffer pool entries was\nnot performed for any socket but the first one bound to the umem. Only\nthe linear array of DMA addresses was populated. Fix this by populating\nthe DMA addresses in the xsk buffer pool for every socket bound to the\nsame umem.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49972 was patched at 2025-06-17

439. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49975) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: bpf: Don't redirect packets with invalid pkt_len Syzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any skbs, that is, the flow->head is null. The root cause, as the [2] says, is because that bpf_prog_test_run_skb() run a bpf prog which redirects empty skbs. So we should determine whether the length of the packet modified by bpf prog or others like bpf_prog_test is valid before forwarding it directly.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Don't redirect packets with invalid pkt_len\n\nSyzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any\nskbs, that is, the flow->head is null.\nThe root cause, as the [2] says, is because that bpf_prog_test_run_skb()\nrun a bpf prog which redirects empty skbs.\nSo we should determine whether the length of the packet modified by bpf\nprog or others like bpf_prog_test is valid before forwarding it directly.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-49975 was patched at 2025-06-17

440. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49976) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS The x86-android-tablets handling for the Chuwi Hi8 is only necessary with the Android BIOS and it is causing problems with the Windows BIOS version. Specifically when trying to register the already present touchscreen x86_acpi_irq_helper_get() calls acpi_unregister_gsi(), this breaks the working of the touchscreen and also leads to an oops: [ 14.248946] ------------[ cut here ]------------ [ 14.248954] remove_proc_entry: removing non-empty directory 'irq/75', leaking at least 'MSSL0001:00' [ 14.248983] WARNING: CPU: 3 PID: 440 at fs/proc/generic.c:718 remove_proc_entry ... [ 14.249293] unregister_irq_proc+0xe0/0x100 [ 14.249305] free_desc+0x29/0x70 [ 14.249312] irq_free_descs+0x4b/0x80 [ 14.249320] mp_unmap_irq+0x5c/0x60 [ 14.249329] acpi_unregister_gsi_ioapic+0x2a/0x40 [ 14.249338] x86_acpi_irq_helper_get+0x4b/0x190 [x86_android_tablets] [ 14.249355] x86_android_tablet_init+0x178/0xe34 [x86_android_tablets] Add an init callback for the Chuwi Hi8, which detects when the Windows BIOS is in use and exits with -ENODEV in that case, fixing this.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS\n\nThe x86-android-tablets handling for the Chuwi Hi8 is only necessary with\nthe Android BIOS and it is causing problems with the Windows BIOS version.\n\nSpecifically when trying to register the already present touchscreen\nx86_acpi_irq_helper_get() calls acpi_unregister_gsi(), this breaks\nthe working of the touchscreen and also leads to an oops:\n\n[ 14.248946] ------------[ cut here ]------------\n[ 14.248954] remove_proc_entry: removing non-empty directory 'irq/75', leaking at least 'MSSL0001:00'\n[ 14.248983] WARNING: CPU: 3 PID: 440 at fs/proc/generic.c:718 remove_proc_entry\n...\n[ 14.249293] unregister_irq_proc+0xe0/0x100\n[ 14.249305] free_desc+0x29/0x70\n[ 14.249312] irq_free_descs+0x4b/0x80\n[ 14.249320] mp_unmap_irq+0x5c/0x60\n[ 14.249329] acpi_unregister_gsi_ioapic+0x2a/0x40\n[ 14.249338] x86_acpi_irq_helper_get+0x4b/0x190 [x86_android_tablets]\n[ 14.249355] x86_android_tablet_init+0x178/0xe34 [x86_android_tablets]\n\nAdd an init callback for the Chuwi Hi8, which detects when the Windows BIOS\nis in use and exits with -ENODEV in that case, fixing this.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49976 was patched at 2025-06-17

441. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49979) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: fix refcount bug in sk_psock_get (2) Syzkaller reports refcount bug as follows: ------------[ cut here ]------------ refcount_t: saturated; leaking memory. WARNING: CPU: 1 PID: 3605 at lib/refcount.c:19 refcount_warn_saturate+0xf4/0x1e0 lib/refcount.c:19 Modules linked in: CPU: 1 PID: 3605 Comm: syz-executor208 Not tainted 5.18.0-syzkaller-03023-g7e062cda7d90 #0 <TASK> __refcount_add_not_zero include/linux/refcount.h:163 [inline] __refcount_inc_not_zero include/linux/refcount.h:227 [inline] refcount_inc_not_zero include/linux/refcount.h:245 [inline] sk_psock_get+0x3bc/0x410 include/linux/skmsg.h:439 tls_data_ready+0x6d/0x1b0 net/tls/tls_sw.c:2091 tcp_data_ready+0x106/0x520 net/ipv4/tcp_input.c:4983 tcp_data_queue+0x25f2/0x4c90 net/ipv4/tcp_input.c:5057 tcp_rcv_state_process+0x1774/0x4e80 net/ipv4/tcp_input.c:6659 tcp_v4_do_rcv+0x339/0x980 net/ipv4/tcp_ipv4.c:1682 sk_backlog_rcv include/net/sock.h:1061 [inline] __release_sock+0x134/0x3b0 net/core/sock.c:2849 release_sock+0x54/0x1b0 net/core/sock.c:3404 inet_shutdown+0x1e0/0x430 net/ipv4/af_inet.c:909 __sys_shutdown_sock net/socket.c:2331 [inline] __sys_shutdown_sock net/socket.c:2325 [inline] __sys_shutdown+0xf1/0x1b0 net/socket.c:2343 __do_sys_shutdown net/socket.c:2351 [inline] __se_sys_shutdown net/socket.c:2349 [inline] __x64_sys_shutdown+0x50/0x70 net/socket.c:2349 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 </TASK> During SMC fallback process in connect syscall, kernel will replaces TCP with SMC. In order to forward wakeup smc socket waitqueue after fallback, kernel will sets clcsk->sk_user_data to origin smc socket in smc_fback_replace_callbacks(). Later, in shutdown syscall, kernel will calls sk_psock_get(), which treats the clcsk->sk_user_data as psock type, triggering the refcnt warning. So, the root cause is that smc and psock, both will use sk_user_data field. So they will mismatch this field easily. This patch solves it by using another bit(defined as SK_USER_DATA_PSOCK) in PTRMASK, to mark whether sk_user_data points to a psock object or not. This patch depends on a PTRMASK introduced in commit f1ff5ce2cd5e ("net, sk_msg: Clear sk_user_data pointer on clone if tagged"). For there will possibly be more flags in the sk_user_data field, this patch also refactor sk_user_data flags code to be more generic to improve its maintainability.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix refcount bug in sk_psock_get (2)\n\nSyzkaller reports refcount bug as follows:\n------------[ cut here ]------------\nrefcount_t: saturated; leaking memory.\nWARNING: CPU: 1 PID: 3605 at lib/refcount.c:19 refcount_warn_saturate+0xf4/0x1e0 lib/refcount.c:19\nModules linked in:\nCPU: 1 PID: 3605 Comm: syz-executor208 Not tainted 5.18.0-syzkaller-03023-g7e062cda7d90 #0\n <TASK>\n __refcount_add_not_zero include/linux/refcount.h:163 [inline]\n __refcount_inc_not_zero include/linux/refcount.h:227 [inline]\n refcount_inc_not_zero include/linux/refcount.h:245 [inline]\n sk_psock_get+0x3bc/0x410 include/linux/skmsg.h:439\n tls_data_ready+0x6d/0x1b0 net/tls/tls_sw.c:2091\n tcp_data_ready+0x106/0x520 net/ipv4/tcp_input.c:4983\n tcp_data_queue+0x25f2/0x4c90 net/ipv4/tcp_input.c:5057\n tcp_rcv_state_process+0x1774/0x4e80 net/ipv4/tcp_input.c:6659\n tcp_v4_do_rcv+0x339/0x980 net/ipv4/tcp_ipv4.c:1682\n sk_backlog_rcv include/net/sock.h:1061 [inline]\n __release_sock+0x134/0x3b0 net/core/sock.c:2849\n release_sock+0x54/0x1b0 net/core/sock.c:3404\n inet_shutdown+0x1e0/0x430 net/ipv4/af_inet.c:909\n __sys_shutdown_sock net/socket.c:2331 [inline]\n __sys_shutdown_sock net/socket.c:2325 [inline]\n __sys_shutdown+0xf1/0x1b0 net/socket.c:2343\n __do_sys_shutdown net/socket.c:2351 [inline]\n __se_sys_shutdown net/socket.c:2349 [inline]\n __x64_sys_shutdown+0x50/0x70 net/socket.c:2349\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n </TASK>\n\nDuring SMC fallback process in connect syscall, kernel will\nreplaces TCP with SMC. In order to forward wakeup\nsmc socket waitqueue after fallback, kernel will sets\nclcsk->sk_user_data to origin smc socket in\nsmc_fback_replace_callbacks().\n\nLater, in shutdown syscall, kernel will calls\nsk_psock_get(), which treats the clcsk->sk_user_data\nas psock type, triggering the refcnt warning.\n\nSo, the root cause is that smc and psock, both will use\nsk_user_data field. So they will mismatch this field\neasily.\n\nThis patch solves it by using another bit(defined as\nSK_USER_DATA_PSOCK) in PTRMASK, to mark whether\nsk_user_data points to a psock object or not.\nThis patch depends on a PTRMASK introduced in commit f1ff5ce2cd5e\n("net, sk_msg: Clear sk_user_data pointer on clone if tagged").\n\nFor there will possibly be more flags in the sk_user_data field,\nthis patch also refactor sk_user_data flags code to be more generic\nto improve its maintainability.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-49979 was patched at 2025-06-17

442. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49983) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set the DMA mask for the udmabuf device (v2) If the DMA mask is not set explicitly, the following warning occurs when the userspace tries to access the dma-buf via the CPU as reported by syzbot here: WARNING: CPU: 1 PID: 3595 at kernel/dma/mapping.c:188 __dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188 Modules linked in: CPU: 0 PID: 3595 Comm: syz-executor249 Not tainted 5.17.0-rc2-syzkaller-00316-g0457e5153e0e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188 Code: 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 71 4c 8b 3d c0 83 b5 0d e9 db fe ff ff e8 b6 0f 13 00 0f 0b e8 af 0f 13 00 <0f> 0b 45 31 e4 e9 54 ff ff ff e8 a0 0f 13 00 49 8d 7f 50 48 b8 00 RSP: 0018:ffffc90002a07d68 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff88807e25e2c0 RSI: ffffffff81649e91 RDI: ffff88801b848408 RBP: ffff88801b848000 R08: 0000000000000002 R09: ffff88801d86c74f R10: ffffffff81649d72 R11: 0000000000000001 R12: 0000000000000002 R13: ffff88801d86c680 R14: 0000000000000001 R15: 0000000000000000 FS: 0000555556e30300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200000cc CR3: 000000001d74a000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> dma_map_sgtable+0x70/0xf0 kernel/dma/mapping.c:264 get_sg_table.isra.0+0xe0/0x160 drivers/dma-buf/udmabuf.c:72 begin_cpu_udmabuf+0x130/0x1d0 drivers/dma-buf/udmabuf.c:126 dma_buf_begin_cpu_access+0xfd/0x1d0 drivers/dma-buf/dma-buf.c:1164 dma_buf_ioctl+0x259/0x2b0 drivers/dma-buf/dma-buf.c:363 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f62fcf530f9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe3edab9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f62fcf530f9 RDX: 0000000020000200 RSI: 0000000040086200 RDI: 0000000000000006 RBP: 00007f62fcf170e0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f62fcf17170 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> v2: Dont't forget to deregister if DMA mask setup fails.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: Set the DMA mask for the udmabuf device (v2)\n\nIf the DMA mask is not set explicitly, the following warning occurs\nwhen the userspace tries to access the dma-buf via the CPU as\nreported by syzbot here:\n\nWARNING: CPU: 1 PID: 3595 at kernel/dma/mapping.c:188\n__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188\nModules linked in:\nCPU: 0 PID: 3595 Comm: syz-executor249 Not tainted\n5.17.0-rc2-syzkaller-00316-g0457e5153e0e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS\nGoogle 01/01/2011\nRIP: 0010:__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188\nCode: 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 71 4c 8b 3d c0\n83 b5 0d e9 db fe ff ff e8 b6 0f 13 00 0f 0b e8 af 0f 13 00 <0f> 0b 45\n 31 e4 e9 54 ff ff ff e8 a0 0f 13 00 49 8d 7f 50 48 b8 00\nRSP: 0018:ffffc90002a07d68 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88807e25e2c0 RSI: ffffffff81649e91 RDI: ffff88801b848408\nRBP: ffff88801b848000 R08: 0000000000000002 R09: ffff88801d86c74f\nR10: ffffffff81649d72 R11: 0000000000000001 R12: 0000000000000002\nR13: ffff88801d86c680 R14: 0000000000000001 R15: 0000000000000000\nFS: 0000555556e30300(0000) GS:ffff8880b9d00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200000cc CR3: 000000001d74a000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n dma_map_sgtable+0x70/0xf0 kernel/dma/mapping.c:264\n get_sg_table.isra.0+0xe0/0x160 drivers/dma-buf/udmabuf.c:72\n begin_cpu_udmabuf+0x130/0x1d0 drivers/dma-buf/udmabuf.c:126\n dma_buf_begin_cpu_access+0xfd/0x1d0 drivers/dma-buf/dma-buf.c:1164\n dma_buf_ioctl+0x259/0x2b0 drivers/dma-buf/dma-buf.c:363\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:874 [inline]\n __se_sys_ioctl fs/ioctl.c:860 [inline]\n __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f62fcf530f9\nCode: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89\nf7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\nf0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffe3edab9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f62fcf530f9\nRDX: 0000000020000200 RSI: 0000000040086200 RDI: 0000000000000006\nRBP: 00007f62fcf170e0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f62fcf17170\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n </TASK>\n\nv2: Dont't forget to deregister if DMA mask setup fails.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-49983 was patched at 2025-06-17

443. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49985) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnum_range on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in bpf_int_jit_compile+0x1257/0x13f0 Read of size 8 at addr ffff888004e90b58 by task syz-executor.0/1489 CPU: 1 PID: 1489 Comm: syz-executor.0 Not tainted 5.19.0 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x9c/0xc9 print_address_description.constprop.0+0x1f/0x1f0 ? bpf_int_jit_compile+0x1257/0x13f0 kasan_report.cold+0xeb/0x197 ? kvmalloc_node+0x170/0x200 ? bpf_int_jit_compile+0x1257/0x13f0 bpf_int_jit_compile+0x1257/0x13f0 ? arch_prepare_bpf_dispatcher+0xd0/0xd0 ? rcu_read_lock_sched_held+0x43/0x70 bpf_prog_select_runtime+0x3e8/0x640 ? bpf_obj_name_cpy+0x149/0x1b0 bpf_prog_load+0x102f/0x2220 ? __bpf_prog_put.constprop.0+0x220/0x220 ? find_held_lock+0x2c/0x110 ? __might_fault+0xd6/0x180 ? lock_downgrade+0x6e0/0x6e0 ? lock_is_held_type+0xa6/0x120 ? __might_fault+0x147/0x180 __sys_bpf+0x137b/0x6070 ? bpf_perf_link_attach+0x530/0x530 ? new_sync_read+0x600/0x600 ? __fget_files+0x255/0x450 ? lock_downgrade+0x6e0/0x6e0 ? fput+0x30/0x1a0 ? ksys_write+0x1a8/0x260 __x64_sys_bpf+0x7a/0xc0 ? syscall_enter_from_user_mode+0x21/0x70 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f917c4e2c2d The problem here is that a range of tnum_range(0, map->max_entries - 1) has limited ability to represent the concrete tight range with the tnum as the set of resulting states from value + mask can result in a superset of the actual intended range, and as such a tnum_in(range, reg->var_off) check may yield true when it shouldn't, for example tnum_range(0, 2) would result in 00XX -> v = 0000, m = 0011 such that the intended set of {0, 1, 2} is here represented by a less precise superset of {0, 1, 2, 3}. As the register is known const scalar, really just use the concrete reg->var_off.value for the upper index check.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Don't use tnum_range on array range checking for poke descriptors\n\nHsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which\nis based on a customized syzkaller:\n\n BUG: KASAN: slab-out-of-bounds in bpf_int_jit_compile+0x1257/0x13f0\n Read of size 8 at addr ffff888004e90b58 by task syz-executor.0/1489\n CPU: 1 PID: 1489 Comm: syz-executor.0 Not tainted 5.19.0 #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n <TASK>\n dump_stack_lvl+0x9c/0xc9\n print_address_description.constprop.0+0x1f/0x1f0\n ? bpf_int_jit_compile+0x1257/0x13f0\n kasan_report.cold+0xeb/0x197\n ? kvmalloc_node+0x170/0x200\n ? bpf_int_jit_compile+0x1257/0x13f0\n bpf_int_jit_compile+0x1257/0x13f0\n ? arch_prepare_bpf_dispatcher+0xd0/0xd0\n ? rcu_read_lock_sched_held+0x43/0x70\n bpf_prog_select_runtime+0x3e8/0x640\n ? bpf_obj_name_cpy+0x149/0x1b0\n bpf_prog_load+0x102f/0x2220\n ? __bpf_prog_put.constprop.0+0x220/0x220\n ? find_held_lock+0x2c/0x110\n ? __might_fault+0xd6/0x180\n ? lock_downgrade+0x6e0/0x6e0\n ? lock_is_held_type+0xa6/0x120\n ? __might_fault+0x147/0x180\n __sys_bpf+0x137b/0x6070\n ? bpf_perf_link_attach+0x530/0x530\n ? new_sync_read+0x600/0x600\n ? __fget_files+0x255/0x450\n ? lock_downgrade+0x6e0/0x6e0\n ? fput+0x30/0x1a0\n ? ksys_write+0x1a8/0x260\n __x64_sys_bpf+0x7a/0xc0\n ? syscall_enter_from_user_mode+0x21/0x70\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x7f917c4e2c2d\n\nThe problem here is that a range of tnum_range(0, map->max_entries - 1) has\nlimited ability to represent the concrete tight range with the tnum as the\nset of resulting states from value + mask can result in a superset of the\nactual intended range, and as such a tnum_in(range, reg->var_off) check may\nyield true when it shouldn't, for example tnum_range(0, 2) would result in\n00XX -> v = 0000, m = 0011 such that the intended set of {0, 1, 2} is here\nrepresented by a less precise superset of {0, 1, 2, 3}. As the register is\nknown const scalar, really just use the concrete reg->var_off.value for the\nupper index check.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-49985 was patched at 2025-06-17

444. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49989) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix error exit of privcmd_ioctl_dm_op() The error exit of privcmd_ioctl_dm_op() is calling unlock_pages() potentially with pages being NULL, leading to a NULL dereference. Additionally lock_pages() doesn't check for pin_user_pages_fast() having been completely successful, resulting in potentially not locking all pages into memory. This could result in sporadic failures when using the related memory in user mode. Fix all of that by calling unlock_pages() always with the real number of pinned pages, which will be zero in case pages being NULL, and by checking the number of pages pinned by pin_user_pages_fast() matching the expected number of pages.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxen/privcmd: fix error exit of privcmd_ioctl_dm_op()\n\nThe error exit of privcmd_ioctl_dm_op() is calling unlock_pages()\npotentially with pages being NULL, leading to a NULL dereference.\n\nAdditionally lock_pages() doesn't check for pin_user_pages_fast()\nhaving been completely successful, resulting in potentially not\nlocking all pages into memory. This could result in sporadic failures\nwhen using the related memory in user mode.\n\nFix all of that by calling unlock_pages() always with the real number\nof pinned pages, which will be zero in case pages being NULL, and by\nchecking the number of pages pinned by pin_user_pages_fast() matching\nthe expected number of pages.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-49989 was patched at 2025-06-17

445. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49991) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte In MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages in the page cache are installed in the ptes. But hugepage_add_new_anon_rmap is called for them mistakenly because they're not vm_shared. This will corrupt the page->mapping used by page cache code.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte\n\nIn MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages in the page\ncache are installed in the ptes. But hugepage_add_new_anon_rmap is called\nfor them mistakenly because they're not vm_shared. This will corrupt the\npage->mapping used by page cache code.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-49991 was patched at 2025-06-17

446. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49992) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mm/mprotect: only reference swap pfn page if type match Yu Zhao reported a bug after the commit "mm/swap: Add swp_offset_pfn() to fetch PFN from swap entry" added a check in swp_offset_pfn() for swap type [1]: kernel BUG at include/linux/swapops.h:117! CPU: 46 PID: 5245 Comm: EventManager_De Tainted: G S O L 6.0.0-dbg-DEV #2 RIP: 0010:pfn_swap_entry_to_page+0x72/0xf0 Code: c6 48 8b 36 48 83 fe ff 74 53 48 01 d1 48 83 c1 08 48 8b 09 f6 c1 01 75 7b 66 90 48 89 c1 48 8b 09 f6 c1 01 74 74 5d c3 eb 9e <0f> 0b 48 ba ff ff ff ff 03 00 00 00 eb ae a9 ff 0f 00 00 75 13 48 RSP: 0018:ffffa59e73fabb80 EFLAGS: 00010282 RAX: 00000000ffffffe8 RBX: 0c00000000000000 RCX: ffffcd5440000000 RDX: 1ffffffffff7a80a RSI: 0000000000000000 RDI: 0c0000000000042b RBP: ffffa59e73fabb80 R08: ffff9965ca6e8bb8 R09: 0000000000000000 R10: ffffffffa5a2f62d R11: 0000030b372e9fff R12: ffff997b79db5738 R13: 000000000000042b R14: 0c0000000000042b R15: 1ffffffffff7a80a FS: 00007f549d1bb700(0000) GS:ffff99d3cf680000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000440d035b3180 CR3: 0000002243176004 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> change_pte_range+0x36e/0x880 change_p4d_range+0x2e8/0x670 change_protection_range+0x14e/0x2c0 mprotect_fixup+0x1ee/0x330 do_mprotect_pkey+0x34c/0x440 __x64_sys_mprotect+0x1d/0x30 It triggers because pfn_swap_entry_to_page() could be called upon e.g. a genuine swap entry. Fix it by only calling it when it's a write migration entry where the page* is used. [1] https://lore.kernel.org/lkml/CAOUHufaVC2Za-p8m0aiHw6YkheDcrO-C3wRGixwDS32VTS+k1w@mail.gmail.com/', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mprotect: only reference swap pfn page if type match\n\nYu Zhao reported a bug after the commit "mm/swap: Add swp_offset_pfn() to\nfetch PFN from swap entry" added a check in swp_offset_pfn() for swap type [1]:\n\n kernel BUG at include/linux/swapops.h:117!\n CPU: 46 PID: 5245 Comm: EventManager_De Tainted: G S O L 6.0.0-dbg-DEV #2\n RIP: 0010:pfn_swap_entry_to_page+0x72/0xf0\n Code: c6 48 8b 36 48 83 fe ff 74 53 48 01 d1 48 83 c1 08 48 8b 09 f6\n c1 01 75 7b 66 90 48 89 c1 48 8b 09 f6 c1 01 74 74 5d c3 eb 9e <0f> 0b\n 48 ba ff ff ff ff 03 00 00 00 eb ae a9 ff 0f 00 00 75 13 48\n RSP: 0018:ffffa59e73fabb80 EFLAGS: 00010282\n RAX: 00000000ffffffe8 RBX: 0c00000000000000 RCX: ffffcd5440000000\n RDX: 1ffffffffff7a80a RSI: 0000000000000000 RDI: 0c0000000000042b\n RBP: ffffa59e73fabb80 R08: ffff9965ca6e8bb8 R09: 0000000000000000\n R10: ffffffffa5a2f62d R11: 0000030b372e9fff R12: ffff997b79db5738\n R13: 000000000000042b R14: 0c0000000000042b R15: 1ffffffffff7a80a\n FS: 00007f549d1bb700(0000) GS:ffff99d3cf680000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000440d035b3180 CR3: 0000002243176004 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n <TASK>\n change_pte_range+0x36e/0x880\n change_p4d_range+0x2e8/0x670\n change_protection_range+0x14e/0x2c0\n mprotect_fixup+0x1ee/0x330\n do_mprotect_pkey+0x34c/0x440\n __x64_sys_mprotect+0x1d/0x30\n\nIt triggers because pfn_swap_entry_to_page() could be called upon e.g. a\ngenuine swap entry.\n\nFix it by only calling it when it's a write migration entry where the page*\nis used.\n\n[1] https://lore.kernel.org/lkml/CAOUHufaVC2Za-p8m0aiHw6YkheDcrO-C3wRGixwDS32VTS+k1w@mail.gmail.com/', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49992 was patched at 2025-06-17

447. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49997) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: lantiq_xrx200: restore buffer if memory allocation failed In a situation where memory allocation fails, an invalid buffer address is stored. When this descriptor is used again, the system panics in the build_skb() function when accessing memory.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lantiq_xrx200: restore buffer if memory allocation failed\n\nIn a situation where memory allocation fails, an invalid buffer address\nis stored. When this descriptor is used again, the system panics in the\nbuild_skb() function when accessing memory.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-49997 was patched at 2025-06-17

448. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49998) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: (1) rxrpc_new_client_call() should release the socket lock when returning an error from rxrpc_get_call_slot(). (2) rxrpc_wait_for_tx_window_intr() will return without the call mutex held in the event that we're interrupted by a signal whilst waiting for tx space on the socket or relocking the call mutex afterwards. Fix this by: (a) moving the unlock/lock of the call mutex up to rxrpc_send_data() such that the lock is not held around all of rxrpc_wait_for_tx_window*() and (b) indicating to higher callers whether we're return with the lock dropped. Note that this means recvmsg() will not block on this call whilst we're waiting. (3) After dropping and regaining the call mutex, rxrpc_send_data() needs to go and recheck the state of the tx_pending buffer and the tx_total_len check in case we raced with another sendmsg() on the same call. Thinking on this some more, it might make sense to have different locks for sendmsg() and recvmsg(). There's probably no need to make recvmsg() wait for sendmsg(). It does mean that recvmsg() can return MSG_EOR indicating that a call is dead before a sendmsg() to that call returns - but that can currently happen anyway. Without fix (2), something like the following can be induced: \tWARNING: bad unlock balance detected! \t5.16.0-rc6-syzkaller #0 Not tainted \t------------------------------------- \tsyz-executor011/3597 is trying to release lock (&call->user_mutex) at: \t[<ffffffff885163a3>] rxrpc_do_sendmsg+0xc13/0x1350 net/rxrpc/sendmsg.c:748 \tbut there are no more locks to release! \tother info that might help us debug this: \tno locks held by syz-executor011/3597. \t... \tCall Trace: \t <TASK> \t __dump_stack lib/dump_stack.c:88 [inline] \t dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 \t print_unlock_imbalance_bug include/trace/events/lock.h:58 [inline] \t __lock_release kernel/locking/lockdep.c:5306 [inline] \t lock_release.cold+0x49/0x4e kernel/locking/lockdep.c:5657 \t __mutex_unlock_slowpath+0x99/0x5e0 kernel/locking/mutex.c:900 \t rxrpc_do_sendmsg+0xc13/0x1350 net/rxrpc/sendmsg.c:748 \t rxrpc_sendmsg+0x420/0x630 net/rxrpc/af_rxrpc.c:561 \t sock_sendmsg_nosec net/socket.c:704 [inline] \t sock_sendmsg+0xcf/0x120 net/socket.c:724 \t ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409 \t ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 \t __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492 \t do_syscall_x64 arch/x86/entry/common.c:50 [inline] \t do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 \t entry_SYSCALL_64_after_hwframe+0x44/0xae [Thanks to Hawkins Jiawei and Khalid Masum for their attempts to fix this]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix locking in rxrpc's sendmsg\n\nFix three bugs in the rxrpc's sendmsg implementation:\n\n (1) rxrpc_new_client_call() should release the socket lock when returning\n an error from rxrpc_get_call_slot().\n\n (2) rxrpc_wait_for_tx_window_intr() will return without the call mutex\n held in the event that we're interrupted by a signal whilst waiting\n for tx space on the socket or relocking the call mutex afterwards.\n\n Fix this by: (a) moving the unlock/lock of the call mutex up to\n rxrpc_send_data() such that the lock is not held around all of\n rxrpc_wait_for_tx_window*() and (b) indicating to higher callers\n whether we're return with the lock dropped. Note that this means\n recvmsg() will not block on this call whilst we're waiting.\n\n (3) After dropping and regaining the call mutex, rxrpc_send_data() needs\n to go and recheck the state of the tx_pending buffer and the\n tx_total_len check in case we raced with another sendmsg() on the same\n call.\n\nThinking on this some more, it might make sense to have different locks for\nsendmsg() and recvmsg(). There's probably no need to make recvmsg() wait\nfor sendmsg(). It does mean that recvmsg() can return MSG_EOR indicating\nthat a call is dead before a sendmsg() to that call returns - but that can\ncurrently happen anyway.\n\nWithout fix (2), something like the following can be induced:\n\n\tWARNING: bad unlock balance detected!\n\t5.16.0-rc6-syzkaller #0 Not tainted\n\t-------------------------------------\n\tsyz-executor011/3597 is trying to release lock (&call->user_mutex) at:\n\t[<ffffffff885163a3>] rxrpc_do_sendmsg+0xc13/0x1350 net/rxrpc/sendmsg.c:748\n\tbut there are no more locks to release!\n\n\tother info that might help us debug this:\n\tno locks held by syz-executor011/3597.\n\t...\n\tCall Trace:\n\t <TASK>\n\t __dump_stack lib/dump_stack.c:88 [inline]\n\t dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n\t print_unlock_imbalance_bug include/trace/events/lock.h:58 [inline]\n\t __lock_release kernel/locking/lockdep.c:5306 [inline]\n\t lock_release.cold+0x49/0x4e kernel/locking/lockdep.c:5657\n\t __mutex_unlock_slowpath+0x99/0x5e0 kernel/locking/mutex.c:900\n\t rxrpc_do_sendmsg+0xc13/0x1350 net/rxrpc/sendmsg.c:748\n\t rxrpc_sendmsg+0x420/0x630 net/rxrpc/af_rxrpc.c:561\n\t sock_sendmsg_nosec net/socket.c:704 [inline]\n\t sock_sendmsg+0xcf/0x120 net/socket.c:724\n\t ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409\n\t ___sys_sendmsg+0xf3/0x170 net/socket.c:2463\n\t __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492\n\t do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n\t do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\n\t entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n[Thanks to Hawkins Jiawei and Khalid Masum for their attempts to fix this]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-49998 was patched at 2025-06-17

449. Unknown Vulnerability Type - Linux Kernel (CVE-2022-49999) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: btrfs: fix space cache corruption and potential double allocations When testing space_cache v2 on a large set of machines, we encountered a few symptoms: 1. "unable to add free space :-17" (EEXIST) errors. 2. Missing free space info items, sometimes caught with a "missing free space info for X" error. 3. Double-accounted space: ranges that were allocated in the extent tree and also marked as free in the free space tree, ranges that were marked as allocated twice in the extent tree, or ranges that were marked as free twice in the free space tree. If the latter made it onto disk, the next reboot would hit the BUG_ON() in add_new_free_space(). 4. On some hosts with no on-disk corruption or error messages, the in-memory space cache (dumped with drgn) disagreed with the free space tree. All of these symptoms have the same underlying cause: a race between caching the free space for a block group and returning free space to the in-memory space cache for pinned extents causes us to double-add a free range to the space cache. This race exists when free space is cached from the free space tree (space_cache=v2) or the extent tree (nospace_cache, or space_cache=v1 if the cache needs to be regenerated). struct btrfs_block_group::last_byte_to_unpin and struct btrfs_block_group::progress are supposed to protect against this race, but commit d0c2f4fa555e ("btrfs: make concurrent fsyncs wait less when waiting for a transaction commit") subtly broke this by allowing multiple transactions to be unpinning extents at the same time. Specifically, the race is as follows: 1. An extent is deleted from an uncached block group in transaction A. 2. btrfs_commit_transaction() is called for transaction A. 3. btrfs_run_delayed_refs() -> __btrfs_free_extent() runs the delayed ref for the deleted extent. 4. __btrfs_free_extent() -> do_free_extent_accounting() -> add_to_free_space_tree() adds the deleted extent back to the free space tree. 5. do_free_extent_accounting() -> btrfs_update_block_group() -> btrfs_cache_block_group() queues up the block group to get cached. block_group->progress is set to block_group->start. 6. btrfs_commit_transaction() for transaction A calls switch_commit_roots(). It sets block_group->last_byte_to_unpin to block_group->progress, which is block_group->start because the block group hasn't been cached yet. 7. The caching thread gets to our block group. Since the commit roots were already switched, load_free_space_tree() sees the deleted extent as free and adds it to the space cache. It finishes caching and sets block_group->progress to U64_MAX. 8. btrfs_commit_transaction() advances transaction A to TRANS_STATE_SUPER_COMMITTED. 9. fsync calls btrfs_commit_transaction() for transaction B. Since transaction A is already in TRANS_STATE_SUPER_COMMITTED and the commit is for fsync, it advances. 10. btrfs_commit_transaction() for transaction B calls switch_commit_roots(). This time, the block group has already been cached, so it sets block_group->last_byte_to_unpin to U64_MAX. 11. btrfs_commit_transaction() for transaction A calls btrfs_finish_extent_commit(), which calls unpin_extent_range() for the deleted extent. It sees last_byte_to_unpin set to U64_MAX (by transaction B!), so it adds the deleted extent to the space cache again! This explains all of our symptoms above: * If the sequence of events is exactly as described above, when the free space is re-added in step 11, it will fail with EEXIST. * If another thread reallocates the deleted extent in between steps 7 and 11, then step 11 will silently re-add that space to the space cache as free even though it is actually allocated. Then, if that space is allocated *again*, the free space tree will be corrupted (namely, the wrong item will be deleted). * If we don't catch this free space tree corr ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix space cache corruption and potential double allocations\n\nWhen testing space_cache v2 on a large set of machines, we encountered a\nfew symptoms:\n\n1. "unable to add free space :-17" (EEXIST) errors.\n2. Missing free space info items, sometimes caught with a "missing free\n space info for X" error.\n3. Double-accounted space: ranges that were allocated in the extent tree\n and also marked as free in the free space tree, ranges that were\n marked as allocated twice in the extent tree, or ranges that were\n marked as free twice in the free space tree. If the latter made it\n onto disk, the next reboot would hit the BUG_ON() in\n add_new_free_space().\n4. On some hosts with no on-disk corruption or error messages, the\n in-memory space cache (dumped with drgn) disagreed with the free\n space tree.\n\nAll of these symptoms have the same underlying cause: a race between\ncaching the free space for a block group and returning free space to the\nin-memory space cache for pinned extents causes us to double-add a free\nrange to the space cache. This race exists when free space is cached\nfrom the free space tree (space_cache=v2) or the extent tree\n(nospace_cache, or space_cache=v1 if the cache needs to be regenerated).\nstruct btrfs_block_group::last_byte_to_unpin and struct\nbtrfs_block_group::progress are supposed to protect against this race,\nbut commit d0c2f4fa555e ("btrfs: make concurrent fsyncs wait less when\nwaiting for a transaction commit") subtly broke this by allowing\nmultiple transactions to be unpinning extents at the same time.\n\nSpecifically, the race is as follows:\n\n1. An extent is deleted from an uncached block group in transaction A.\n2. btrfs_commit_transaction() is called for transaction A.\n3. btrfs_run_delayed_refs() -> __btrfs_free_extent() runs the delayed\n ref for the deleted extent.\n4. __btrfs_free_extent() -> do_free_extent_accounting() ->\n add_to_free_space_tree() adds the deleted extent back to the free\n space tree.\n5. do_free_extent_accounting() -> btrfs_update_block_group() ->\n btrfs_cache_block_group() queues up the block group to get cached.\n block_group->progress is set to block_group->start.\n6. btrfs_commit_transaction() for transaction A calls\n switch_commit_roots(). It sets block_group->last_byte_to_unpin to\n block_group->progress, which is block_group->start because the block\n group hasn't been cached yet.\n7. The caching thread gets to our block group. Since the commit roots\n were already switched, load_free_space_tree() sees the deleted extent\n as free and adds it to the space cache. It finishes caching and sets\n block_group->progress to U64_MAX.\n8. btrfs_commit_transaction() advances transaction A to\n TRANS_STATE_SUPER_COMMITTED.\n9. fsync calls btrfs_commit_transaction() for transaction B. Since\n transaction A is already in TRANS_STATE_SUPER_COMMITTED and the\n commit is for fsync, it advances.\n10. btrfs_commit_transaction() for transaction B calls\n switch_commit_roots(). This time, the block group has already been\n cached, so it sets block_group->last_byte_to_unpin to U64_MAX.\n11. btrfs_commit_transaction() for transaction A calls\n btrfs_finish_extent_commit(), which calls unpin_extent_range() for\n the deleted extent. It sees last_byte_to_unpin set to U64_MAX (by\n transaction B!), so it adds the deleted extent to the space cache\n again!\n\nThis explains all of our symptoms above:\n\n* If the sequence of events is exactly as described above, when the free\n space is re-added in step 11, it will fail with EEXIST.\n* If another thread reallocates the deleted extent in between steps 7\n and 11, then step 11 will silently re-add that space to the space\n cache as free even though it is actually allocated. Then, if that\n space is allocated *again*, the free space tree will be corrupted\n (namely, the wrong item will be deleted).\n* If we don't catch this free space tree corr\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-49999 was patched at 2025-06-17

450. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50006) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: NFSv4.2 fix problems with __nfs42_ssc_open A destination server while doing a COPY shouldn't accept using the passed in filehandle if its not a regular filehandle. If alloc_file_pseudo() has failed, we need to decrement a reference on the newly created inode, otherwise it leaks.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.2 fix problems with __nfs42_ssc_open\n\nA destination server while doing a COPY shouldn't accept using the\npassed in filehandle if its not a regular filehandle.\n\nIf alloc_file_pseudo() has failed, we need to decrement a reference\non the newly created inode, otherwise it leaks.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50006 was patched at 2025-06-17

451. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50009) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null-ptr-deref in f2fs_get_dnode_of_data There is issue as follows when test f2fs atomic write: F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock F2FS-fs (loop0): invalid crc_offset: 0 F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. ================================================================== BUG: KASAN: null-ptr-deref in f2fs_get_dnode_of_data+0xac/0x16d0 Read of size 8 at addr 0000000000000028 by task rep/1990 CPU: 4 PID: 1990 Comm: rep Not tainted 5.19.0-rc6-next-20220715 #266 Call Trace: <TASK> dump_stack_lvl+0x6e/0x91 print_report.cold+0x49a/0x6bb kasan_report+0xa8/0x130 f2fs_get_dnode_of_data+0xac/0x16d0 f2fs_do_write_data_page+0x2a5/0x1030 move_data_page+0x3c5/0xdf0 do_garbage_collect+0x2015/0x36c0 f2fs_gc+0x554/0x1d30 f2fs_balance_fs+0x7f5/0xda0 f2fs_write_single_data_page+0xb66/0xdc0 f2fs_write_cache_pages+0x716/0x1420 f2fs_write_data_pages+0x84f/0x9a0 do_writepages+0x130/0x3a0 filemap_fdatawrite_wbc+0x87/0xa0 file_write_and_wait_range+0x157/0x1c0 f2fs_do_sync_file+0x206/0x12d0 f2fs_sync_file+0x99/0xc0 vfs_fsync_range+0x75/0x140 f2fs_file_write_iter+0xd7b/0x1850 vfs_write+0x645/0x780 ksys_write+0xf1/0x1e0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd As 3db1de0e582c commit changed atomic write way which new a cow_inode for atomic write file, and also mark cow_inode as FI_ATOMIC_FILE. When f2fs_do_write_data_page write cow_inode will use cow_inode's cow_inode which is NULL. Then will trigger null-ptr-deref. To solve above issue, introduce FI_COW_FILE flag for COW inode. Fiexes: 3db1de0e582c("f2fs: change the current atomic write way")', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null-ptr-deref in f2fs_get_dnode_of_data\n\nThere is issue as follows when test f2fs atomic write:\nF2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock\nF2FS-fs (loop0): invalid crc_offset: 0\nF2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.\nF2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.\n==================================================================\nBUG: KASAN: null-ptr-deref in f2fs_get_dnode_of_data+0xac/0x16d0\nRead of size 8 at addr 0000000000000028 by task rep/1990\n\nCPU: 4 PID: 1990 Comm: rep Not tainted 5.19.0-rc6-next-20220715 #266\nCall Trace:\n <TASK>\n dump_stack_lvl+0x6e/0x91\n print_report.cold+0x49a/0x6bb\n kasan_report+0xa8/0x130\n f2fs_get_dnode_of_data+0xac/0x16d0\n f2fs_do_write_data_page+0x2a5/0x1030\n move_data_page+0x3c5/0xdf0\n do_garbage_collect+0x2015/0x36c0\n f2fs_gc+0x554/0x1d30\n f2fs_balance_fs+0x7f5/0xda0\n f2fs_write_single_data_page+0xb66/0xdc0\n f2fs_write_cache_pages+0x716/0x1420\n f2fs_write_data_pages+0x84f/0x9a0\n do_writepages+0x130/0x3a0\n filemap_fdatawrite_wbc+0x87/0xa0\n file_write_and_wait_range+0x157/0x1c0\n f2fs_do_sync_file+0x206/0x12d0\n f2fs_sync_file+0x99/0xc0\n vfs_fsync_range+0x75/0x140\n f2fs_file_write_iter+0xd7b/0x1850\n vfs_write+0x645/0x780\n ksys_write+0xf1/0x1e0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nAs 3db1de0e582c commit changed atomic write way which new a cow_inode for\natomic write file, and also mark cow_inode as FI_ATOMIC_FILE.\nWhen f2fs_do_write_data_page write cow_inode will use cow_inode's cow_inode\nwhich is NULL. Then will trigger null-ptr-deref.\nTo solve above issue, introduce FI_COW_FILE flag for COW inode.\n\nFiexes: 3db1de0e582c("f2fs: change the current atomic write way")', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50009 was patched at 2025-06-17

452. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50011) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: venus: pm_helpers: Fix warning in OPP during probe Fix the following WARN triggered during Venus driver probe on 5.19.0-rc8-next-20220728: WARNING: CPU: 7 PID: 339 at drivers/opp/core.c:2471 dev_pm_opp_set_config+0x49c/0x610 Modules linked in: qcom_spmi_adc5 rtc_pm8xxx qcom_spmi_adc_tm5 leds_qcom_lpg led_class_multicolor qcom_pon qcom_vadc_common venus_core(+) qcom_spmi_temp_alarm v4l2_mem2mem videobuf2_v4l2 msm(+) videobuf2_common crct10dif_ce spi_geni_qcom snd_soc_sm8250 i2c_qcom_geni gpu_sched snd_soc_qcom_common videodev qcom_q6v5_pas soundwire_qcom drm_dp_aux_bus qcom_stats drm_display_helper qcom_pil_info soundwire_bus snd_soc_lpass_va_macro mc qcom_q6v5 phy_qcom_snps_femto_v2 qcom_rng snd_soc_lpass_macro_common snd_soc_lpass_wsa_macro lpass_gfm_sm8250 slimbus qcom_sysmon qcom_common qcom_glink_smem qmi_helpers qcom_wdt mdt_loader socinfo icc_osm_l3 display_connector drm_kms_helper qnoc_sm8250 drm fuse ip_tables x_tables ipv6 CPU: 7 PID: 339 Comm: systemd-udevd Not tainted 5.19.0-rc8-next-20220728 #4 Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT) pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : dev_pm_opp_set_config+0x49c/0x610 lr : dev_pm_opp_set_config+0x58/0x610 sp : ffff8000093c3710 x29: ffff8000093c3710 x28: ffffbca3959d82b8 x27: ffff8000093c3d00 x26: ffffbca3959d8e08 x25: ffff4396cac98118 x24: ffff4396c0e24810 x23: ffff4396c4272c40 x22: ffff4396c0e24810 x21: ffff8000093c3810 x20: ffff4396cac36800 x19: ffff4396cac96800 x18: 0000000000000000 x17: 0000000000000003 x16: ffffbca3f4edf198 x15: 0000001cba64a858 x14: 0000000000000180 x13: 000000000000017e x12: 0000000000000000 x11: 0000000000000002 x10: 0000000000000a60 x9 : ffff8000093c35c0 x8 : ffff4396c4273700 x7 : ffff43983efca6c0 x6 : ffff43983efca640 x5 : 00000000410fd0d0 x4 : ffff4396c4272c40 x3 : ffffbca3f5d1e008 x2 : 0000000000000000 x1 : ffff4396c2421600 x0 : ffff4396cac96860 Call trace: dev_pm_opp_set_config+0x49c/0x610 devm_pm_opp_set_config+0x18/0x70 vcodec_domains_get+0xb8/0x1638 [venus_core] core_get_v4+0x1d8/0x218 [venus_core] venus_probe+0xf4/0x468 [venus_core] platform_probe+0x68/0xd8 really_probe+0xbc/0x2a8 __driver_probe_device+0x78/0xe0 driver_probe_device+0x3c/0xf0 __driver_attach+0x70/0x120 bus_for_each_dev+0x70/0xc0 driver_attach+0x24/0x30 bus_add_driver+0x150/0x200 driver_register+0x64/0x120 __platform_driver_register+0x28/0x38 qcom_venus_driver_init+0x24/0x1000 [venus_core] do_one_initcall+0x54/0x1c8 do_init_module+0x44/0x1d0 load_module+0x16c8/0x1aa0 __do_sys_finit_module+0xbc/0x110 __arm64_sys_finit_module+0x20/0x30 invoke_syscall+0x44/0x108 el0_svc_common.constprop.0+0xcc/0xf0 do_el0_svc+0x2c/0xb8 el0_svc+0x2c/0x88 el0t_64_sync_handler+0xb8/0xc0 el0t_64_sync+0x18c/0x190 qcom-venus: probe of aa00000.video-codec failed with error -16 The fix is re-ordering the code related to OPP core. The OPP core expects all configuration options to be provided before the OPP table is added.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvenus: pm_helpers: Fix warning in OPP during probe\n\nFix the following WARN triggered during Venus driver probe on\n5.19.0-rc8-next-20220728:\n\n WARNING: CPU: 7 PID: 339 at drivers/opp/core.c:2471 dev_pm_opp_set_config+0x49c/0x610\n Modules linked in: qcom_spmi_adc5 rtc_pm8xxx qcom_spmi_adc_tm5 leds_qcom_lpg led_class_multicolor\n qcom_pon qcom_vadc_common venus_core(+) qcom_spmi_temp_alarm v4l2_mem2mem videobuf2_v4l2 msm(+)\n videobuf2_common crct10dif_ce spi_geni_qcom snd_soc_sm8250 i2c_qcom_geni gpu_sched\n snd_soc_qcom_common videodev qcom_q6v5_pas soundwire_qcom drm_dp_aux_bus qcom_stats\n drm_display_helper qcom_pil_info soundwire_bus snd_soc_lpass_va_macro mc qcom_q6v5\n phy_qcom_snps_femto_v2 qcom_rng snd_soc_lpass_macro_common snd_soc_lpass_wsa_macro\n lpass_gfm_sm8250 slimbus qcom_sysmon qcom_common qcom_glink_smem qmi_helpers\n qcom_wdt mdt_loader socinfo icc_osm_l3 display_connector\n drm_kms_helper qnoc_sm8250 drm fuse ip_tables x_tables ipv6\n CPU: 7 PID: 339 Comm: systemd-udevd Not tainted 5.19.0-rc8-next-20220728 #4\n Hardware name: Qualcomm Technologies, Inc. Robotics RB5 (DT)\n pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : dev_pm_opp_set_config+0x49c/0x610\n lr : dev_pm_opp_set_config+0x58/0x610\n sp : ffff8000093c3710\n x29: ffff8000093c3710 x28: ffffbca3959d82b8 x27: ffff8000093c3d00\n x26: ffffbca3959d8e08 x25: ffff4396cac98118 x24: ffff4396c0e24810\n x23: ffff4396c4272c40 x22: ffff4396c0e24810 x21: ffff8000093c3810\n x20: ffff4396cac36800 x19: ffff4396cac96800 x18: 0000000000000000\n x17: 0000000000000003 x16: ffffbca3f4edf198 x15: 0000001cba64a858\n x14: 0000000000000180 x13: 000000000000017e x12: 0000000000000000\n x11: 0000000000000002 x10: 0000000000000a60 x9 : ffff8000093c35c0\n x8 : ffff4396c4273700 x7 : ffff43983efca6c0 x6 : ffff43983efca640\n x5 : 00000000410fd0d0 x4 : ffff4396c4272c40 x3 : ffffbca3f5d1e008\n x2 : 0000000000000000 x1 : ffff4396c2421600 x0 : ffff4396cac96860\n Call trace:\n dev_pm_opp_set_config+0x49c/0x610\n devm_pm_opp_set_config+0x18/0x70\n vcodec_domains_get+0xb8/0x1638 [venus_core]\n core_get_v4+0x1d8/0x218 [venus_core]\n venus_probe+0xf4/0x468 [venus_core]\n platform_probe+0x68/0xd8\n really_probe+0xbc/0x2a8\n __driver_probe_device+0x78/0xe0\n driver_probe_device+0x3c/0xf0\n __driver_attach+0x70/0x120\n bus_for_each_dev+0x70/0xc0\n driver_attach+0x24/0x30\n bus_add_driver+0x150/0x200\n driver_register+0x64/0x120\n __platform_driver_register+0x28/0x38\n qcom_venus_driver_init+0x24/0x1000 [venus_core]\n do_one_initcall+0x54/0x1c8\n do_init_module+0x44/0x1d0\n load_module+0x16c8/0x1aa0\n __do_sys_finit_module+0xbc/0x110\n __arm64_sys_finit_module+0x20/0x30\n invoke_syscall+0x44/0x108\n el0_svc_common.constprop.0+0xcc/0xf0\n do_el0_svc+0x2c/0xb8\n el0_svc+0x2c/0x88\n el0t_64_sync_handler+0xb8/0xc0\n el0t_64_sync+0x18c/0x190\n qcom-venus: probe of aa00000.video-codec failed with error -16\n\nThe fix is re-ordering the code related to OPP core. The OPP core\nexpects all configuration options to be provided before the OPP\ntable is added.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50011 was patched at 2025-06-17

453. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50021) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ext4: block range must be validated before use in ext4_mb_clear_bb() Block range to free is validated in ext4_free_blocks() using ext4_inode_block_valid() and then it's passed to ext4_mb_clear_bb(). However in some situations on bigalloc file system the range might be adjusted after the validation in ext4_free_blocks() which can lead to troubles on corrupted file systems such as one found by syzkaller that resulted in the following BUG kernel BUG at fs/ext4/ext4.h:3319! PREEMPT SMP NOPTI CPU: 28 PID: 4243 Comm: repro Kdump: loaded Not tainted 5.19.0-rc6+ #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1.fc35 04/01/2014 RIP: 0010:ext4_free_blocks+0x95e/0xa90 Call Trace: <TASK> ? lock_timer_base+0x61/0x80 ? __es_remove_extent+0x5a/0x760 ? __mod_timer+0x256/0x380 ? ext4_ind_truncate_ensure_credits+0x90/0x220 ext4_clear_blocks+0x107/0x1b0 ext4_free_data+0x15b/0x170 ext4_ind_truncate+0x214/0x2c0 ? _raw_spin_unlock+0x15/0x30 ? ext4_discard_preallocations+0x15a/0x410 ? ext4_journal_check_start+0xe/0x90 ? __ext4_journal_start_sb+0x2f/0x110 ext4_truncate+0x1b5/0x460 ? __ext4_journal_start_sb+0x2f/0x110 ext4_evict_inode+0x2b4/0x6f0 evict+0xd0/0x1d0 ext4_enable_quotas+0x11f/0x1f0 ext4_orphan_cleanup+0x3de/0x430 ? proc_create_seq_private+0x43/0x50 ext4_fill_super+0x295f/0x3ae0 ? snprintf+0x39/0x40 ? sget_fc+0x19c/0x330 ? ext4_reconfigure+0x850/0x850 get_tree_bdev+0x16d/0x260 vfs_get_tree+0x25/0xb0 path_mount+0x431/0xa70 __x64_sys_mount+0xe2/0x120 do_syscall_64+0x5b/0x80 ? do_user_addr_fault+0x1e2/0x670 ? exc_page_fault+0x70/0x170 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7fdf4e512ace Fix it by making sure that the block range is properly validated before used every time it changes in ext4_free_blocks() or ext4_mb_clear_bb().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: block range must be validated before use in ext4_mb_clear_bb()\n\nBlock range to free is validated in ext4_free_blocks() using\next4_inode_block_valid() and then it's passed to ext4_mb_clear_bb().\nHowever in some situations on bigalloc file system the range might be\nadjusted after the validation in ext4_free_blocks() which can lead to\ntroubles on corrupted file systems such as one found by syzkaller that\nresulted in the following BUG\n\nkernel BUG at fs/ext4/ext4.h:3319!\nPREEMPT SMP NOPTI\nCPU: 28 PID: 4243 Comm: repro Kdump: loaded Not tainted 5.19.0-rc6+ #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1.fc35 04/01/2014\nRIP: 0010:ext4_free_blocks+0x95e/0xa90\nCall Trace:\n <TASK>\n ? lock_timer_base+0x61/0x80\n ? __es_remove_extent+0x5a/0x760\n ? __mod_timer+0x256/0x380\n ? ext4_ind_truncate_ensure_credits+0x90/0x220\n ext4_clear_blocks+0x107/0x1b0\n ext4_free_data+0x15b/0x170\n ext4_ind_truncate+0x214/0x2c0\n ? _raw_spin_unlock+0x15/0x30\n ? ext4_discard_preallocations+0x15a/0x410\n ? ext4_journal_check_start+0xe/0x90\n ? __ext4_journal_start_sb+0x2f/0x110\n ext4_truncate+0x1b5/0x460\n ? __ext4_journal_start_sb+0x2f/0x110\n ext4_evict_inode+0x2b4/0x6f0\n evict+0xd0/0x1d0\n ext4_enable_quotas+0x11f/0x1f0\n ext4_orphan_cleanup+0x3de/0x430\n ? proc_create_seq_private+0x43/0x50\n ext4_fill_super+0x295f/0x3ae0\n ? snprintf+0x39/0x40\n ? sget_fc+0x19c/0x330\n ? ext4_reconfigure+0x850/0x850\n get_tree_bdev+0x16d/0x260\n vfs_get_tree+0x25/0xb0\n path_mount+0x431/0xa70\n __x64_sys_mount+0xe2/0x120\n do_syscall_64+0x5b/0x80\n ? do_user_addr_fault+0x1e2/0x670\n ? exc_page_fault+0x70/0x170\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7fdf4e512ace\n\nFix it by making sure that the block range is properly validated before\nused every time it changes in ext4_free_blocks() or ext4_mb_clear_bb().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50021 was patched at 2025-06-17

454. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50023) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: ignore interrupt if no descriptor If the channel has no descriptor and the interrupt is raised then the kernel will OOPS. Check the result of vchan_next_desc() in the handler axi_chan_block_xfer_complete() to avoid the error happening.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: dw-axi-dmac: ignore interrupt if no descriptor\n\nIf the channel has no descriptor and the interrupt is raised then the\nkernel will OOPS. Check the result of vchan_next_desc() in the handler\naxi_chan_block_xfer_complete() to avoid the error happening.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50023 was patched at 2025-06-17

455. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50024) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: do not print NULL LLI during error During debugging we have seen an issue where axi_chan_dump_lli() is passed a NULL LLI pointer which ends up causing an OOPS due to trying to get fields from it. Simply print NULL LLI and exit to avoid this.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: dw-axi-dmac: do not print NULL LLI during error\n\nDuring debugging we have seen an issue where axi_chan_dump_lli()\nis passed a NULL LLI pointer which ends up causing an OOPS due\nto trying to get fields from it. Simply print NULL LLI and exit\nto avoid this.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50024 was patched at 2025-06-17

456. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50026) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: habanalabs/gaudi: fix shift out of bounds When validating NIC queues, queue offset calculation must be performed only for NIC queues.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhabanalabs/gaudi: fix shift out of bounds\n\nWhen validating NIC queues, queue offset calculation must be\nperformed only for NIC queues.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50026 was patched at 2025-06-17

457. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50031) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix HW conn removal use after free If qla4xxx doesn't remove the connection before the session, the iSCSI class tries to remove the connection for it. We were doing a iscsi_put_conn() in the iter function which is not needed and will result in a use after free because iscsi_remove_conn() will free the connection.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: iscsi: Fix HW conn removal use after free\n\nIf qla4xxx doesn't remove the connection before the session, the iSCSI\nclass tries to remove the connection for it. We were doing a\niscsi_put_conn() in the iter function which is not needed and will result\nin a use after free because iscsi_remove_conn() will free the connection.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50031 was patched at 2025-06-17

458. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50036) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: dsi: Prevent underflow when computing packet sizes Currently, the packet overhead is subtracted using unsigned arithmetic. With a short sync pulse, this could underflow and wrap around to near the maximal u16 value. Fix this by using signed subtraction. The call to max() will correctly handle any negative numbers that are produced. Apply the same fix to the other timings, even though those subtractions are less likely to underflow.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sun4i: dsi: Prevent underflow when computing packet sizes\n\nCurrently, the packet overhead is subtracted using unsigned arithmetic.\nWith a short sync pulse, this could underflow and wrap around to near\nthe maximal u16 value. Fix this by using signed subtraction. The call to\nmax() will correctly handle any negative numbers that are produced.\n\nApply the same fix to the other timings, even though those subtractions\nare less likely to underflow.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50036 was patched at 2025-06-17

459. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50037) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should still take care not to leak the CCS state from the previous user. (cherry picked from commit 353819d85f87be46aeb9c1dd929d445a006fc6ec)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/ttm: don't leak the ccs state\n\nThe kernel only manages the ccs state with lmem-only objects, however\nthe kernel should still take care not to leak the CCS state from the\nprevious user.\n\n(cherry picked from commit 353819d85f87be46aeb9c1dd929d445a006fc6ec)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50037 was patched at 2025-06-17

460. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50039) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() Commit 09f012e64e4b ("stmmac: intel: Fix clock handling on error and remove paths") removed this clk_disable_unprepare() This was partly revert by commit ac322f86b56c ("net: stmmac: Fix clock handling on remove path") which removed this clk_disable_unprepare() because: " While unloading the dwmac-intel driver, clk_disable_unprepare() is being called twice in stmmac_dvr_remove() and intel_eth_pci_remove(). This causes kernel panic on the second call. " However later on, commit 5ec55823438e8 ("net: stmmac: add clocks management for gmac driver") has updated stmmac_dvr_remove() which do not call clk_disable_unprepare() anymore. So this call should now be called from intel_eth_pci_remove().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nstmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove()\n\nCommit 09f012e64e4b ("stmmac: intel: Fix clock handling on error and remove\npaths") removed this clk_disable_unprepare()\n\nThis was partly revert by commit ac322f86b56c ("net: stmmac: Fix clock\nhandling on remove path") which removed this clk_disable_unprepare()\nbecause:\n"\n While unloading the dwmac-intel driver, clk_disable_unprepare() is\n being called twice in stmmac_dvr_remove() and\n intel_eth_pci_remove(). This causes kernel panic on the second call.\n"\n\nHowever later on, commit 5ec55823438e8 ("net: stmmac: add clocks management\nfor gmac driver") has updated stmmac_dvr_remove() which do not call\nclk_disable_unprepare() anymore.\n\nSo this call should now be called from intel_eth_pci_remove().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50039 was patched at 2025-06-17

461. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50041) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ice: Fix call trace with null VSI during VF reset During stress test with attaching and detaching VF from KVM and simultaneously changing VFs spoofcheck and trust there was a call trace in ice_reset_vf that VF's VSI is null. [145237.352797] WARNING: CPU: 46 PID: 840629 at drivers/net/ethernet/intel/ice/ice_vf_lib.c:508 ice_reset_vf+0x3d6/0x410 [ice] [145237.352851] Modules linked in: ice(E) vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio iavf dm_mod xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables nfnetlink tun bridge stp llc sunrpc intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm iTCO_wdt iTC O_vendor_support irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel rapl ipmi_si intel_cstate ipmi_devintf joydev intel_uncore m ei_me ipmi_msghandler i2c_i801 pcspkr mei lpc_ich ioatdma i2c_smbus acpi_pad acpi_power_meter ip_tables xfs libcrc32c i2c_algo_bit drm_sh mem_helper drm_kms_helper sd_mod t10_pi crc64_rocksoft syscopyarea crc64 sysfillrect sg sysimgblt fb_sys_fops drm i40e ixgbe ahci libahci libata crc32c_intel mdio dca wmi fuse [last unloaded: ice] [145237.352917] CPU: 46 PID: 840629 Comm: kworker/46:2 Tainted: G S W I E 5.19.0-rc6+ #24 [145237.352921] Hardware name: Intel Corporation S2600WTT/S2600WTT, BIOS SE5C610.86B.01.01.0008.021120151325 02/11/2015 [145237.352923] Workqueue: ice ice_service_task [ice] [145237.352948] RIP: 0010:ice_reset_vf+0x3d6/0x410 [ice] [145237.352984] Code: 30 ec f3 cc e9 28 fd ff ff 0f b7 4b 50 48 c7 c2 48 19 9c c0 4c 89 ee 48 c7 c7 30 fe 9e c0 e8 d1 21 9d cc 31 c0 e9 a 9 fe ff ff <0f> 0b b8 ea ff ff ff e9 c1 fc ff ff 0f 0b b8 fb ff ff ff e9 91 fe [145237.352987] RSP: 0018:ffffb453e257fdb8 EFLAGS: 00010246 [145237.352990] RAX: ffff8bd0040181c0 RBX: ffff8be68db8f800 RCX: 0000000000000000 [145237.352991] RDX: 000000000000ffff RSI: 0000000000000000 RDI: ffff8be68db8f800 [145237.352993] RBP: ffff8bd0040181c0 R08: 0000000000001000 R09: ffff8bcfd520e000 [145237.352995] R10: 0000000000000000 R11: 00008417b5ab0bc0 R12: 0000000000000005 [145237.352996] R13: ffff8bcee061c0d0 R14: ffff8bd004019640 R15: 0000000000000000 [145237.352998] FS: 0000000000000000(0000) GS:ffff8be5dfb00000(0000) knlGS:0000000000000000 [145237.353000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [145237.353002] CR2: 00007fd81f651d68 CR3: 0000001a0fe10001 CR4: 00000000001726e0 [145237.353003] Call Trace: [145237.353008] <TASK> [145237.353011] ice_process_vflr_event+0x8d/0xb0 [ice] [145237.353049] ice_service_task+0x79f/0xef0 [ice] [145237.353074] process_one_work+0x1c8/0x390 [145237.353081] ? process_one_work+0x390/0x390 [145237.353084] worker_thread+0x30/0x360 [145237.353087] ? process_one_work+0x390/0x390 [145237.353090] kthread+0xe8/0x110 [145237.353094] ? kthread_complete_and_exit+0x20/0x20 [145237.353097] ret_from_fork+0x22/0x30 [145237.353103] </TASK> Remove WARN_ON() from check if VSI is null in ice_reset_vf. Add "VF is already removed\\n" in dev_dbg(). This WARN_ON() is unnecessary and causes call trace, despite that call trace, driver still works. There is no need for this warn because this piece of code is responsible for disabling VF's Tx/Rx queues when VF is disabled, but when VF is already removed there is no need to do reset or disable queues.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix call trace with null VSI during VF reset\n\nDuring stress test with attaching and detaching VF from KVM and\nsimultaneously changing VFs spoofcheck and trust there was a\ncall trace in ice_reset_vf that VF's VSI is null.\n\n[145237.352797] WARNING: CPU: 46 PID: 840629 at drivers/net/ethernet/intel/ice/ice_vf_lib.c:508 ice_reset_vf+0x3d6/0x410 [ice]\n[145237.352851] Modules linked in: ice(E) vfio_pci vfio_pci_core vfio_virqfd vfio_iommu_type1 vfio iavf dm_mod xt_CHECKSUM xt_MASQUERADE\nxt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables nfnetlink tun\n bridge stp llc sunrpc intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm iTCO_wdt iTC\nO_vendor_support irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel rapl ipmi_si intel_cstate ipmi_devintf joydev intel_uncore m\nei_me ipmi_msghandler i2c_i801 pcspkr mei lpc_ich ioatdma i2c_smbus acpi_pad acpi_power_meter ip_tables xfs libcrc32c i2c_algo_bit drm_sh\nmem_helper drm_kms_helper sd_mod t10_pi crc64_rocksoft syscopyarea crc64 sysfillrect sg sysimgblt fb_sys_fops drm i40e ixgbe ahci libahci\n libata crc32c_intel mdio dca wmi fuse [last unloaded: ice]\n[145237.352917] CPU: 46 PID: 840629 Comm: kworker/46:2 Tainted: G S W I E 5.19.0-rc6+ #24\n[145237.352921] Hardware name: Intel Corporation S2600WTT/S2600WTT, BIOS SE5C610.86B.01.01.0008.021120151325 02/11/2015\n[145237.352923] Workqueue: ice ice_service_task [ice]\n[145237.352948] RIP: 0010:ice_reset_vf+0x3d6/0x410 [ice]\n[145237.352984] Code: 30 ec f3 cc e9 28 fd ff ff 0f b7 4b 50 48 c7 c2 48 19 9c c0 4c 89 ee 48 c7 c7 30 fe 9e c0 e8 d1 21 9d cc 31 c0 e9 a\n9 fe ff ff <0f> 0b b8 ea ff ff ff e9 c1 fc ff ff 0f 0b b8 fb ff ff ff e9 91 fe\n[145237.352987] RSP: 0018:ffffb453e257fdb8 EFLAGS: 00010246\n[145237.352990] RAX: ffff8bd0040181c0 RBX: ffff8be68db8f800 RCX: 0000000000000000\n[145237.352991] RDX: 000000000000ffff RSI: 0000000000000000 RDI: ffff8be68db8f800\n[145237.352993] RBP: ffff8bd0040181c0 R08: 0000000000001000 R09: ffff8bcfd520e000\n[145237.352995] R10: 0000000000000000 R11: 00008417b5ab0bc0 R12: 0000000000000005\n[145237.352996] R13: ffff8bcee061c0d0 R14: ffff8bd004019640 R15: 0000000000000000\n[145237.352998] FS: 0000000000000000(0000) GS:ffff8be5dfb00000(0000) knlGS:0000000000000000\n[145237.353000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[145237.353002] CR2: 00007fd81f651d68 CR3: 0000001a0fe10001 CR4: 00000000001726e0\n[145237.353003] Call Trace:\n[145237.353008] <TASK>\n[145237.353011] ice_process_vflr_event+0x8d/0xb0 [ice]\n[145237.353049] ice_service_task+0x79f/0xef0 [ice]\n[145237.353074] process_one_work+0x1c8/0x390\n[145237.353081] ? process_one_work+0x390/0x390\n[145237.353084] worker_thread+0x30/0x360\n[145237.353087] ? process_one_work+0x390/0x390\n[145237.353090] kthread+0xe8/0x110\n[145237.353094] ? kthread_complete_and_exit+0x20/0x20\n[145237.353097] ret_from_fork+0x22/0x30\n[145237.353103] </TASK>\n\nRemove WARN_ON() from check if VSI is null in ice_reset_vf.\nAdd "VF is already removed\\n" in dev_dbg().\n\nThis WARN_ON() is unnecessary and causes call trace, despite that\ncall trace, driver still works. There is no need for this warn\nbecause this piece of code is responsible for disabling VF's Tx/Rx\nqueues when VF is disabled, but when VF is already removed there\nis no need to do reset or disable queues.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50041 was patched at 2025-06-17

462. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50043) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: fix potential refcount leak in ndisc_router_discovery() The issue happens on specific paths in the function. After both the object `rt` and `neigh` are grabbed successfully, when `lifetime` is nonzero but the metric needs change, the function just deletes the route and set `rt` to NULL. Then, it may try grabbing `rt` and `neigh` again if above conditions hold. The function simply overwrite `neigh` if succeeds or returns if fails, without decreasing the reference count of previous `neigh`. This may result in memory leaks. Fix it by decrementing the reference count of `neigh` in place.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix potential refcount leak in ndisc_router_discovery()\n\nThe issue happens on specific paths in the function. After both the\nobject `rt` and `neigh` are grabbed successfully, when `lifetime` is\nnonzero but the metric needs change, the function just deletes the\nroute and set `rt` to NULL. Then, it may try grabbing `rt` and `neigh`\nagain if above conditions hold. The function simply overwrite `neigh`\nif succeeds or returns if fails, without decreasing the reference\ncount of previous `neigh`. This may result in memory leaks.\n\nFix it by decrementing the reference count of `neigh` in place.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50043 was patched at 2025-06-17

463. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50044) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: qrtr: start MHI channel after endpoit creation MHI channel may generates event/interrupt right after enabling. It may leads to 2 race conditions issues. 1) Such event may be dropped by qcom_mhi_qrtr_dl_callback() at check: \tif (!qdev || mhi_res->transaction_status) \t\treturn; Because dev_set_drvdata(&mhi_dev->dev, qdev) may be not performed at this moment. In this situation qrtr-ns will be unable to enumerate services in device. --------------------------------------------------------------- 2) Such event may come at the moment after dev_set_drvdata() and before qrtr_endpoint_register(). In this case kernel will panic with accessing wrong pointer at qcom_mhi_qrtr_dl_callback(): \trc = qrtr_endpoint_post(&qdev->ep, mhi_res->buf_addr, \t\t\t\tmhi_res->bytes_xferd); Because endpoint is not created yet. -------------------------------------------------------------- So move mhi_prepare_for_transfer_autoqueue after endpoint creation to fix it.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: start MHI channel after endpoit creation\n\nMHI channel may generates event/interrupt right after enabling.\nIt may leads to 2 race conditions issues.\n\n1)\nSuch event may be dropped by qcom_mhi_qrtr_dl_callback() at check:\n\n\tif (!qdev || mhi_res->transaction_status)\n\t\treturn;\n\nBecause dev_set_drvdata(&mhi_dev->dev, qdev) may be not performed at\nthis moment. In this situation qrtr-ns will be unable to enumerate\nservices in device.\n---------------------------------------------------------------\n\n2)\nSuch event may come at the moment after dev_set_drvdata() and\nbefore qrtr_endpoint_register(). In this case kernel will panic with\naccessing wrong pointer at qcom_mhi_qrtr_dl_callback():\n\n\trc = qrtr_endpoint_post(&qdev->ep, mhi_res->buf_addr,\n\t\t\t\tmhi_res->bytes_xferd);\n\nBecause endpoint is not created yet.\n--------------------------------------------------------------\nSo move mhi_prepare_for_transfer_autoqueue after endpoint creation\nto fix it.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50044 was patched at 2025-06-17

464. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50046) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() The issue happens on some error handling paths. When the function fails to grab the object `xprt`, it simply returns 0, forgetting to decrease the reference count of another object `xps`, which is increased by rpc_sysfs_xprt_kobj_get_xprt_switch(), causing refcount leaks. Also, the function forgets to check whether `xps` is valid before using it, which may result in NULL-dereferencing issues. Fix it by adding proper error handling code when either `xprt` or `xps` is NULL.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change()\n\nThe issue happens on some error handling paths. When the function\nfails to grab the object `xprt`, it simply returns 0, forgetting to\ndecrease the reference count of another object `xps`, which is\nincreased by rpc_sysfs_xprt_kobj_get_xprt_switch(), causing refcount\nleaks. Also, the function forgets to check whether `xps` is valid\nbefore using it, which may result in NULL-dereferencing issues.\n\nFix it by adding proper error handling code when either `xprt` or\n`xps` is NULL.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50046 was patched at 2025-06-17

465. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50048) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: possible module reference underflow in error path dst->ops is set on when nft_expr_clone() fails, but module refcount has not been bumped yet, therefore nft_expr_destroy() leads to module reference underflow.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: possible module reference underflow in error path\n\ndst->ops is set on when nft_expr_clone() fails, but module refcount has\nnot been bumped yet, therefore nft_expr_destroy() leads to module\nreference underflow.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50048 was patched at 2025-06-17

466. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50053) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling Do not call iavf_close in iavf_reset_task error handling. Doing so can lead to double call of napi_disable, which can lead to deadlock there. Removing VF would lead to iavf_remove task being stuck, because it requires crit_lock, which is held by iavf_close. Call iavf_disable_vf if reset fail, so that driver will clean up remaining invalid resources. During rapid VF resets, HW can fail to setup VF mailbox. Wrong error handling can lead to iavf_remove being stuck with: [ 5218.999087] iavf 0000:82:01.0: Failed to init adminq: -53 ... [ 5267.189211] INFO: task repro.sh:11219 blocked for more than 30 seconds. [ 5267.189520] Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 [ 5267.189764] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 5267.190062] task:repro.sh state:D stack: 0 pid:11219 ppid: 8162 flags:0x00000000 [ 5267.190347] Call Trace: [ 5267.190647] <TASK> [ 5267.190927] __schedule+0x460/0x9f0 [ 5267.191264] schedule+0x44/0xb0 [ 5267.191563] schedule_preempt_disabled+0x14/0x20 [ 5267.191890] __mutex_lock.isra.12+0x6e3/0xac0 [ 5267.192237] ? iavf_remove+0xf9/0x6c0 [iavf] [ 5267.192565] iavf_remove+0x12a/0x6c0 [iavf] [ 5267.192911] ? _raw_spin_unlock_irqrestore+0x1e/0x40 [ 5267.193285] pci_device_remove+0x36/0xb0 [ 5267.193619] device_release_driver_internal+0xc1/0x150 [ 5267.193974] pci_stop_bus_device+0x69/0x90 [ 5267.194361] pci_stop_and_remove_bus_device+0xe/0x20 [ 5267.194735] pci_iov_remove_virtfn+0xba/0x120 [ 5267.195130] sriov_disable+0x2f/0xe0 [ 5267.195506] ice_free_vfs+0x7d/0x2f0 [ice] [ 5267.196056] ? pci_get_device+0x4f/0x70 [ 5267.196496] ice_sriov_configure+0x78/0x1a0 [ice] [ 5267.196995] sriov_numvfs_store+0xfe/0x140 [ 5267.197466] kernfs_fop_write_iter+0x12e/0x1c0 [ 5267.197918] new_sync_write+0x10c/0x190 [ 5267.198404] vfs_write+0x24e/0x2d0 [ 5267.198886] ksys_write+0x5c/0xd0 [ 5267.199367] do_syscall_64+0x3a/0x80 [ 5267.199827] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 5267.200317] RIP: 0033:0x7f5b381205c8 [ 5267.200814] RSP: 002b:00007fff8c7e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 5267.201981] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5b381205c8 [ 5267.202620] RDX: 0000000000000002 RSI: 00005569420ee900 RDI: 0000000000000001 [ 5267.203426] RBP: 00005569420ee900 R08: 000000000000000a R09: 00007f5b38180820 [ 5267.204327] R10: 000000000000000a R11: 0000000000000246 R12: 00007f5b383c06e0 [ 5267.205193] R13: 0000000000000002 R14: 00007f5b383bb880 R15: 0000000000000002 [ 5267.206041] </TASK> [ 5267.206970] Kernel panic - not syncing: hung_task: blocked tasks [ 5267.207809] CPU: 48 PID: 551 Comm: khungtaskd Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 [ 5267.208726] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019 [ 5267.209623] Call Trace: [ 5267.210569] <TASK> [ 5267.211480] dump_stack_lvl+0x33/0x42 [ 5267.212472] panic+0x107/0x294 [ 5267.213467] watchdog.cold.8+0xc/0xbb [ 5267.214413] ? proc_dohung_task_timeout_secs+0x30/0x30 [ 5267.215511] kthread+0xf4/0x120 [ 5267.216459] ? kthread_complete_and_exit+0x20/0x20 [ 5267.217505] ret_from_fork+0x22/0x30 [ 5267.218459] </TASK>', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix reset error handling\n\nDo not call iavf_close in iavf_reset_task error handling. Doing so can\nlead to double call of napi_disable, which can lead to deadlock there.\nRemoving VF would lead to iavf_remove task being stuck, because it\nrequires crit_lock, which is held by iavf_close.\nCall iavf_disable_vf if reset fail, so that driver will clean up\nremaining invalid resources.\nDuring rapid VF resets, HW can fail to setup VF mailbox. Wrong\nerror handling can lead to iavf_remove being stuck with:\n[ 5218.999087] iavf 0000:82:01.0: Failed to init adminq: -53\n...\n[ 5267.189211] INFO: task repro.sh:11219 blocked for more than 30 seconds.\n[ 5267.189520] Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1\n[ 5267.189764] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.\n[ 5267.190062] task:repro.sh state:D stack: 0 pid:11219 ppid: 8162 flags:0x00000000\n[ 5267.190347] Call Trace:\n[ 5267.190647] <TASK>\n[ 5267.190927] __schedule+0x460/0x9f0\n[ 5267.191264] schedule+0x44/0xb0\n[ 5267.191563] schedule_preempt_disabled+0x14/0x20\n[ 5267.191890] __mutex_lock.isra.12+0x6e3/0xac0\n[ 5267.192237] ? iavf_remove+0xf9/0x6c0 [iavf]\n[ 5267.192565] iavf_remove+0x12a/0x6c0 [iavf]\n[ 5267.192911] ? _raw_spin_unlock_irqrestore+0x1e/0x40\n[ 5267.193285] pci_device_remove+0x36/0xb0\n[ 5267.193619] device_release_driver_internal+0xc1/0x150\n[ 5267.193974] pci_stop_bus_device+0x69/0x90\n[ 5267.194361] pci_stop_and_remove_bus_device+0xe/0x20\n[ 5267.194735] pci_iov_remove_virtfn+0xba/0x120\n[ 5267.195130] sriov_disable+0x2f/0xe0\n[ 5267.195506] ice_free_vfs+0x7d/0x2f0 [ice]\n[ 5267.196056] ? pci_get_device+0x4f/0x70\n[ 5267.196496] ice_sriov_configure+0x78/0x1a0 [ice]\n[ 5267.196995] sriov_numvfs_store+0xfe/0x140\n[ 5267.197466] kernfs_fop_write_iter+0x12e/0x1c0\n[ 5267.197918] new_sync_write+0x10c/0x190\n[ 5267.198404] vfs_write+0x24e/0x2d0\n[ 5267.198886] ksys_write+0x5c/0xd0\n[ 5267.199367] do_syscall_64+0x3a/0x80\n[ 5267.199827] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 5267.200317] RIP: 0033:0x7f5b381205c8\n[ 5267.200814] RSP: 002b:00007fff8c7e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 5267.201981] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5b381205c8\n[ 5267.202620] RDX: 0000000000000002 RSI: 00005569420ee900 RDI: 0000000000000001\n[ 5267.203426] RBP: 00005569420ee900 R08: 000000000000000a R09: 00007f5b38180820\n[ 5267.204327] R10: 000000000000000a R11: 0000000000000246 R12: 00007f5b383c06e0\n[ 5267.205193] R13: 0000000000000002 R14: 00007f5b383bb880 R15: 0000000000000002\n[ 5267.206041] </TASK>\n[ 5267.206970] Kernel panic - not syncing: hung_task: blocked tasks\n[ 5267.207809] CPU: 48 PID: 551 Comm: khungtaskd Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1\n[ 5267.208726] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019\n[ 5267.209623] Call Trace:\n[ 5267.210569] <TASK>\n[ 5267.211480] dump_stack_lvl+0x33/0x42\n[ 5267.212472] panic+0x107/0x294\n[ 5267.213467] watchdog.cold.8+0xc/0xbb\n[ 5267.214413] ? proc_dohung_task_timeout_secs+0x30/0x30\n[ 5267.215511] kthread+0xf4/0x120\n[ 5267.216459] ? kthread_complete_and_exit+0x20/0x20\n[ 5267.217505] ret_from_fork+0x22/0x30\n[ 5267.218459] </TASK>', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50053 was patched at 2025-06-17

467. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50055) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent memory for VF mailbox. Free DMA regions for both ASQ and ARQ in case error happens during configuration of ASQ/ARQ registers. Without this change it is possible to see when unloading interface: 74626.583369: dma_debug_device_change: device driver has pending DMA allocations while released from device [count=32] One of leaked entries details: [device address=0x0000000b27ff9000] [size=4096 bytes] [mapped with DMA_BIDIRECTIONAL] [mapped as coherent]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix adminq error handling\n\niavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent\nmemory for VF mailbox.\nFree DMA regions for both ASQ and ARQ in case error happens during\nconfiguration of ASQ/ARQ registers.\nWithout this change it is possible to see when unloading interface:\n74626.583369: dma_debug_device_change: device driver has pending DMA allocations while released from device [count=32]\nOne of leaked entries details: [device address=0x0000000b27ff9000] [size=4096 bytes] [mapped with DMA_BIDIRECTIONAL] [mapped as coherent]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50055 was patched at 2025-06-17

468. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50057) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr If ntfs_fill_super() wasn't called then sbi->sb will be equal to NULL. Code should check this ptr before dereferencing. Syzbot hit this issue via passing wrong mount param as can be seen from log below Fail log: ntfs3: Unknown parameter 'iochvrset' general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] CPU: 1 PID: 3589 Comm: syz-executor210 Not tainted 5.18.0-rc3-syzkaller-00016-gb253435746d9 #0 ... Call Trace: <TASK> put_ntfs+0x1ed/0x2a0 fs/ntfs3/super.c:463 ntfs_fs_free+0x6a/0xe0 fs/ntfs3/super.c:1363 put_fs_context+0x119/0x7a0 fs/fs_context.c:469 do_new_mount+0x2b4/0xad0 fs/namespace.c:3044 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix NULL deref in ntfs_update_mftmirr\n\nIf ntfs_fill_super() wasn't called then sbi->sb will be equal to NULL.\nCode should check this ptr before dereferencing. Syzbot hit this issue\nvia passing wrong mount param as can be seen from log below\n\nFail log:\nntfs3: Unknown parameter 'iochvrset'\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nCPU: 1 PID: 3589 Comm: syz-executor210 Not tainted 5.18.0-rc3-syzkaller-00016-gb253435746d9 #0\n...\nCall Trace:\n <TASK>\n put_ntfs+0x1ed/0x2a0 fs/ntfs3/super.c:463\n ntfs_fs_free+0x6a/0xe0 fs/ntfs3/super.c:1363\n put_fs_context+0x119/0x7a0 fs/fs_context.c:469\n do_new_mount+0x2b4/0xad0 fs/namespace.c:3044\n do_mount fs/namespace.c:3383 [inline]\n __do_sys_mount fs/namespace.c:3591 [inline]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50057 was patched at 2025-06-17

469. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50059) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ceph: don't leak snap_rwsem in handle_cap_grant When handle_cap_grant is called on an IMPORT op, then the snap_rwsem is held and the function is expected to release it before returning. It currently fails to do that in all cases which could lead to a deadlock.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nceph: don't leak snap_rwsem in handle_cap_grant\n\nWhen handle_cap_grant is called on an IMPORT op, then the snap_rwsem is\nheld and the function is expected to release it before returning. It\ncurrently fails to do that in all cases which could lead to a deadlock.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50059 was patched at 2025-06-17

470. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50060) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix mcam entry resource leak The teardown sequence in FLR handler returns if no NIX LF is attached to PF/VF because it indicates that graceful shutdown of resources already happened. But there is a chance of all allocated MCAM entries not being freed by PF/VF. Hence free mcam entries even in case of detached LF.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Fix mcam entry resource leak\n\nThe teardown sequence in FLR handler returns if no NIX LF\nis attached to PF/VF because it indicates that graceful\nshutdown of resources already happened. But there is a\nchance of all allocated MCAM entries not being freed by\nPF/VF. Hence free mcam entries even in case of detached LF.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50060 was patched at 2025-06-17

471. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50062) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: bgmac: Fix a BUG triggered by wrong bytes_compl On one of our machines we got: kernel BUG at lib/dynamic_queue_limits.c:27! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM CPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G W O 4.14.275-rt132 #1 Hardware name: BRCM XGS iProc task: ee3415c0 task.stack: ee32a000 PC is at dql_completed+0x168/0x178 LR is at bgmac_poll+0x18c/0x6d8 pc : [<c03b9430>] lr : [<c04b5a18>] psr: 800a0313 sp : ee32be14 ip : 000005ea fp : 00000bd4 r10: ee558500 r9 : c0116298 r8 : 00000002 r7 : 00000000 r6 : ef128810 r5 : 01993267 r4 : 01993851 r3 : ee558000 r2 : 000070e1 r1 : 00000bd4 r0 : ee52c180 Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 12c5387d Table: 8e88c04a DAC: 00000051 Process irq/41-bgmac (pid: 1166, stack limit = 0xee32a210) Stack: (0xee32be14 to 0xee32c000) be00: ee558520 ee52c100 ef128810 be20: 00000000 00000002 c0116298 c04b5a18 00000000 c0a0c8c4 c0951780 00000040 be40: c0701780 ee558500 ee55d520 ef05b340 ef6f9780 ee558520 00000001 00000040 be60: ffffe000 c0a56878 ef6fa040 c0952040 0000012c c0528744 ef6f97b0 fffcfb6a be80: c0a04104 2eda8000 c0a0c4ec c0a0d368 ee32bf44 c0153534 ee32be98 ee32be98 bea0: ee32bea0 ee32bea0 ee32bea8 ee32bea8 00000000 c01462e4 ffffe000 ef6f22a8 bec0: ffffe000 00000008 ee32bee4 c0147430 ffffe000 c094a2a8 00000003 ffffe000 bee0: c0a54528 00208040 0000000c c0a0c8c4 c0a65980 c0124d3c 00000008 ee558520 bf00: c094a23c c0a02080 00000000 c07a9910 ef136970 ef136970 ee30a440 ef136900 bf20: ee30a440 00000001 ef136900 ee30a440 c016d990 00000000 c0108db0 c012500c bf40: ef136900 c016da14 ee30a464 ffffe000 00000001 c016dd14 00000000 c016db28 bf60: ffffe000 ee21a080 ee30a400 00000000 ee32a000 ee30a440 c016dbfc ee25fd70 bf80: ee21a09c c013edcc ee32a000 ee30a400 c013ec7c 00000000 00000000 00000000 bfa0: 00000000 00000000 00000000 c0108470 00000000 00000000 00000000 00000000 bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [<c03b9430>] (dql_completed) from [<c04b5a18>] (bgmac_poll+0x18c/0x6d8) [<c04b5a18>] (bgmac_poll) from [<c0528744>] (net_rx_action+0x1c4/0x494) [<c0528744>] (net_rx_action) from [<c0124d3c>] (do_current_softirqs+0x1ec/0x43c) [<c0124d3c>] (do_current_softirqs) from [<c012500c>] (__local_bh_enable+0x80/0x98) [<c012500c>] (__local_bh_enable) from [<c016da14>] (irq_forced_thread_fn+0x84/0x98) [<c016da14>] (irq_forced_thread_fn) from [<c016dd14>] (irq_thread+0x118/0x1c0) [<c016dd14>] (irq_thread) from [<c013edcc>] (kthread+0x150/0x158) [<c013edcc>] (kthread) from [<c0108470>] (ret_from_fork+0x14/0x24) Code: a83f15e0 0200001a 0630a0e1 c3ffffea (f201f0e7) The issue seems similar to commit 90b3b339364c ("net: hisilicon: Fix a BUG trigered by wrong bytes_compl") and potentially introduced by commit b38c83dd0866 ("bgmac: simplify tx ring index handling"). If there is an RX interrupt between setting ring->end and netdev_sent_queue() we can hit the BUG_ON as bgmac_dma_tx_free() can miscalculate the queue size while called from bgmac_poll(). The machine which triggered the BUG runs a v4.14 RT kernel - but the issue seems present in mainline too.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bgmac: Fix a BUG triggered by wrong bytes_compl\n\nOn one of our machines we got:\n\nkernel BUG at lib/dynamic_queue_limits.c:27!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM\nCPU: 0 PID: 1166 Comm: irq/41-bgmac Tainted: G W O 4.14.275-rt132 #1\nHardware name: BRCM XGS iProc\ntask: ee3415c0 task.stack: ee32a000\nPC is at dql_completed+0x168/0x178\nLR is at bgmac_poll+0x18c/0x6d8\npc : [<c03b9430>] lr : [<c04b5a18>] psr: 800a0313\nsp : ee32be14 ip : 000005ea fp : 00000bd4\nr10: ee558500 r9 : c0116298 r8 : 00000002\nr7 : 00000000 r6 : ef128810 r5 : 01993267 r4 : 01993851\nr3 : ee558000 r2 : 000070e1 r1 : 00000bd4 r0 : ee52c180\nFlags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none\nControl: 12c5387d Table: 8e88c04a DAC: 00000051\nProcess irq/41-bgmac (pid: 1166, stack limit = 0xee32a210)\nStack: (0xee32be14 to 0xee32c000)\nbe00: ee558520 ee52c100 ef128810\nbe20: 00000000 00000002 c0116298 c04b5a18 00000000 c0a0c8c4 c0951780 00000040\nbe40: c0701780 ee558500 ee55d520 ef05b340 ef6f9780 ee558520 00000001 00000040\nbe60: ffffe000 c0a56878 ef6fa040 c0952040 0000012c c0528744 ef6f97b0 fffcfb6a\nbe80: c0a04104 2eda8000 c0a0c4ec c0a0d368 ee32bf44 c0153534 ee32be98 ee32be98\nbea0: ee32bea0 ee32bea0 ee32bea8 ee32bea8 00000000 c01462e4 ffffe000 ef6f22a8\nbec0: ffffe000 00000008 ee32bee4 c0147430 ffffe000 c094a2a8 00000003 ffffe000\nbee0: c0a54528 00208040 0000000c c0a0c8c4 c0a65980 c0124d3c 00000008 ee558520\nbf00: c094a23c c0a02080 00000000 c07a9910 ef136970 ef136970 ee30a440 ef136900\nbf20: ee30a440 00000001 ef136900 ee30a440 c016d990 00000000 c0108db0 c012500c\nbf40: ef136900 c016da14 ee30a464 ffffe000 00000001 c016dd14 00000000 c016db28\nbf60: ffffe000 ee21a080 ee30a400 00000000 ee32a000 ee30a440 c016dbfc ee25fd70\nbf80: ee21a09c c013edcc ee32a000 ee30a400 c013ec7c 00000000 00000000 00000000\nbfa0: 00000000 00000000 00000000 c0108470 00000000 00000000 00000000 00000000\nbfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000\nbfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000\n[<c03b9430>] (dql_completed) from [<c04b5a18>] (bgmac_poll+0x18c/0x6d8)\n[<c04b5a18>] (bgmac_poll) from [<c0528744>] (net_rx_action+0x1c4/0x494)\n[<c0528744>] (net_rx_action) from [<c0124d3c>] (do_current_softirqs+0x1ec/0x43c)\n[<c0124d3c>] (do_current_softirqs) from [<c012500c>] (__local_bh_enable+0x80/0x98)\n[<c012500c>] (__local_bh_enable) from [<c016da14>] (irq_forced_thread_fn+0x84/0x98)\n[<c016da14>] (irq_forced_thread_fn) from [<c016dd14>] (irq_thread+0x118/0x1c0)\n[<c016dd14>] (irq_thread) from [<c013edcc>] (kthread+0x150/0x158)\n[<c013edcc>] (kthread) from [<c0108470>] (ret_from_fork+0x14/0x24)\nCode: a83f15e0 0200001a 0630a0e1 c3ffffea (f201f0e7)\n\nThe issue seems similar to commit 90b3b339364c ("net: hisilicon: Fix a BUG\ntrigered by wrong bytes_compl") and potentially introduced by commit\nb38c83dd0866 ("bgmac: simplify tx ring index handling").\n\nIf there is an RX interrupt between setting ring->end\nand netdev_sent_queue() we can hit the BUG_ON as bgmac_dma_tx_free()\ncan miscalculate the queue size while called from bgmac_poll().\n\nThe machine which triggered the BUG runs a v4.14 RT kernel - but the issue\nseems present in mainline too.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50062 was patched at 2025-06-17

472. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50066) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aq_vec index out of range error The final update statement of the for loop exceeds the array range, the dereference of self->aq_vec[i] is not checked and then leads to the index out of range error. Also fixed this kind of coding style in other for loop. [ 97.937604] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1404:48 [ 97.937607] index 8 is out of range for type 'aq_vec_s *[8]' [ 97.937608] CPU: 38 PID: 3767 Comm: kworker/u256:18 Not tainted 5.19.0+ #2 [ 97.937610] Hardware name: Dell Inc. Precision 7865 Tower/, BIOS 1.0.0 06/12/2022 [ 97.937611] Workqueue: events_unbound async_run_entry_fn [ 97.937616] Call Trace: [ 97.937617] <TASK> [ 97.937619] dump_stack_lvl+0x49/0x63 [ 97.937624] dump_stack+0x10/0x16 [ 97.937626] ubsan_epilogue+0x9/0x3f [ 97.937627] __ubsan_handle_out_of_bounds.cold+0x44/0x49 [ 97.937629] ? __scm_send+0x348/0x440 [ 97.937632] ? aq_vec_stop+0x72/0x80 [atlantic] [ 97.937639] aq_nic_stop+0x1b6/0x1c0 [atlantic] [ 97.937644] aq_suspend_common+0x88/0x90 [atlantic] [ 97.937648] aq_pm_suspend_poweroff+0xe/0x20 [atlantic] [ 97.937653] pci_pm_suspend+0x7e/0x1a0 [ 97.937655] ? pci_pm_suspend_noirq+0x2b0/0x2b0 [ 97.937657] dpm_run_callback+0x54/0x190 [ 97.937660] __device_suspend+0x14c/0x4d0 [ 97.937661] async_suspend+0x23/0x70 [ 97.937663] async_run_entry_fn+0x33/0x120 [ 97.937664] process_one_work+0x21f/0x3f0 [ 97.937666] worker_thread+0x4a/0x3c0 [ 97.937668] ? process_one_work+0x3f0/0x3f0 [ 97.937669] kthread+0xf0/0x120 [ 97.937671] ? kthread_complete_and_exit+0x20/0x20 [ 97.937672] ret_from_fork+0x22/0x30 [ 97.937676] </TASK> v2. fixed "warning: variable 'aq_vec' set but not used" v3. simplified a for loop', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atlantic: fix aq_vec index out of range error\n\nThe final update statement of the for loop exceeds the array range, the\ndereference of self->aq_vec[i] is not checked and then leads to the\nindex out of range error.\nAlso fixed this kind of coding style in other for loop.\n\n[ 97.937604] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1404:48\n[ 97.937607] index 8 is out of range for type 'aq_vec_s *[8]'\n[ 97.937608] CPU: 38 PID: 3767 Comm: kworker/u256:18 Not tainted 5.19.0+ #2\n[ 97.937610] Hardware name: Dell Inc. Precision 7865 Tower/, BIOS 1.0.0 06/12/2022\n[ 97.937611] Workqueue: events_unbound async_run_entry_fn\n[ 97.937616] Call Trace:\n[ 97.937617] <TASK>\n[ 97.937619] dump_stack_lvl+0x49/0x63\n[ 97.937624] dump_stack+0x10/0x16\n[ 97.937626] ubsan_epilogue+0x9/0x3f\n[ 97.937627] __ubsan_handle_out_of_bounds.cold+0x44/0x49\n[ 97.937629] ? __scm_send+0x348/0x440\n[ 97.937632] ? aq_vec_stop+0x72/0x80 [atlantic]\n[ 97.937639] aq_nic_stop+0x1b6/0x1c0 [atlantic]\n[ 97.937644] aq_suspend_common+0x88/0x90 [atlantic]\n[ 97.937648] aq_pm_suspend_poweroff+0xe/0x20 [atlantic]\n[ 97.937653] pci_pm_suspend+0x7e/0x1a0\n[ 97.937655] ? pci_pm_suspend_noirq+0x2b0/0x2b0\n[ 97.937657] dpm_run_callback+0x54/0x190\n[ 97.937660] __device_suspend+0x14c/0x4d0\n[ 97.937661] async_suspend+0x23/0x70\n[ 97.937663] async_run_entry_fn+0x33/0x120\n[ 97.937664] process_one_work+0x21f/0x3f0\n[ 97.937666] worker_thread+0x4a/0x3c0\n[ 97.937668] ? process_one_work+0x3f0/0x3f0\n[ 97.937669] kthread+0xf0/0x120\n[ 97.937671] ? kthread_complete_and_exit+0x20/0x20\n[ 97.937672] ret_from_fork+0x22/0x30\n[ 97.937676] </TASK>\n\nv2. fixed "warning: variable 'aq_vec' set but not used"\n\nv3. simplified a for loop', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50066 was patched at 2025-06-17

473. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50068) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix dummy res NULL ptr deref bug Check the bo->resource value before accessing the resource mem_type. v2: Fix commit description unwrapped warning <log snip> [ 40.191227][ T184] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI [ 40.192995][ T184] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [ 40.194411][ T184] CPU: 1 PID: 184 Comm: systemd-udevd Not tainted 5.19.0-rc4-00721-gb297c22b7070 #1 [ 40.196063][ T184] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014 [ 40.199605][ T184] RIP: 0010:ttm_bo_validate+0x1b3/0x240 [ttm] [ 40.200754][ T184] Code: e8 72 c5 ff ff 83 f8 b8 74 d4 85 c0 75 54 49 8b 9e 58 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 10 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 04 3c 03 7e 44 8b 53 10 31 c0 85 d2 0f 85 58 [ 40.203685][ T184] RSP: 0018:ffffc900006df0c8 EFLAGS: 00010202 [ 40.204630][ T184] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff1102f4bb71b [ 40.205864][ T184] RDX: 0000000000000002 RSI: ffffc900006df208 RDI: 0000000000000010 [ 40.207102][ T184] RBP: 1ffff920000dbe1a R08: ffffc900006df208 R09: 0000000000000000 [ 40.208394][ T184] R10: ffff88817a5f0000 R11: 0000000000000001 R12: ffffc900006df110 [ 40.209692][ T184] R13: ffffc900006df0f0 R14: ffff88817a5db800 R15: ffffc900006df208 [ 40.210862][ T184] FS: 00007f6b1d16e8c0(0000) GS:ffff88839d700000(0000) knlGS:0000000000000000 [ 40.212250][ T184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.213275][ T184] CR2: 000055a1001d4ff0 CR3: 00000001700f4000 CR4: 00000000000006e0 [ 40.214469][ T184] Call Trace: [ 40.214974][ T184] <TASK> [ 40.215438][ T184] ? ttm_bo_bounce_temp_buffer+0x140/0x140 [ttm] [ 40.216572][ T184] ? mutex_spin_on_owner+0x240/0x240 [ 40.217456][ T184] ? drm_vma_offset_add+0xaa/0x100 [drm] [ 40.218457][ T184] ttm_bo_init_reserved+0x3d6/0x540 [ttm] [ 40.219410][ T184] ? shmem_get_inode+0x744/0x980 [ 40.220231][ T184] ttm_bo_init_validate+0xb1/0x200 [ttm] [ 40.221172][ T184] ? bo_driver_evict_flags+0x340/0x340 [drm_vram_helper] [ 40.222530][ T184] ? ttm_bo_init_reserved+0x540/0x540 [ttm] [ 40.223643][ T184] ? __do_sys_finit_module+0x11a/0x1c0 [ 40.224654][ T184] ? __shmem_file_setup+0x102/0x280 [ 40.234764][ T184] drm_gem_vram_create+0x305/0x480 [drm_vram_helper] [ 40.235766][ T184] ? bo_driver_evict_flags+0x340/0x340 [drm_vram_helper] [ 40.236846][ T184] ? __kasan_slab_free+0x108/0x180 [ 40.237650][ T184] drm_gem_vram_fill_create_dumb+0x134/0x340 [drm_vram_helper] [ 40.238864][ T184] ? local_pci_probe+0xdf/0x180 [ 40.239674][ T184] ? drmm_vram_helper_init+0x400/0x400 [drm_vram_helper] [ 40.240826][ T184] drm_client_framebuffer_create+0x19c/0x400 [drm] [ 40.241955][ T184] ? drm_client_buffer_delete+0x200/0x200 [drm] [ 40.243001][ T184] ? drm_client_pick_crtcs+0x554/0xb80 [drm] [ 40.244030][ T184] drm_fb_helper_generic_probe+0x23f/0x940 [drm_kms_helper] [ 40.245226][ T184] ? __cond_resched+0x1c/0xc0 [ 40.245987][ T184] ? drm_fb_helper_memory_range_to_clip+0x180/0x180 [drm_kms_helper] [ 40.247316][ T184] ? mutex_unlock+0x80/0x100 [ 40.248005][ T184] ? __mutex_unlock_slowpath+0x2c0/0x2c0 [ 40.249083][ T184] drm_fb_helper_single_fb_probe+0x907/0xf00 [drm_kms_helper] [ 40.250314][ T184] ? drm_fb_helper_check_var+0x1180/0x1180 [drm_kms_helper] [ 40.251540][ T184] ? __cond_resched+0x1c/0xc0 [ 40.252321][ T184] ? mutex_lock+0x9f/0x100 [ 40.253062][ T184] __drm_fb_helper_initial_config_and_unlock+0xb9/0x2c0 [drm_kms_helper] [ 40.254394][ T184] drm_fbdev_client_hotplug+0x56f/0x840 [drm_kms_helper] [ 40.255477][ T184] drm_fbdev_generic_setup+0x165/0x3c0 [drm_kms_helper] [ 40.256607][ T184] bochs_pci_probe+0x6b7/0x900 [bochs] [ ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: Fix dummy res NULL ptr deref bug\n\nCheck the bo->resource value before accessing the resource\nmem_type.\n\nv2: Fix commit description unwrapped warning\n\n<log snip>\n[ 40.191227][ T184] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI\n[ 40.192995][ T184] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n[ 40.194411][ T184] CPU: 1 PID: 184 Comm: systemd-udevd Not tainted 5.19.0-rc4-00721-gb297c22b7070 #1\n[ 40.196063][ T184] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014\n[ 40.199605][ T184] RIP: 0010:ttm_bo_validate+0x1b3/0x240 [ttm]\n[ 40.200754][ T184] Code: e8 72 c5 ff ff 83 f8 b8 74 d4 85 c0 75 54 49 8b 9e 58 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 10 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 04 3c 03 7e 44 8b 53 10 31 c0 85 d2 0f 85 58\n[ 40.203685][ T184] RSP: 0018:ffffc900006df0c8 EFLAGS: 00010202\n[ 40.204630][ T184] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff1102f4bb71b\n[ 40.205864][ T184] RDX: 0000000000000002 RSI: ffffc900006df208 RDI: 0000000000000010\n[ 40.207102][ T184] RBP: 1ffff920000dbe1a R08: ffffc900006df208 R09: 0000000000000000\n[ 40.208394][ T184] R10: ffff88817a5f0000 R11: 0000000000000001 R12: ffffc900006df110\n[ 40.209692][ T184] R13: ffffc900006df0f0 R14: ffff88817a5db800 R15: ffffc900006df208\n[ 40.210862][ T184] FS: 00007f6b1d16e8c0(0000) GS:ffff88839d700000(0000) knlGS:0000000000000000\n[ 40.212250][ T184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 40.213275][ T184] CR2: 000055a1001d4ff0 CR3: 00000001700f4000 CR4: 00000000000006e0\n[ 40.214469][ T184] Call Trace:\n[ 40.214974][ T184] <TASK>\n[ 40.215438][ T184] ? ttm_bo_bounce_temp_buffer+0x140/0x140 [ttm]\n[ 40.216572][ T184] ? mutex_spin_on_owner+0x240/0x240\n[ 40.217456][ T184] ? drm_vma_offset_add+0xaa/0x100 [drm]\n[ 40.218457][ T184] ttm_bo_init_reserved+0x3d6/0x540 [ttm]\n[ 40.219410][ T184] ? shmem_get_inode+0x744/0x980\n[ 40.220231][ T184] ttm_bo_init_validate+0xb1/0x200 [ttm]\n[ 40.221172][ T184] ? bo_driver_evict_flags+0x340/0x340 [drm_vram_helper]\n[ 40.222530][ T184] ? ttm_bo_init_reserved+0x540/0x540 [ttm]\n[ 40.223643][ T184] ? __do_sys_finit_module+0x11a/0x1c0\n[ 40.224654][ T184] ? __shmem_file_setup+0x102/0x280\n[ 40.234764][ T184] drm_gem_vram_create+0x305/0x480 [drm_vram_helper]\n[ 40.235766][ T184] ? bo_driver_evict_flags+0x340/0x340 [drm_vram_helper]\n[ 40.236846][ T184] ? __kasan_slab_free+0x108/0x180\n[ 40.237650][ T184] drm_gem_vram_fill_create_dumb+0x134/0x340 [drm_vram_helper]\n[ 40.238864][ T184] ? local_pci_probe+0xdf/0x180\n[ 40.239674][ T184] ? drmm_vram_helper_init+0x400/0x400 [drm_vram_helper]\n[ 40.240826][ T184] drm_client_framebuffer_create+0x19c/0x400 [drm]\n[ 40.241955][ T184] ? drm_client_buffer_delete+0x200/0x200 [drm]\n[ 40.243001][ T184] ? drm_client_pick_crtcs+0x554/0xb80 [drm]\n[ 40.244030][ T184] drm_fb_helper_generic_probe+0x23f/0x940 [drm_kms_helper]\n[ 40.245226][ T184] ? __cond_resched+0x1c/0xc0\n[ 40.245987][ T184] ? drm_fb_helper_memory_range_to_clip+0x180/0x180 [drm_kms_helper]\n[ 40.247316][ T184] ? mutex_unlock+0x80/0x100\n[ 40.248005][ T184] ? __mutex_unlock_slowpath+0x2c0/0x2c0\n[ 40.249083][ T184] drm_fb_helper_single_fb_probe+0x907/0xf00 [drm_kms_helper]\n[ 40.250314][ T184] ? drm_fb_helper_check_var+0x1180/0x1180 [drm_kms_helper]\n[ 40.251540][ T184] ? __cond_resched+0x1c/0xc0\n[ 40.252321][ T184] ? mutex_lock+0x9f/0x100\n[ 40.253062][ T184] __drm_fb_helper_initial_config_and_unlock+0xb9/0x2c0 [drm_kms_helper]\n[ 40.254394][ T184] drm_fbdev_client_hotplug+0x56f/0x840 [drm_kms_helper]\n[ 40.255477][ T184] drm_fbdev_generic_setup+0x165/0x3c0 [drm_kms_helper]\n[ 40.256607][ T184] bochs_pci_probe+0x6b7/0x900 [bochs]\n[ \n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50068 was patched at 2025-06-17

474. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50069) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: BPF: Fix potential bad pointer dereference in bpf_sys_bpf() The bpf_sys_bpf() helper function allows an eBPF program to load another eBPF program from within the kernel. In this case the argument union bpf_attr pointer (as well as the insns and license pointers inside) is a kernel address instead of a userspace address (which is the case of a usual bpf() syscall). To make the memory copying process in the syscall work in both cases, bpfptr_t was introduced to wrap around the pointer and distinguish its origin. Specifically, when copying memory contents from a bpfptr_t, a copy_from_user() is performed in case of a userspace address and a memcpy() is performed for a kernel address. This can lead to problems because the in-kernel pointer is never checked for validity. The problem happens when an eBPF syscall program tries to call bpf_sys_bpf() to load a program but provides a bad insns pointer -- say 0xdeadbeef -- in the bpf_attr union. The helper calls __sys_bpf() which would then call bpf_prog_load() to load the program. bpf_prog_load() is responsible for copying the eBPF instructions to the newly allocated memory for the program; it creates a kernel bpfptr_t for insns and invokes copy_from_bpfptr(). Internally, all bpfptr_t operations are backed by the corresponding sockptr_t operations, which performs direct memcpy() on kernel pointers for copy_from/strncpy_from operations. Therefore, the code is always happy to dereference the bad pointer to trigger a un-handle-able page fault and in turn an oops. However, this is not supposed to happen because at that point the eBPF program is already verified and should not cause a memory error. Sample KASAN trace: [ 25.685056][ T228] ================================================================== [ 25.685680][ T228] BUG: KASAN: user-memory-access in copy_from_bpfptr+0x21/0x30 [ 25.686210][ T228] Read of size 80 at addr 00000000deadbeef by task poc/228 [ 25.686732][ T228] [ 25.686893][ T228] CPU: 3 PID: 228 Comm: poc Not tainted 5.19.0-rc7 #7 [ 25.687375][ T228] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS d55cb5a 04/01/2014 [ 25.687991][ T228] Call Trace: [ 25.688223][ T228] <TASK> [ 25.688429][ T228] dump_stack_lvl+0x73/0x9e [ 25.688747][ T228] print_report+0xea/0x200 [ 25.689061][ T228] ? copy_from_bpfptr+0x21/0x30 [ 25.689401][ T228] ? _printk+0x54/0x6e [ 25.689693][ T228] ? _raw_spin_lock_irqsave+0x70/0xd0 [ 25.690071][ T228] ? copy_from_bpfptr+0x21/0x30 [ 25.690412][ T228] kasan_report+0xb5/0xe0 [ 25.690716][ T228] ? copy_from_bpfptr+0x21/0x30 [ 25.691059][ T228] kasan_check_range+0x2bd/0x2e0 [ 25.691405][ T228] ? copy_from_bpfptr+0x21/0x30 [ 25.691734][ T228] memcpy+0x25/0x60 [ 25.692000][ T228] copy_from_bpfptr+0x21/0x30 [ 25.692328][ T228] bpf_prog_load+0x604/0x9e0 [ 25.692653][ T228] ? cap_capable+0xb4/0xe0 [ 25.692956][ T228] ? security_capable+0x4f/0x70 [ 25.693324][ T228] __sys_bpf+0x3af/0x580 [ 25.693635][ T228] bpf_sys_bpf+0x45/0x240 [ 25.693937][ T228] bpf_prog_f0ec79a5a3caca46_bpf_func1+0xa2/0xbd [ 25.694394][ T228] bpf_prog_run_pin_on_cpu+0x2f/0xb0 [ 25.694756][ T228] bpf_prog_test_run_syscall+0x146/0x1c0 [ 25.695144][ T228] bpf_prog_test_run+0x172/0x190 [ 25.695487][ T228] __sys_bpf+0x2c5/0x580 [ 25.695776][ T228] __x64_sys_bpf+0x3a/0x50 [ 25.696084][ T228] do_syscall_64+0x60/0x90 [ 25.696393][ T228] ? fpregs_assert_state_consistent+0x50/0x60 [ 25.696815][ T228] ? exit_to_user_mode_prepare+0x36/0xa0 [ 25.697202][ T228] ? syscall_exit_to_user_mode+0x20/0x40 [ 25.697586][ T228] ? do_syscall_64+0x6e/0x90 [ 25.697899][ T228] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 25.698312][ T228] RIP: 0033:0x7f6d543fb759 [ 25.698624][ T228] Code: 08 5b 89 e8 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBPF: Fix potential bad pointer dereference in bpf_sys_bpf()\n\nThe bpf_sys_bpf() helper function allows an eBPF program to load another\neBPF program from within the kernel. In this case the argument union\nbpf_attr pointer (as well as the insns and license pointers inside) is a\nkernel address instead of a userspace address (which is the case of a\nusual bpf() syscall). To make the memory copying process in the syscall\nwork in both cases, bpfptr_t was introduced to wrap around the pointer\nand distinguish its origin. Specifically, when copying memory contents\nfrom a bpfptr_t, a copy_from_user() is performed in case of a userspace\naddress and a memcpy() is performed for a kernel address.\n\nThis can lead to problems because the in-kernel pointer is never checked\nfor validity. The problem happens when an eBPF syscall program tries to\ncall bpf_sys_bpf() to load a program but provides a bad insns pointer --\nsay 0xdeadbeef -- in the bpf_attr union. The helper calls __sys_bpf()\nwhich would then call bpf_prog_load() to load the program.\nbpf_prog_load() is responsible for copying the eBPF instructions to the\nnewly allocated memory for the program; it creates a kernel bpfptr_t for\ninsns and invokes copy_from_bpfptr(). Internally, all bpfptr_t\noperations are backed by the corresponding sockptr_t operations, which\nperforms direct memcpy() on kernel pointers for copy_from/strncpy_from\noperations. Therefore, the code is always happy to dereference the bad\npointer to trigger a un-handle-able page fault and in turn an oops.\nHowever, this is not supposed to happen because at that point the eBPF\nprogram is already verified and should not cause a memory error.\n\nSample KASAN trace:\n\n[ 25.685056][ T228] ==================================================================\n[ 25.685680][ T228] BUG: KASAN: user-memory-access in copy_from_bpfptr+0x21/0x30\n[ 25.686210][ T228] Read of size 80 at addr 00000000deadbeef by task poc/228\n[ 25.686732][ T228]\n[ 25.686893][ T228] CPU: 3 PID: 228 Comm: poc Not tainted 5.19.0-rc7 #7\n[ 25.687375][ T228] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS d55cb5a 04/01/2014\n[ 25.687991][ T228] Call Trace:\n[ 25.688223][ T228] <TASK>\n[ 25.688429][ T228] dump_stack_lvl+0x73/0x9e\n[ 25.688747][ T228] print_report+0xea/0x200\n[ 25.689061][ T228] ? copy_from_bpfptr+0x21/0x30\n[ 25.689401][ T228] ? _printk+0x54/0x6e\n[ 25.689693][ T228] ? _raw_spin_lock_irqsave+0x70/0xd0\n[ 25.690071][ T228] ? copy_from_bpfptr+0x21/0x30\n[ 25.690412][ T228] kasan_report+0xb5/0xe0\n[ 25.690716][ T228] ? copy_from_bpfptr+0x21/0x30\n[ 25.691059][ T228] kasan_check_range+0x2bd/0x2e0\n[ 25.691405][ T228] ? copy_from_bpfptr+0x21/0x30\n[ 25.691734][ T228] memcpy+0x25/0x60\n[ 25.692000][ T228] copy_from_bpfptr+0x21/0x30\n[ 25.692328][ T228] bpf_prog_load+0x604/0x9e0\n[ 25.692653][ T228] ? cap_capable+0xb4/0xe0\n[ 25.692956][ T228] ? security_capable+0x4f/0x70\n[ 25.693324][ T228] __sys_bpf+0x3af/0x580\n[ 25.693635][ T228] bpf_sys_bpf+0x45/0x240\n[ 25.693937][ T228] bpf_prog_f0ec79a5a3caca46_bpf_func1+0xa2/0xbd\n[ 25.694394][ T228] bpf_prog_run_pin_on_cpu+0x2f/0xb0\n[ 25.694756][ T228] bpf_prog_test_run_syscall+0x146/0x1c0\n[ 25.695144][ T228] bpf_prog_test_run+0x172/0x190\n[ 25.695487][ T228] __sys_bpf+0x2c5/0x580\n[ 25.695776][ T228] __x64_sys_bpf+0x3a/0x50\n[ 25.696084][ T228] do_syscall_64+0x60/0x90\n[ 25.696393][ T228] ? fpregs_assert_state_consistent+0x50/0x60\n[ 25.696815][ T228] ? exit_to_user_mode_prepare+0x36/0xa0\n[ 25.697202][ T228] ? syscall_exit_to_user_mode+0x20/0x40\n[ 25.697586][ T228] ? do_syscall_64+0x6e/0x90\n[ 25.697899][ T228] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 25.698312][ T228] RIP: 0033:0x7f6d543fb759\n[ 25.698624][ T228] Code: 08 5b 89 e8 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d \n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50069 was patched at 2025-06-17

475. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50070) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mptcp: do not queue data on closed subflows Dipanjan reported a syzbot splat at close time: WARNING: CPU: 1 PID: 10818 at net/ipv4/af_inet.c:153 inet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153 Modules linked in: uio_ivshmem(OE) uio(E) CPU: 1 PID: 10818 Comm: kworker/1:16 Tainted: G OE 5.19.0-rc6-g2eae0556bb9d #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: events mptcp_worker RIP: 0010:inet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153 Code: 21 02 00 00 41 8b 9c 24 28 02 00 00 e9 07 ff ff ff e8 34 4d 91 f9 89 ee 4c 89 e7 e8 4a 47 60 ff e9 a6 fc ff ff e8 20 4d 91 f9 <0f> 0b e9 84 fe ff ff e8 14 4d 91 f9 0f 0b e9 d4 fd ff ff e8 08 4d RSP: 0018:ffffc9001b35fa78 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000002879d0 RCX: ffff8881326f3b00 RDX: 0000000000000000 RSI: ffff8881326f3b00 RDI: 0000000000000002 RBP: ffff888179662674 R08: ffffffff87e983a0 R09: 0000000000000000 R10: 0000000000000005 R11: 00000000000004ea R12: ffff888179662400 R13: ffff888179662428 R14: 0000000000000001 R15: ffff88817e38e258 FS: 0000000000000000(0000) GS:ffff8881f5f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020007bc0 CR3: 0000000179592000 CR4: 0000000000150ee0 Call Trace: <TASK> __sk_destruct+0x4f/0x8e0 net/core/sock.c:2067 sk_destruct+0xbd/0xe0 net/core/sock.c:2112 __sk_free+0xef/0x3d0 net/core/sock.c:2123 sk_free+0x78/0xa0 net/core/sock.c:2134 sock_put include/net/sock.h:1927 [inline] __mptcp_close_ssk+0x50f/0x780 net/mptcp/protocol.c:2351 __mptcp_destroy_sock+0x332/0x760 net/mptcp/protocol.c:2828 mptcp_worker+0x5d2/0xc90 net/mptcp/protocol.c:2586 process_one_work+0x9cc/0x1650 kernel/workqueue.c:2289 worker_thread+0x623/0x1070 kernel/workqueue.c:2436 kthread+0x2e9/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302 </TASK> The root cause of the problem is that an mptcp-level (re)transmit can race with mptcp_close() and the packet scheduler checks the subflow state before acquiring the socket lock: we can try to (re)transmit on an already closed ssk. Fix the issue checking again the subflow socket status under the subflow socket lock protection. Additionally add the missing check for the fallback-to-tcp case.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: do not queue data on closed subflows\n\nDipanjan reported a syzbot splat at close time:\n\nWARNING: CPU: 1 PID: 10818 at net/ipv4/af_inet.c:153\ninet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153\nModules linked in: uio_ivshmem(OE) uio(E)\nCPU: 1 PID: 10818 Comm: kworker/1:16 Tainted: G OE\n5.19.0-rc6-g2eae0556bb9d #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: events mptcp_worker\nRIP: 0010:inet_sock_destruct+0x6d0/0x8e0 net/ipv4/af_inet.c:153\nCode: 21 02 00 00 41 8b 9c 24 28 02 00 00 e9 07 ff ff ff e8 34 4d 91\nf9 89 ee 4c 89 e7 e8 4a 47 60 ff e9 a6 fc ff ff e8 20 4d 91 f9 <0f> 0b\ne9 84 fe ff ff e8 14 4d 91 f9 0f 0b e9 d4 fd ff ff e8 08 4d\nRSP: 0018:ffffc9001b35fa78 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000002879d0 RCX: ffff8881326f3b00\nRDX: 0000000000000000 RSI: ffff8881326f3b00 RDI: 0000000000000002\nRBP: ffff888179662674 R08: ffffffff87e983a0 R09: 0000000000000000\nR10: 0000000000000005 R11: 00000000000004ea R12: ffff888179662400\nR13: ffff888179662428 R14: 0000000000000001 R15: ffff88817e38e258\nFS: 0000000000000000(0000) GS:ffff8881f5f00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020007bc0 CR3: 0000000179592000 CR4: 0000000000150ee0\nCall Trace:\n <TASK>\n __sk_destruct+0x4f/0x8e0 net/core/sock.c:2067\n sk_destruct+0xbd/0xe0 net/core/sock.c:2112\n __sk_free+0xef/0x3d0 net/core/sock.c:2123\n sk_free+0x78/0xa0 net/core/sock.c:2134\n sock_put include/net/sock.h:1927 [inline]\n __mptcp_close_ssk+0x50f/0x780 net/mptcp/protocol.c:2351\n __mptcp_destroy_sock+0x332/0x760 net/mptcp/protocol.c:2828\n mptcp_worker+0x5d2/0xc90 net/mptcp/protocol.c:2586\n process_one_work+0x9cc/0x1650 kernel/workqueue.c:2289\n worker_thread+0x623/0x1070 kernel/workqueue.c:2436\n kthread+0x2e9/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302\n </TASK>\n\nThe root cause of the problem is that an mptcp-level (re)transmit can\nrace with mptcp_close() and the packet scheduler checks the subflow\nstate before acquiring the socket lock: we can try to (re)transmit on\nan already closed ssk.\n\nFix the issue checking again the subflow socket status under the\nsubflow socket lock protection. Additionally add the missing check\nfor the fallback-to-tcp case.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50070 was patched at 2025-06-17

476. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50071) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mptcp: move subflow cleanup in mptcp_destroy_common() If the mptcp socket creation fails due to a CGROUP_INET_SOCK_CREATE eBPF program, the MPTCP protocol ends-up leaking all the subflows: the related cleanup happens in __mptcp_destroy_sock() that is not invoked in such code path. Address the issue moving the subflow sockets cleanup in the mptcp_destroy_common() helper, which is invoked in every msk cleanup path. Additionally get rid of the intermediate list_splice_init step, which is an unneeded relic from the past. The issue is present since before the reported root cause commit, but any attempt to backport the fix before that hash will require a complete rewrite.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: move subflow cleanup in mptcp_destroy_common()\n\nIf the mptcp socket creation fails due to a CGROUP_INET_SOCK_CREATE\neBPF program, the MPTCP protocol ends-up leaking all the subflows:\nthe related cleanup happens in __mptcp_destroy_sock() that is not\ninvoked in such code path.\n\nAddress the issue moving the subflow sockets cleanup in the\nmptcp_destroy_common() helper, which is invoked in every msk cleanup\npath.\n\nAdditionally get rid of the intermediate list_splice_init step, which\nis an unneeded relic from the past.\n\nThe issue is present since before the reported root cause commit, but\nany attempt to backport the fix before that hash will require a complete\nrewrite.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50071 was patched at 2025-06-17

477. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50079) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check correct bounds for stream encoder instances for DCN303 [Why & How] eng_id for DCN303 cannot be more than 1, since we have only two instances of stream encoders. Check the correct boundary condition for engine ID for DCN303 prevent the potential out of bounds access.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check correct bounds for stream encoder instances for DCN303\n\n[Why & How]\neng_id for DCN303 cannot be more than 1, since we have only two\ninstances of stream encoders.\n\nCheck the correct boundary condition for engine ID for DCN303 prevent\nthe potential out of bounds access.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50079 was patched at 2025-06-17

478. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50082) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_iomap_begin as race between bmap and write We got issue as follows: ------------[ cut here ]------------ WARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4_iomap_begin+0x182/0x5d0 RIP: 0010:ext4_iomap_begin+0x182/0x5d0 RSP: 0018:ffff88812460fa08 EFLAGS: 00010293 RAX: ffff88811f168000 RBX: 0000000000000000 RCX: ffffffff97793c12 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 RBP: ffff88812c669160 R08: ffff88811f168000 R09: ffffed10258cd20f R10: ffff88812c669077 R11: ffffed10258cd20e R12: 0000000000000001 R13: 00000000000000a4 R14: 000000000000000c R15: ffff88812c6691ee FS: 00007fd0d6ff3740(0000) GS:ffff8883af180000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd0d6dda290 CR3: 0000000104a62000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: iomap_apply+0x119/0x570 iomap_bmap+0x124/0x150 ext4_bmap+0x14f/0x250 bmap+0x55/0x80 do_vfs_ioctl+0x952/0xbd0 __x64_sys_ioctl+0xc6/0x170 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Above issue may happen as follows: bmap write bmap ext4_bmap iomap_bmap ext4_iomap_begin ext4_file_write_iter \t\t\t ext4_buffered_write_iter \t\t\t generic_perform_write \t\t\t\t ext4_da_write_begin \t\t\t\t ext4_da_write_inline_data_begin \t\t\t\t ext4_prepare_inline_data \t\t\t\t ext4_create_inline_data \t\t\t\t\t ext4_set_inode_flag(inode, \t\t\t\t\t\tEXT4_INODE_INLINE_DATA); if (WARN_ON_ONCE(ext4_has_inline_data(inode))) ->trigger bug_on To solved above issue hold inode lock in ext4_bamp.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix warning in ext4_iomap_begin as race between bmap and write\n\nWe got issue as follows:\n------------[ cut here ]------------\nWARNING: CPU: 3 PID: 9310 at fs/ext4/inode.c:3441 ext4_iomap_begin+0x182/0x5d0\nRIP: 0010:ext4_iomap_begin+0x182/0x5d0\nRSP: 0018:ffff88812460fa08 EFLAGS: 00010293\nRAX: ffff88811f168000 RBX: 0000000000000000 RCX: ffffffff97793c12\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\nRBP: ffff88812c669160 R08: ffff88811f168000 R09: ffffed10258cd20f\nR10: ffff88812c669077 R11: ffffed10258cd20e R12: 0000000000000001\nR13: 00000000000000a4 R14: 000000000000000c R15: ffff88812c6691ee\nFS: 00007fd0d6ff3740(0000) GS:ffff8883af180000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fd0d6dda290 CR3: 0000000104a62000 CR4: 00000000000006e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n iomap_apply+0x119/0x570\n iomap_bmap+0x124/0x150\n ext4_bmap+0x14f/0x250\n bmap+0x55/0x80\n do_vfs_ioctl+0x952/0xbd0\n __x64_sys_ioctl+0xc6/0x170\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nAbove issue may happen as follows:\n bmap write\nbmap\n ext4_bmap\n iomap_bmap\n ext4_iomap_begin\n ext4_file_write_iter\n\t\t\t ext4_buffered_write_iter\n\t\t\t generic_perform_write\n\t\t\t\t ext4_da_write_begin\n\t\t\t\t ext4_da_write_inline_data_begin\n\t\t\t\t ext4_prepare_inline_data\n\t\t\t\t ext4_create_inline_data\n\t\t\t\t\t ext4_set_inode_flag(inode,\n\t\t\t\t\t\tEXT4_INODE_INLINE_DATA);\n if (WARN_ON_ONCE(ext4_has_inline_data(inode))) ->trigger bug_on\n\nTo solved above issue hold inode lock in ext4_bamp.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50082 was patched at 2025-06-17

479. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50086) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: block: don't allow the same type rq_qos add more than once In our test of iocost, we encountered some list add/del corruptions of inner_walk list in ioc_timer_fn. The reason can be described as follows: cpu 0\t\t\t\t\tcpu 1 ioc_qos_write\t\t\t\tioc_qos_write ioc = q_to_ioc(queue); if (!ioc) { ioc = kzalloc(); \t\t\t\t\tioc = q_to_ioc(queue); \t\t\t\t\tif (!ioc) { \t\t\t\t\t\tioc = kzalloc(); \t\t\t\t\t\t... \t\t\t\t\t\trq_qos_add(q, rqos); \t\t\t\t\t} ... rq_qos_add(q, rqos); ... } When the io.cost.qos file is written by two cpus concurrently, rq_qos may be added to one disk twice. In that case, there will be two iocs enabled and running on one disk. They own different iocgs on their active list. In the ioc_timer_fn function, because of the iocgs from two iocs have the same root iocg, the root iocg's walk_list may be overwritten by each other and this leads to list add/del corruptions in building or destroying the inner_walk list. And so far, the blk-rq-qos framework works in case that one instance for one type rq_qos per queue by default. This patch make this explicit and also fix the crash above.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: don't allow the same type rq_qos add more than once\n\nIn our test of iocost, we encountered some list add/del corruptions of\ninner_walk list in ioc_timer_fn.\n\nThe reason can be described as follows:\n\ncpu 0\t\t\t\t\tcpu 1\nioc_qos_write\t\t\t\tioc_qos_write\n\nioc = q_to_ioc(queue);\nif (!ioc) {\n ioc = kzalloc();\n\t\t\t\t\tioc = q_to_ioc(queue);\n\t\t\t\t\tif (!ioc) {\n\t\t\t\t\t\tioc = kzalloc();\n\t\t\t\t\t\t...\n\t\t\t\t\t\trq_qos_add(q, rqos);\n\t\t\t\t\t}\n ...\n rq_qos_add(q, rqos);\n ...\n}\n\nWhen the io.cost.qos file is written by two cpus concurrently, rq_qos may\nbe added to one disk twice. In that case, there will be two iocs enabled\nand running on one disk. They own different iocgs on their active list. In\nthe ioc_timer_fn function, because of the iocgs from two iocs have the\nsame root iocg, the root iocg's walk_list may be overwritten by each other\nand this leads to list add/del corruptions in building or destroying the\ninner_walk list.\n\nAnd so far, the blk-rq-qos framework works in case that one instance for\none type rq_qos per queue by default. This patch make this explicit and\nalso fix the crash above.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50086 was patched at 2025-06-17

480. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50089) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: btrfs: ensure pages are unlocked on cow_file_range() failure There is a hung_task report on zoned btrfs like below. https://github.com/naota/linux/issues/59 [726.328648] INFO: task rocksdb:high0:11085 blocked for more than 241 seconds. [726.329839] Not tainted 5.16.0-rc1+ #1 [726.330484] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [726.331603] task:rocksdb:high0 state:D stack: 0 pid:11085 ppid: 11082 flags:0x00000000 [726.331608] Call Trace: [726.331611] <TASK> [726.331614] __schedule+0x2e5/0x9d0 [726.331622] schedule+0x58/0xd0 [726.331626] io_schedule+0x3f/0x70 [726.331629] __folio_lock+0x125/0x200 [726.331634] ? find_get_entries+0x1bc/0x240 [726.331638] ? filemap_invalidate_unlock_two+0x40/0x40 [726.331642] truncate_inode_pages_range+0x5b2/0x770 [726.331649] truncate_inode_pages_final+0x44/0x50 [726.331653] btrfs_evict_inode+0x67/0x480 [726.331658] evict+0xd0/0x180 [726.331661] iput+0x13f/0x200 [726.331664] do_unlinkat+0x1c0/0x2b0 [726.331668] __x64_sys_unlink+0x23/0x30 [726.331670] do_syscall_64+0x3b/0xc0 [726.331674] entry_SYSCALL_64_after_hwframe+0x44/0xae [726.331677] RIP: 0033:0x7fb9490a171b [726.331681] RSP: 002b:00007fb943ffac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [726.331684] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb9490a171b [726.331686] RDX: 00007fb943ffb040 RSI: 000055a6bbe6ec20 RDI: 00007fb94400d300 [726.331687] RBP: 00007fb943ffad00 R08: 0000000000000000 R09: 0000000000000000 [726.331688] R10: 0000000000000031 R11: 0000000000000246 R12: 00007fb943ffb000 [726.331690] R13: 00007fb943ffb040 R14: 0000000000000000 R15: 00007fb943ffd260 [726.331693] </TASK> While we debug the issue, we found running fstests generic/551 on 5GB non-zoned null_blk device in the emulated zoned mode also had a similar hung issue. Also, we can reproduce the same symptom with an error injected cow_file_range() setup. The hang occurs when cow_file_range() fails in the middle of allocation. cow_file_range() called from do_allocation_zoned() can split the give region ([start, end]) for allocation depending on current block group usages. When btrfs can allocate bytes for one part of the split regions but fails for the other region (e.g. because of -ENOSPC), we return the error leaving the pages in the succeeded regions locked. Technically, this occurs only when @unlock == 0. Otherwise, we unlock the pages in an allocated region after creating an ordered extent. Considering the callers of cow_file_range(unlock=0) won't write out the pages, we can unlock the pages on error exit from cow_file_range(). So, we can ensure all the pages except @locked_page are unlocked on error case. In summary, cow_file_range now behaves like this: - page_started == 1 (return value) - All the pages are unlocked. IO is started. - unlock == 1 - All the pages except @locked_page are unlocked in any case - unlock == 0 - On success, all the pages are locked for writing out them - On failure, all the pages except @locked_page are unlocked', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: ensure pages are unlocked on cow_file_range() failure\n\nThere is a hung_task report on zoned btrfs like below.\n\nhttps://github.com/naota/linux/issues/59\n\n [726.328648] INFO: task rocksdb:high0:11085 blocked for more than 241 seconds.\n [726.329839] Not tainted 5.16.0-rc1+ #1\n [726.330484] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.\n [726.331603] task:rocksdb:high0 state:D stack: 0 pid:11085 ppid: 11082 flags:0x00000000\n [726.331608] Call Trace:\n [726.331611] <TASK>\n [726.331614] __schedule+0x2e5/0x9d0\n [726.331622] schedule+0x58/0xd0\n [726.331626] io_schedule+0x3f/0x70\n [726.331629] __folio_lock+0x125/0x200\n [726.331634] ? find_get_entries+0x1bc/0x240\n [726.331638] ? filemap_invalidate_unlock_two+0x40/0x40\n [726.331642] truncate_inode_pages_range+0x5b2/0x770\n [726.331649] truncate_inode_pages_final+0x44/0x50\n [726.331653] btrfs_evict_inode+0x67/0x480\n [726.331658] evict+0xd0/0x180\n [726.331661] iput+0x13f/0x200\n [726.331664] do_unlinkat+0x1c0/0x2b0\n [726.331668] __x64_sys_unlink+0x23/0x30\n [726.331670] do_syscall_64+0x3b/0xc0\n [726.331674] entry_SYSCALL_64_after_hwframe+0x44/0xae\n [726.331677] RIP: 0033:0x7fb9490a171b\n [726.331681] RSP: 002b:00007fb943ffac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000057\n [726.331684] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb9490a171b\n [726.331686] RDX: 00007fb943ffb040 RSI: 000055a6bbe6ec20 RDI: 00007fb94400d300\n [726.331687] RBP: 00007fb943ffad00 R08: 0000000000000000 R09: 0000000000000000\n [726.331688] R10: 0000000000000031 R11: 0000000000000246 R12: 00007fb943ffb000\n [726.331690] R13: 00007fb943ffb040 R14: 0000000000000000 R15: 00007fb943ffd260\n [726.331693] </TASK>\n\nWhile we debug the issue, we found running fstests generic/551 on 5GB\nnon-zoned null_blk device in the emulated zoned mode also had a\nsimilar hung issue.\n\nAlso, we can reproduce the same symptom with an error injected\ncow_file_range() setup.\n\nThe hang occurs when cow_file_range() fails in the middle of\nallocation. cow_file_range() called from do_allocation_zoned() can\nsplit the give region ([start, end]) for allocation depending on\ncurrent block group usages. When btrfs can allocate bytes for one part\nof the split regions but fails for the other region (e.g. because of\n-ENOSPC), we return the error leaving the pages in the succeeded regions\nlocked. Technically, this occurs only when @unlock == 0. Otherwise, we\nunlock the pages in an allocated region after creating an ordered\nextent.\n\nConsidering the callers of cow_file_range(unlock=0) won't write out\nthe pages, we can unlock the pages on error exit from\ncow_file_range(). So, we can ensure all the pages except @locked_page\nare unlocked on error case.\n\nIn summary, cow_file_range now behaves like this:\n\n- page_started == 1 (return value)\n - All the pages are unlocked. IO is started.\n- unlock == 1\n - All the pages except @locked_page are unlocked in any case\n- unlock == 0\n - On success, all the pages are locked for writing out them\n - On failure, all the pages except @locked_page are unlocked', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50089 was patched at 2025-06-17

481. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50090) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size On zoned filesystem, data write out is limited by max_zone_append_size, and a large ordered extent is split according the size of a bio. OTOH, the number of extents to be written is calculated using BTRFS_MAX_EXTENT_SIZE, and that estimated number is used to reserve the metadata bytes to update and/or create the metadata items. The metadata reservation is done at e.g, btrfs_buffered_write() and then released according to the estimation changes. Thus, if the number of extent increases massively, the reserved metadata can run out. The increase of the number of extents easily occurs on zoned filesystem if BTRFS_MAX_EXTENT_SIZE > max_zone_append_size. And, it causes the following warning on a small RAM environment with disabling metadata over-commit (in the following patch). [75721.498492] ------------[ cut here ]------------ [75721.505624] BTRFS: block rsv 1 returned -28 [75721.512230] WARNING: CPU: 24 PID: 2327559 at fs/btrfs/block-rsv.c:537 btrfs_use_block_rsv+0x560/0x760 [btrfs] [75721.581854] CPU: 24 PID: 2327559 Comm: kworker/u64:10 Kdump: loaded Tainted: G W 5.18.0-rc2-BTRFS-ZNS+ #109 [75721.597200] Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.0 02/22/2021 [75721.607310] Workqueue: btrfs-endio-write btrfs_work_helper [btrfs] [75721.616209] RIP: 0010:btrfs_use_block_rsv+0x560/0x760 [btrfs] [75721.646649] RSP: 0018:ffffc9000fbdf3e0 EFLAGS: 00010286 [75721.654126] RAX: 0000000000000000 RBX: 0000000000004000 RCX: 0000000000000000 [75721.663524] RDX: 0000000000000004 RSI: 0000000000000008 RDI: fffff52001f7be6e [75721.672921] RBP: ffffc9000fbdf420 R08: 0000000000000001 R09: ffff889f8d1fc6c7 [75721.682493] R10: ffffed13f1a3f8d8 R11: 0000000000000001 R12: ffff88980a3c0e28 [75721.692284] R13: ffff889b66590000 R14: ffff88980a3c0e40 R15: ffff88980a3c0e8a [75721.701878] FS: 0000000000000000(0000) GS:ffff889f8d000000(0000) knlGS:0000000000000000 [75721.712601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [75721.720726] CR2: 000055d12e05c018 CR3: 0000800193594000 CR4: 0000000000350ee0 [75721.730499] Call Trace: [75721.735166] <TASK> [75721.739886] btrfs_alloc_tree_block+0x1e1/0x1100 [btrfs] [75721.747545] ? btrfs_alloc_logged_file_extent+0x550/0x550 [btrfs] [75721.756145] ? btrfs_get_32+0xea/0x2d0 [btrfs] [75721.762852] ? btrfs_get_32+0xea/0x2d0 [btrfs] [75721.769520] ? push_leaf_left+0x420/0x620 [btrfs] [75721.776431] ? memcpy+0x4e/0x60 [75721.781931] split_leaf+0x433/0x12d0 [btrfs] [75721.788392] ? btrfs_get_token_32+0x580/0x580 [btrfs] [75721.795636] ? push_for_double_split.isra.0+0x420/0x420 [btrfs] [75721.803759] ? leaf_space_used+0x15d/0x1a0 [btrfs] [75721.811156] btrfs_search_slot+0x1bc3/0x2790 [btrfs] [75721.818300] ? lock_downgrade+0x7c0/0x7c0 [75721.824411] ? free_extent_buffer.part.0+0x107/0x200 [btrfs] [75721.832456] ? split_leaf+0x12d0/0x12d0 [btrfs] [75721.839149] ? free_extent_buffer.part.0+0x14f/0x200 [btrfs] [75721.846945] ? free_extent_buffer+0x13/0x20 [btrfs] [75721.853960] ? btrfs_release_path+0x4b/0x190 [btrfs] [75721.861429] btrfs_csum_file_blocks+0x85c/0x1500 [btrfs] [75721.869313] ? rcu_read_lock_sched_held+0x16/0x80 [75721.876085] ? lock_release+0x552/0xf80 [75721.881957] ? btrfs_del_csums+0x8c0/0x8c0 [btrfs] [75721.888886] ? __kasan_check_write+0x14/0x20 [75721.895152] ? do_raw_read_unlock+0x44/0x80 [75721.901323] ? _raw_write_lock_irq+0x60/0x80 [75721.907983] ? btrfs_global_root+0xb9/0xe0 [btrfs] [75721.915166] ? btrfs_csum_root+0x12b/0x180 [btrfs] [75721.921918] ? btrfs_get_global_root+0x820/0x820 [btrfs] [75721.929166] ? _raw_write_unlock+0x23/0x40 [75721.935116] ? unpin_extent_cache+0x1e3/0x390 [btrfs] [75721.942041] btrfs_finish_ordered_io.isra.0+0xa0c/0x1dc0 [btrfs] [75721.949906] ? try_to_wake_up+0x30/0x14a0 [75721.955700] ? btrfs_unlink_subvol+0xda0/0xda0 [btrfs] [75721.962661] ? rcu ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: replace BTRFS_MAX_EXTENT_SIZE with fs_info->max_extent_size\n\nOn zoned filesystem, data write out is limited by max_zone_append_size,\nand a large ordered extent is split according the size of a bio. OTOH,\nthe number of extents to be written is calculated using\nBTRFS_MAX_EXTENT_SIZE, and that estimated number is used to reserve the\nmetadata bytes to update and/or create the metadata items.\n\nThe metadata reservation is done at e.g, btrfs_buffered_write() and then\nreleased according to the estimation changes. Thus, if the number of extent\nincreases massively, the reserved metadata can run out.\n\nThe increase of the number of extents easily occurs on zoned filesystem\nif BTRFS_MAX_EXTENT_SIZE > max_zone_append_size. And, it causes the\nfollowing warning on a small RAM environment with disabling metadata\nover-commit (in the following patch).\n\n[75721.498492] ------------[ cut here ]------------\n[75721.505624] BTRFS: block rsv 1 returned -28\n[75721.512230] WARNING: CPU: 24 PID: 2327559 at fs/btrfs/block-rsv.c:537 btrfs_use_block_rsv+0x560/0x760 [btrfs]\n[75721.581854] CPU: 24 PID: 2327559 Comm: kworker/u64:10 Kdump: loaded Tainted: G W 5.18.0-rc2-BTRFS-ZNS+ #109\n[75721.597200] Hardware name: Supermicro Super Server/H12SSL-NT, BIOS 2.0 02/22/2021\n[75721.607310] Workqueue: btrfs-endio-write btrfs_work_helper [btrfs]\n[75721.616209] RIP: 0010:btrfs_use_block_rsv+0x560/0x760 [btrfs]\n[75721.646649] RSP: 0018:ffffc9000fbdf3e0 EFLAGS: 00010286\n[75721.654126] RAX: 0000000000000000 RBX: 0000000000004000 RCX: 0000000000000000\n[75721.663524] RDX: 0000000000000004 RSI: 0000000000000008 RDI: fffff52001f7be6e\n[75721.672921] RBP: ffffc9000fbdf420 R08: 0000000000000001 R09: ffff889f8d1fc6c7\n[75721.682493] R10: ffffed13f1a3f8d8 R11: 0000000000000001 R12: ffff88980a3c0e28\n[75721.692284] R13: ffff889b66590000 R14: ffff88980a3c0e40 R15: ffff88980a3c0e8a\n[75721.701878] FS: 0000000000000000(0000) GS:ffff889f8d000000(0000) knlGS:0000000000000000\n[75721.712601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[75721.720726] CR2: 000055d12e05c018 CR3: 0000800193594000 CR4: 0000000000350ee0\n[75721.730499] Call Trace:\n[75721.735166] <TASK>\n[75721.739886] btrfs_alloc_tree_block+0x1e1/0x1100 [btrfs]\n[75721.747545] ? btrfs_alloc_logged_file_extent+0x550/0x550 [btrfs]\n[75721.756145] ? btrfs_get_32+0xea/0x2d0 [btrfs]\n[75721.762852] ? btrfs_get_32+0xea/0x2d0 [btrfs]\n[75721.769520] ? push_leaf_left+0x420/0x620 [btrfs]\n[75721.776431] ? memcpy+0x4e/0x60\n[75721.781931] split_leaf+0x433/0x12d0 [btrfs]\n[75721.788392] ? btrfs_get_token_32+0x580/0x580 [btrfs]\n[75721.795636] ? push_for_double_split.isra.0+0x420/0x420 [btrfs]\n[75721.803759] ? leaf_space_used+0x15d/0x1a0 [btrfs]\n[75721.811156] btrfs_search_slot+0x1bc3/0x2790 [btrfs]\n[75721.818300] ? lock_downgrade+0x7c0/0x7c0\n[75721.824411] ? free_extent_buffer.part.0+0x107/0x200 [btrfs]\n[75721.832456] ? split_leaf+0x12d0/0x12d0 [btrfs]\n[75721.839149] ? free_extent_buffer.part.0+0x14f/0x200 [btrfs]\n[75721.846945] ? free_extent_buffer+0x13/0x20 [btrfs]\n[75721.853960] ? btrfs_release_path+0x4b/0x190 [btrfs]\n[75721.861429] btrfs_csum_file_blocks+0x85c/0x1500 [btrfs]\n[75721.869313] ? rcu_read_lock_sched_held+0x16/0x80\n[75721.876085] ? lock_release+0x552/0xf80\n[75721.881957] ? btrfs_del_csums+0x8c0/0x8c0 [btrfs]\n[75721.888886] ? __kasan_check_write+0x14/0x20\n[75721.895152] ? do_raw_read_unlock+0x44/0x80\n[75721.901323] ? _raw_write_lock_irq+0x60/0x80\n[75721.907983] ? btrfs_global_root+0xb9/0xe0 [btrfs]\n[75721.915166] ? btrfs_csum_root+0x12b/0x180 [btrfs]\n[75721.921918] ? btrfs_get_global_root+0x820/0x820 [btrfs]\n[75721.929166] ? _raw_write_unlock+0x23/0x40\n[75721.935116] ? unpin_extent_cache+0x1e3/0x390 [btrfs]\n[75721.942041] btrfs_finish_ordered_io.isra.0+0xa0c/0x1dc0 [btrfs]\n[75721.949906] ? try_to_wake_up+0x30/0x14a0\n[75721.955700] ? btrfs_unlink_subvol+0xda0/0xda0 [btrfs]\n[75721.962661] ? rcu\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50090 was patched at 2025-06-17

482. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50091) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: locking/csd_lock: Change csdlock_debug from early_param to __setup The csdlock_debug kernel-boot parameter is parsed by the early_param() function csdlock_debug(). If set, csdlock_debug() invokes static_branch_enable() to enable csd_lock_wait feature, which triggers a panic on arm64 for kernels built with CONFIG_SPARSEMEM=y and CONFIG_SPARSEMEM_VMEMMAP=n. With CONFIG_SPARSEMEM_VMEMMAP=n, __nr_to_section is called in static_key_enable() and returns NULL, resulting in a NULL dereference because mem_section is initialized only later in sparse_init(). This is also a problem for powerpc because early_param() functions are invoked earlier than jump_label_init(), also resulting in static_key_enable() failures. These failures cause the warning "static key 'xxx' used before call to jump_label_init()". Thus, early_param is too early for csd_lock_wait to run static_branch_enable(), so changes it to __setup to fix these.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlocking/csd_lock: Change csdlock_debug from early_param to __setup\n\nThe csdlock_debug kernel-boot parameter is parsed by the\nearly_param() function csdlock_debug(). If set, csdlock_debug()\ninvokes static_branch_enable() to enable csd_lock_wait feature, which\ntriggers a panic on arm64 for kernels built with CONFIG_SPARSEMEM=y and\nCONFIG_SPARSEMEM_VMEMMAP=n.\n\nWith CONFIG_SPARSEMEM_VMEMMAP=n, __nr_to_section is called in\nstatic_key_enable() and returns NULL, resulting in a NULL dereference\nbecause mem_section is initialized only later in sparse_init().\n\nThis is also a problem for powerpc because early_param() functions\nare invoked earlier than jump_label_init(), also resulting in\nstatic_key_enable() failures. These failures cause the warning "static\nkey 'xxx' used before call to jump_label_init()".\n\nThus, early_param is too early for csd_lock_wait to run\nstatic_branch_enable(), so changes it to __setup to fix these.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50091 was patched at 2025-06-17

483. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50096) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: x86/kprobes: Update kcb status flag after singlestepping Fix kprobes to update kcb (kprobes control block) status flag to KPROBE_HIT_SSDONE even if the kp->post_handler is not set. This bug may cause a kernel panic if another INT3 user runs right after kprobes because kprobe_int3_handler() misunderstands the INT3 is kprobe's single stepping INT3.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kprobes: Update kcb status flag after singlestepping\n\nFix kprobes to update kcb (kprobes control block) status flag to\nKPROBE_HIT_SSDONE even if the kp->post_handler is not set.\n\nThis bug may cause a kernel panic if another INT3 user runs right\nafter kprobes because kprobe_int3_handler() misunderstands the\nINT3 is kprobe's single stepping INT3.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50096 was patched at 2025-06-17

484. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50098) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts Ensure SRB is returned during I/O timeout error escalation. If that is not possible fail the escalation path. Following crash stack was seen: BUG: unable to handle kernel paging request at 0000002f56aa90f8 IP: qla_chk_edif_rx_sa_delete_pending+0x14/0x30 [qla2xxx] Call Trace: ? qla2x00_status_entry+0x19f/0x1c50 [qla2xxx] ? qla2x00_start_sp+0x116/0x1170 [qla2xxx] ? dma_pool_alloc+0x1d6/0x210 ? mempool_alloc+0x54/0x130 ? qla24xx_process_response_queue+0x548/0x12b0 [qla2xxx] ? qla_do_work+0x2d/0x40 [qla2xxx] ? process_one_work+0x14c/0x390', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts\n\nEnsure SRB is returned during I/O timeout error escalation. If that is not\npossible fail the escalation path.\n\nFollowing crash stack was seen:\n\nBUG: unable to handle kernel paging request at 0000002f56aa90f8\nIP: qla_chk_edif_rx_sa_delete_pending+0x14/0x30 [qla2xxx]\nCall Trace:\n ? qla2x00_status_entry+0x19f/0x1c50 [qla2xxx]\n ? qla2x00_start_sp+0x116/0x1170 [qla2xxx]\n ? dma_pool_alloc+0x1d6/0x210\n ? mempool_alloc+0x54/0x130\n ? qla24xx_process_response_queue+0x548/0x12b0 [qla2xxx]\n ? qla_do_work+0x2d/0x40 [qla2xxx]\n ? process_one_work+0x14c/0x390', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50098 was patched at 2025-06-17

485. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50100) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: sched/core: Do not requeue task on CPU excluded from cpus_mask The following warning was triggered on a large machine early in boot on a distribution kernel but the same problem should also affect mainline. WARNING: CPU: 439 PID: 10 at ../kernel/workqueue.c:2231 process_one_work+0x4d/0x440 Call Trace: <TASK> rescuer_thread+0x1f6/0x360 kthread+0x156/0x180 ret_from_fork+0x22/0x30 </TASK> Commit c6e7bd7afaeb ("sched/core: Optimize ttwu() spinning on p->on_cpu") optimises ttwu by queueing a task that is descheduling on the wakelist, but does not check if the task descheduling is still allowed to run on that CPU. In this warning, the problematic task is a workqueue rescue thread which checks if the rescue is for a per-cpu workqueue and running on the wrong CPU. While this is early in boot and it should be possible to create workers, the rescue thread may still used if the MAYDAY_INITIAL_TIMEOUT is reached or MAYDAY_INTERVAL and on a sufficiently large machine, the rescue thread is being used frequently. Tracing confirmed that the task should have migrated properly using the stopper thread to handle the migration. However, a parallel wakeup from udev running on another CPU that does not share CPU cache observes p->on_cpu and uses task_cpu(p), queues the task on the old CPU and triggers the warning. Check that the wakee task that is descheduling is still allowed to run on its current CPU and if not, wait for the descheduling to complete and select an allowed CPU.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Do not requeue task on CPU excluded from cpus_mask\n\nThe following warning was triggered on a large machine early in boot on\na distribution kernel but the same problem should also affect mainline.\n\n WARNING: CPU: 439 PID: 10 at ../kernel/workqueue.c:2231 process_one_work+0x4d/0x440\n Call Trace:\n <TASK>\n rescuer_thread+0x1f6/0x360\n kthread+0x156/0x180\n ret_from_fork+0x22/0x30\n </TASK>\n\nCommit c6e7bd7afaeb ("sched/core: Optimize ttwu() spinning on p->on_cpu")\noptimises ttwu by queueing a task that is descheduling on the wakelist,\nbut does not check if the task descheduling is still allowed to run on that CPU.\n\nIn this warning, the problematic task is a workqueue rescue thread which\nchecks if the rescue is for a per-cpu workqueue and running on the wrong CPU.\nWhile this is early in boot and it should be possible to create workers,\nthe rescue thread may still used if the MAYDAY_INITIAL_TIMEOUT is reached\nor MAYDAY_INTERVAL and on a sufficiently large machine, the rescue\nthread is being used frequently.\n\nTracing confirmed that the task should have migrated properly using the\nstopper thread to handle the migration. However, a parallel wakeup from udev\nrunning on another CPU that does not share CPU cache observes p->on_cpu and\nuses task_cpu(p), queues the task on the old CPU and triggers the warning.\n\nCheck that the wakee task that is descheduling is still allowed to run\non its current CPU and if not, wait for the descheduling to complete\nand select an allowed CPU.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50100 was patched at 2025-06-17

486. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50111) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ASoC: mt6359: Fix refcount leak bug In mt6359_parse_dt() and mt6359_accdet_parse_dt(), we should call of_node_put() for the reference returned by of_get_child_by_name() which has increased the refcount.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mt6359: Fix refcount leak bug\n\nIn mt6359_parse_dt() and mt6359_accdet_parse_dt(), we should call\nof_node_put() for the reference returned by of_get_child_by_name()\nwhich has increased the refcount.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50111 was patched at 2025-06-17

487. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50113) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type() We should call of_node_put() for the reference before its replacement as it returned by of_get_parent() which has increased the refcount. Besides, we should also call of_node_put() before return.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type()\n\nWe should call of_node_put() for the reference before its replacement\nas it returned by of_get_parent() which has increased the refcount.\nBesides, we should also call of_node_put() before return.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50113 was patched at 2025-06-17

488. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50114) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: 9p: fix refcount leak in p9_read_work() error handling p9_req_put need to be called when m->rreq->rc.sdata is NULL to avoid temporary refcount leak. [Dominique: commit wording adjustments, p9_req_put argument fixes for rebase]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: 9p: fix refcount leak in p9_read_work() error handling\n\np9_req_put need to be called when m->rreq->rc.sdata is NULL to avoid\ntemporary refcount leak.\n\n[Dominique: commit wording adjustments, p9_req_put argument fixes for rebase]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50114 was patched at 2025-06-17

489. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50116) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user packets as needed and processes this queue down to the ldisc in the same code path. That means that the upper and the lower layer are hard coupled in the code. Due to this deadlocks can happen as seen below while transmitting data, especially during ldisc congestion. Furthermore, the data channels starve the control channel on high transmission load on the ldisc. Introduce an additional control channel data queue to prevent timeouts and link hangups during ldisc congestion. This is being processed before the user channel data queue in gsm_data_kick(), i.e. with the highest priority. Put the queue to ldisc data path into a workqueue and trigger it whenever new data has been put into the transmission queue. Change gsm_dlci_data_sweep() accordingly to fill up the transmission queue until TX_THRESH_HI. This solves the locking issue, keeps latency low and provides good performance on high data load. Note that now all packets from a DLCI are removed from the internal queue if the associated DLCI was closed. This ensures that no data is sent by the introduced write task to an already closed DLCI. BUG: spinlock recursion on CPU#0, test_v24_loop/124 lock: serial8250_ports+0x3a8/0x7500, .magic: dead4ead, .owner: test_v24_loop/124, .owner_cpu: 0 CPU: 0 PID: 124 Comm: test_v24_loop Tainted: G O 5.18.0-rc2 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <IRQ> dump_stack_lvl+0x34/0x44 do_raw_spin_lock+0x76/0xa0 _raw_spin_lock_irqsave+0x72/0x80 uart_write_room+0x3b/0xc0 gsm_data_kick+0x14b/0x240 [n_gsm] gsmld_write_wakeup+0x35/0x70 [n_gsm] tty_wakeup+0x53/0x60 tty_port_default_wakeup+0x1b/0x30 serial8250_tx_chars+0x12f/0x220 serial8250_handle_irq.part.0+0xfe/0x150 serial8250_default_handle_irq+0x48/0x80 serial8250_interrupt+0x56/0xa0 __handle_irq_event_percpu+0x78/0x1f0 handle_irq_event+0x34/0x70 handle_fasteoi_irq+0x90/0x1e0 __common_interrupt+0x69/0x100 common_interrupt+0x48/0xc0 asm_common_interrupt+0x1e/0x40 RIP: 0010:__do_softirq+0x83/0x34e Code: 2a 0a ff 0f b7 ed c7 44 24 10 0a 00 00 00 48 c7 c7 51 2a 64 82 e8 2d e2 d5 ff 65 66 c7 05 83 af 1e 7e 00 00 fb b8 ff ff ff ff <49> c7 c2 40 61 80 82 0f bc c5 41 89 c4 41 83 c4 01 0f 84 e6 00 00 RSP: 0018:ffffc90000003f98 EFLAGS: 00000286 RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff82642a51 RDI: ffffffff825bb5e7 RBP: 0000000000000200 R08: 00000008de3271a8 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000030 R14: 0000000000000000 R15: 0000000000000000 ? __do_softirq+0x73/0x34e irq_exit_rcu+0xb5/0x100 common_interrupt+0xa4/0xc0 </IRQ> <TASK> asm_common_interrupt+0x1e/0x40 RIP: 0010:_raw_spin_unlock_irqrestore+0x2e/0x50 Code: 00 55 48 89 fd 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 85 28 36 ff 48 89 ef e8 cd 58 36 ff 80 e7 02 74 01 fb bf 01 00 00 00 <e8> 3d 97 33 ff 65 8b 05 96 23 2b 7e 85 c0 74 03 5b 5d c3 0f 1f 44 RSP: 0018:ffffc9000020fd08 EFLAGS: 00000202 RAX: 0000000000000000 RBX: 0000000000000246 RCX: 0000000000000000 RDX: 0000000000000004 RSI: ffffffff8257fd74 RDI: 0000000000000001 RBP: ffff8880057de3a0 R08: 00000008de233000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000100 R14: 0000000000000202 R15: ffff8880057df0b8 ? _raw_spin_unlock_irqrestore+0x23/0x50 gsmtty_write+0x65/0x80 [n_gsm] n_tty_write+0x33f/0x530 ? swake_up_all+0xe0/0xe0 file_tty_write.constprop.0+0x1b1/0x320 ? n_tty_flush_buffer+0xb0/0xb0 new_sync_write+0x10c/0x190 vfs_write+0x282/0x310 ksys_write+0x68/0xe0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f3e5e35c15c Code: 8b 7c 24 08 89 c5 e8 c5 ff ff ff 89 ef 89 44 24 ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix deadlock and link starvation in outgoing data path\n\nThe current implementation queues up new control and user packets as needed\nand processes this queue down to the ldisc in the same code path.\nThat means that the upper and the lower layer are hard coupled in the code.\nDue to this deadlocks can happen as seen below while transmitting data,\nespecially during ldisc congestion. Furthermore, the data channels starve\nthe control channel on high transmission load on the ldisc.\n\nIntroduce an additional control channel data queue to prevent timeouts and\nlink hangups during ldisc congestion. This is being processed before the\nuser channel data queue in gsm_data_kick(), i.e. with the highest priority.\nPut the queue to ldisc data path into a workqueue and trigger it whenever\nnew data has been put into the transmission queue. Change\ngsm_dlci_data_sweep() accordingly to fill up the transmission queue until\nTX_THRESH_HI. This solves the locking issue, keeps latency low and provides\ngood performance on high data load.\nNote that now all packets from a DLCI are removed from the internal queue\nif the associated DLCI was closed. This ensures that no data is sent by the\nintroduced write task to an already closed DLCI.\n\nBUG: spinlock recursion on CPU#0, test_v24_loop/124\n lock: serial8250_ports+0x3a8/0x7500, .magic: dead4ead, .owner: test_v24_loop/124, .owner_cpu: 0\nCPU: 0 PID: 124 Comm: test_v24_loop Tainted: G O 5.18.0-rc2 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n <IRQ>\n dump_stack_lvl+0x34/0x44\n do_raw_spin_lock+0x76/0xa0\n _raw_spin_lock_irqsave+0x72/0x80\n uart_write_room+0x3b/0xc0\n gsm_data_kick+0x14b/0x240 [n_gsm]\n gsmld_write_wakeup+0x35/0x70 [n_gsm]\n tty_wakeup+0x53/0x60\n tty_port_default_wakeup+0x1b/0x30\n serial8250_tx_chars+0x12f/0x220\n serial8250_handle_irq.part.0+0xfe/0x150\n serial8250_default_handle_irq+0x48/0x80\n serial8250_interrupt+0x56/0xa0\n __handle_irq_event_percpu+0x78/0x1f0\n handle_irq_event+0x34/0x70\n handle_fasteoi_irq+0x90/0x1e0\n __common_interrupt+0x69/0x100\n common_interrupt+0x48/0xc0\n asm_common_interrupt+0x1e/0x40\nRIP: 0010:__do_softirq+0x83/0x34e\nCode: 2a 0a ff 0f b7 ed c7 44 24 10 0a 00 00 00 48 c7 c7 51 2a 64 82 e8 2d\ne2 d5 ff 65 66 c7 05 83 af 1e 7e 00 00 fb b8 ff ff ff ff <49> c7 c2 40 61\n80 82 0f bc c5 41 89 c4 41 83 c4 01 0f 84 e6 00 00\nRSP: 0018:ffffc90000003f98 EFLAGS: 00000286\nRAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff82642a51 RDI: ffffffff825bb5e7\nRBP: 0000000000000200 R08: 00000008de3271a8 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000030 R14: 0000000000000000 R15: 0000000000000000\n ? __do_softirq+0x73/0x34e\n irq_exit_rcu+0xb5/0x100\n common_interrupt+0xa4/0xc0\n </IRQ>\n <TASK>\n asm_common_interrupt+0x1e/0x40\nRIP: 0010:_raw_spin_unlock_irqrestore+0x2e/0x50\nCode: 00 55 48 89 fd 48 83 c7 18 53 48 89 f3 48 8b 74 24 10 e8 85 28 36 ff\n48 89 ef e8 cd 58 36 ff 80 e7 02 74 01 fb bf 01 00 00 00 <e8> 3d 97 33 ff\n65 8b 05 96 23 2b 7e 85 c0 74 03 5b 5d c3 0f 1f 44\nRSP: 0018:ffffc9000020fd08 EFLAGS: 00000202\nRAX: 0000000000000000 RBX: 0000000000000246 RCX: 0000000000000000\nRDX: 0000000000000004 RSI: ffffffff8257fd74 RDI: 0000000000000001\nRBP: ffff8880057de3a0 R08: 00000008de233000 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: 0000000000000100 R14: 0000000000000202 R15: ffff8880057df0b8\n ? _raw_spin_unlock_irqrestore+0x23/0x50\n gsmtty_write+0x65/0x80 [n_gsm]\n n_tty_write+0x33f/0x530\n ? swake_up_all+0xe0/0xe0\n file_tty_write.constprop.0+0x1b1/0x320\n ? n_tty_flush_buffer+0xb0/0xb0\n new_sync_write+0x10c/0x190\n vfs_write+0x282/0x310\n ksys_write+0x68/0xe0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f3e5e35c15c\nCode: 8b 7c 24 08 89 c5 e8 c5 ff ff ff 89 ef 89 44 24\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50116 was patched at 2025-06-17

490. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50117) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: vfio: Split migration ops from main device ops vfio core checks whether the driver sets some migration op (e.g. set_state/get_state) and accordingly calls its op. However, currently mlx5 driver sets the above ops without regards to its migration caps. This might lead to unexpected usage/Oops if user space may call to the above ops even if the driver doesn't support migration. As for example, the migration state_mutex is not initialized in that case. The cleanest way to manage that seems to split the migration ops from the main device ops, this will let the driver setting them separately from the main ops when it's applicable. As part of that, validate ops construction on registration and include a check for VFIO_MIGRATION_STOP_COPY since the uAPI claims it must be set in migration_flags. HISI driver was changed as well to match this scheme. This scheme may enable down the road to come with some extra group of ops (e.g. DMA log) that can be set without regards to the other options based on driver caps.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvfio: Split migration ops from main device ops\n\nvfio core checks whether the driver sets some migration op (e.g.\nset_state/get_state) and accordingly calls its op.\n\nHowever, currently mlx5 driver sets the above ops without regards to its\nmigration caps.\n\nThis might lead to unexpected usage/Oops if user space may call to the\nabove ops even if the driver doesn't support migration. As for example,\nthe migration state_mutex is not initialized in that case.\n\nThe cleanest way to manage that seems to split the migration ops from\nthe main device ops, this will let the driver setting them separately\nfrom the main ops when it's applicable.\n\nAs part of that, validate ops construction on registration and include a\ncheck for VFIO_MIGRATION_STOP_COPY since the uAPI claims it must be set\nin migration_flags.\n\nHISI driver was changed as well to match this scheme.\n\nThis scheme may enable down the road to come with some extra group of\nops (e.g. DMA log) that can be set without regards to the other options\nbased on driver caps.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50117 was patched at 2025-06-17

491. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50118) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable commit 2c9ac51b850d ("powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC") added a new function "pmi_irq_pending" in hw_irq.h. This function is to check if there is a PMI marked as pending in Paca (PACA_IRQ_PMI).This is used in power_pmu_disable in a WARN_ON. The intention here is to provide a warning if there is PMI pending, but no counter is found overflown. During some of the perf runs, below warning is hit: WARNING: CPU: 36 PID: 0 at arch/powerpc/perf/core-book3s.c:1332 power_pmu_disable+0x25c/0x2c0 Modules linked in: ----- NIP [c000000000141c3c] power_pmu_disable+0x25c/0x2c0 LR [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0 Call Trace: [c000000baffcfb90] [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0 (unreliable) [c000000baffcfc10] [c0000000003e2f8c] perf_pmu_disable+0x4c/0x60 [c000000baffcfc30] [c0000000003e3344] group_sched_out.part.124+0x44/0x100 [c000000baffcfc80] [c0000000003e353c] __perf_event_disable+0x13c/0x240 [c000000baffcfcd0] [c0000000003dd334] event_function+0xc4/0x140 [c000000baffcfd20] [c0000000003d855c] remote_function+0x7c/0xa0 [c000000baffcfd50] [c00000000026c394] flush_smp_call_function_queue+0xd4/0x300 [c000000baffcfde0] [c000000000065b24] smp_ipi_demux_relaxed+0xa4/0x100 [c000000baffcfe20] [c0000000000cb2b0] xive_muxed_ipi_action+0x20/0x40 [c000000baffcfe40] [c000000000207c3c] __handle_irq_event_percpu+0x8c/0x250 [c000000baffcfee0] [c000000000207e2c] handle_irq_event_percpu+0x2c/0xa0 [c000000baffcff10] [c000000000210a04] handle_percpu_irq+0x84/0xc0 [c000000baffcff40] [c000000000205f14] generic_handle_irq+0x54/0x80 [c000000baffcff60] [c000000000015740] __do_irq+0x90/0x1d0 [c000000baffcff90] [c000000000016990] __do_IRQ+0xc0/0x140 [c0000009732f3940] [c000000bafceaca8] 0xc000000bafceaca8 [c0000009732f39d0] [c000000000016b78] do_IRQ+0x168/0x1c0 [c0000009732f3a00] [c0000000000090c8] hardware_interrupt_common_virt+0x218/0x220 This means that there is no PMC overflown among the active events in the PMU, but there is a PMU pending in Paca. The function "any_pmc_overflown" checks the PMCs on active events in cpuhw->n_events. Code snippet: <<>> if (any_pmc_overflown(cpuhw)) \tclear_pmi_irq_pending(); else \tWARN_ON(pmi_irq_pending()); <<>> Here the PMC overflown is not from active event. Example: When we do perf record, default cycles and instructions will be running on PMC6 and PMC5 respectively. It could happen that overflowed event is currently not active and pending PMI is for the inactive event. Debug logs from trace_printk: <<>> any_pmc_overflown: idx is 5: pmc value is 0xd9a power_pmu_disable: PMC1: 0x0, PMC2: 0x0, PMC3: 0x0, PMC4: 0x0, PMC5: 0xd9a, PMC6: 0x80002011 <<>> Here active PMC (from idx) is PMC5 , but overflown PMC is PMC6(0x80002011). When we handle PMI interrupt for such cases, if the PMC overflown is from inactive event, it will be ignored. Reference commit: commit bc09c219b2e6 ("powerpc/perf: Fix finding overflowed PMC in interrupt") Patch addresses two changes: 1) Fix 1 : Removal of warning ( WARN_ON(pmi_irq_pending()); ) We were printing warning if no PMC is found overflown among active PMU events, but PMI pending in PACA. But this could happen in cases where PMC overflown is not in active PMC. An inactive event could have caused the overflow. Hence the warning is not needed. To know pending PMI is from an inactive event, we need to loop through all PMC's which will cause more SPR reads via mfspr and increase in context switch. Also in existing function: perf_event_interrupt, already we ignore PMI's overflown when it is from an inactive PMC. 2) Fix 2: optimization in clearing pending PMI. Currently we check for any active PMC overflown before clearing PMI pending in Paca. This is causing additional SP ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable\n\ncommit 2c9ac51b850d ("powerpc/perf: Fix PMU callbacks to clear\npending PMI before resetting an overflown PMC") added a new\nfunction "pmi_irq_pending" in hw_irq.h. This function is to check\nif there is a PMI marked as pending in Paca (PACA_IRQ_PMI).This is\nused in power_pmu_disable in a WARN_ON. The intention here is to\nprovide a warning if there is PMI pending, but no counter is found\noverflown.\n\nDuring some of the perf runs, below warning is hit:\n\nWARNING: CPU: 36 PID: 0 at arch/powerpc/perf/core-book3s.c:1332 power_pmu_disable+0x25c/0x2c0\n Modules linked in:\n -----\n\n NIP [c000000000141c3c] power_pmu_disable+0x25c/0x2c0\n LR [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0\n Call Trace:\n [c000000baffcfb90] [c000000000141c8c] power_pmu_disable+0x2ac/0x2c0 (unreliable)\n [c000000baffcfc10] [c0000000003e2f8c] perf_pmu_disable+0x4c/0x60\n [c000000baffcfc30] [c0000000003e3344] group_sched_out.part.124+0x44/0x100\n [c000000baffcfc80] [c0000000003e353c] __perf_event_disable+0x13c/0x240\n [c000000baffcfcd0] [c0000000003dd334] event_function+0xc4/0x140\n [c000000baffcfd20] [c0000000003d855c] remote_function+0x7c/0xa0\n [c000000baffcfd50] [c00000000026c394] flush_smp_call_function_queue+0xd4/0x300\n [c000000baffcfde0] [c000000000065b24] smp_ipi_demux_relaxed+0xa4/0x100\n [c000000baffcfe20] [c0000000000cb2b0] xive_muxed_ipi_action+0x20/0x40\n [c000000baffcfe40] [c000000000207c3c] __handle_irq_event_percpu+0x8c/0x250\n [c000000baffcfee0] [c000000000207e2c] handle_irq_event_percpu+0x2c/0xa0\n [c000000baffcff10] [c000000000210a04] handle_percpu_irq+0x84/0xc0\n [c000000baffcff40] [c000000000205f14] generic_handle_irq+0x54/0x80\n [c000000baffcff60] [c000000000015740] __do_irq+0x90/0x1d0\n [c000000baffcff90] [c000000000016990] __do_IRQ+0xc0/0x140\n [c0000009732f3940] [c000000bafceaca8] 0xc000000bafceaca8\n [c0000009732f39d0] [c000000000016b78] do_IRQ+0x168/0x1c0\n [c0000009732f3a00] [c0000000000090c8] hardware_interrupt_common_virt+0x218/0x220\n\nThis means that there is no PMC overflown among the active events\nin the PMU, but there is a PMU pending in Paca. The function\n"any_pmc_overflown" checks the PMCs on active events in\ncpuhw->n_events. Code snippet:\n\n<<>>\nif (any_pmc_overflown(cpuhw))\n \tclear_pmi_irq_pending();\n else\n \tWARN_ON(pmi_irq_pending());\n<<>>\n\nHere the PMC overflown is not from active event. Example: When we do\nperf record, default cycles and instructions will be running on PMC6\nand PMC5 respectively. It could happen that overflowed event is currently\nnot active and pending PMI is for the inactive event. Debug logs from\ntrace_printk:\n\n<<>>\nany_pmc_overflown: idx is 5: pmc value is 0xd9a\npower_pmu_disable: PMC1: 0x0, PMC2: 0x0, PMC3: 0x0, PMC4: 0x0, PMC5: 0xd9a, PMC6: 0x80002011\n<<>>\n\nHere active PMC (from idx) is PMC5 , but overflown PMC is PMC6(0x80002011).\nWhen we handle PMI interrupt for such cases, if the PMC overflown is\nfrom inactive event, it will be ignored. Reference commit:\ncommit bc09c219b2e6 ("powerpc/perf: Fix finding overflowed PMC in interrupt")\n\nPatch addresses two changes:\n1) Fix 1 : Removal of warning ( WARN_ON(pmi_irq_pending()); )\n We were printing warning if no PMC is found overflown among active PMU\n events, but PMI pending in PACA. But this could happen in cases where\n PMC overflown is not in active PMC. An inactive event could have caused\n the overflow. Hence the warning is not needed. To know pending PMI is\n from an inactive event, we need to loop through all PMC's which will\n cause more SPR reads via mfspr and increase in context switch. Also in\n existing function: perf_event_interrupt, already we ignore PMI's\n overflown when it is from an inactive PMC.\n\n2) Fix 2: optimization in clearing pending PMI.\n Currently we check for any active PMC overflown before clearing PMI\n pending in Paca. This is causing additional SP\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50118 was patched at 2025-06-17

492. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50120) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not needed anymore. This function has two paths missing of_node_put().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not needed anymore.\nThis function has two paths missing of_node_put().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50120 was patched at 2025-06-17

493. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50121) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init Every iteration of for_each_available_child_of_node() decrements the reference count of the previous node. When breaking early from a for_each_available_child_of_node() loop, we need to explicitly call of_node_put() on the child node. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init\n\nEvery iteration of for_each_available_child_of_node() decrements\nthe reference count of the previous node.\nWhen breaking early from a for_each_available_child_of_node() loop,\nwe need to explicitly call of_node_put() on the child node.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50121 was patched at 2025-06-17

494. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50125) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe\n\nof_parse_phandle() returns a node pointer with refcount\nincremented, we should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50125 was patched at 2025-06-17

495. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50130) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: core: set smem_len before fb_deferred_io_init call The fbtft_framebuffer_alloc() calls fb_deferred_io_init() before initializing info->fix.smem_len. It is set to zero by the framebuffer_alloc() function. It will trigger a WARN_ON() at the start of fb_deferred_io_init() and the function will not do anything.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: fbtft: core: set smem_len before fb_deferred_io_init call\n\nThe fbtft_framebuffer_alloc() calls fb_deferred_io_init() before\ninitializing info->fix.smem_len. It is set to zero by the\nframebuffer_alloc() function. It will trigger a WARN_ON() at the\nstart of fb_deferred_io_init() and the function will not do anything.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50130 was patched at 2025-06-17

496. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50132) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() If 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid pointer and its dereference with priv_ep->cdns3_dev may cause panic. Found by Linux Verification Center (linuxtesting.org) with SVACE.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable()\n\nIf 'ep' is NULL, result of ep_to_cdns3_ep(ep) is invalid pointer\nand its dereference with priv_ep->cdns3_dev may cause panic.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50132 was patched at 2025-06-17

497. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50135) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup The function rxe_create_qp calls rxe_qp_from_init. If some error occurs, the error handler of function rxe_qp_from_init will set both scq and rcq to NULL. Then rxe_create_qp calls rxe_put to handle qp. In the end, rxe_qp_do_cleanup is called by rxe_put. rxe_qp_do_cleanup directly accesses scq and rcq before checking them. This will cause null-ptr-deref error. The call graph is as below: rxe_create_qp { ... rxe_qp_from_init { ... err1: ... qp->rcq = NULL; <---rcq is set to NULL qp->scq = NULL; <---scq is set to NULL ... } qp_init: rxe_put{ ... rxe_qp_do_cleanup { ... atomic_dec(&qp->scq->num_wq); <--- scq is accessed ... atomic_dec(&qp->rcq->num_wq); <--- rcq is accessed } }', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup\n\nThe function rxe_create_qp calls rxe_qp_from_init. If some error\noccurs, the error handler of function rxe_qp_from_init will set\nboth scq and rcq to NULL.\n\nThen rxe_create_qp calls rxe_put to handle qp. In the end,\nrxe_qp_do_cleanup is called by rxe_put. rxe_qp_do_cleanup directly\naccesses scq and rcq before checking them. This will cause\nnull-ptr-deref error.\n\nThe call graph is as below:\n\nrxe_create_qp {\n ...\n rxe_qp_from_init {\n ...\n err1:\n ...\n qp->rcq = NULL; <---rcq is set to NULL\n qp->scq = NULL; <---scq is set to NULL\n ...\n }\n\nqp_init:\n rxe_put{\n ...\n rxe_qp_do_cleanup {\n ...\n atomic_dec(&qp->scq->num_wq); <--- scq is accessed\n ...\n atomic_dec(&qp->rcq->num_wq); <--- rcq is accessed\n }\n}', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50135 was patched at 2025-06-17

498. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50139) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() We should call of_node_put() for the reference returned by of_get_child_by_name() which has increased the refcount.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()\n\nWe should call of_node_put() for the reference returned by\nof_get_child_by_name() which has increased the refcount.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50139 was patched at 2025-06-17

499. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50147) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix get_nodes out of bound access When user specified more nodes than supported, get_nodes will access nmask array out of bounds.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix get_nodes out of bound access\n\nWhen user specified more nodes than supported, get_nodes will access nmask\narray out of bounds.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50147 was patched at 2025-06-17

500. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50151) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix random warning message when driver load Warning log: [ 4.141392] Unexpected gfp: 0x4 (GFP_DMA32). Fixing up to gfp: 0xa20 (GFP_ATOMIC). Fix your code! [ 4.150340] CPU: 1 PID: 175 Comm: 1-0050 Not tainted 5.15.5-00039-g2fd9ae1b568c #20 [ 4.158010] Hardware name: Freescale i.MX8QXP MEK (DT) [ 4.163155] Call trace: [ 4.165600] dump_backtrace+0x0/0x1b0 [ 4.169286] show_stack+0x18/0x68 [ 4.172611] dump_stack_lvl+0x68/0x84 [ 4.176286] dump_stack+0x18/0x34 [ 4.179613] kmalloc_fix_flags+0x60/0x88 [ 4.183550] new_slab+0x334/0x370 [ 4.186878] ___slab_alloc.part.108+0x4d4/0x748 [ 4.191419] __slab_alloc.isra.109+0x30/0x78 [ 4.195702] kmem_cache_alloc+0x40c/0x420 [ 4.199725] dma_pool_alloc+0xac/0x1f8 [ 4.203486] cdns3_allocate_trb_pool+0xb4/0xd0 pool_alloc_page(struct dma_pool *pool, gfp_t mem_flags) { \t... \tpage = kmalloc(sizeof(*page), mem_flags); \tpage->vaddr = dma_alloc_coherent(pool->dev, pool->allocation, \t\t\t\t\t &page->dma, mem_flags); \t... } kmalloc was called with mem_flags, which is passed down in cdns3_allocate_trb_pool() and have GFP_DMA32 flags. kmall_fix_flags() report warning. GFP_DMA32 is not useful at all. dma_alloc_coherent() will handle DMA memory region correctly by pool->dev. GFP_DMA32 can be removed safely.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fix random warning message when driver load\n\nWarning log:\n[ 4.141392] Unexpected gfp: 0x4 (GFP_DMA32). Fixing up to gfp: 0xa20 (GFP_ATOMIC). Fix your code!\n[ 4.150340] CPU: 1 PID: 175 Comm: 1-0050 Not tainted 5.15.5-00039-g2fd9ae1b568c #20\n[ 4.158010] Hardware name: Freescale i.MX8QXP MEK (DT)\n[ 4.163155] Call trace:\n[ 4.165600] dump_backtrace+0x0/0x1b0\n[ 4.169286] show_stack+0x18/0x68\n[ 4.172611] dump_stack_lvl+0x68/0x84\n[ 4.176286] dump_stack+0x18/0x34\n[ 4.179613] kmalloc_fix_flags+0x60/0x88\n[ 4.183550] new_slab+0x334/0x370\n[ 4.186878] ___slab_alloc.part.108+0x4d4/0x748\n[ 4.191419] __slab_alloc.isra.109+0x30/0x78\n[ 4.195702] kmem_cache_alloc+0x40c/0x420\n[ 4.199725] dma_pool_alloc+0xac/0x1f8\n[ 4.203486] cdns3_allocate_trb_pool+0xb4/0xd0\n\npool_alloc_page(struct dma_pool *pool, gfp_t mem_flags)\n{\n\t...\n\tpage = kmalloc(sizeof(*page), mem_flags);\n\tpage->vaddr = dma_alloc_coherent(pool->dev, pool->allocation,\n\t\t\t\t\t &page->dma, mem_flags);\n\t...\n}\n\nkmalloc was called with mem_flags, which is passed down in\ncdns3_allocate_trb_pool() and have GFP_DMA32 flags.\nkmall_fix_flags() report warning.\n\nGFP_DMA32 is not useful at all. dma_alloc_coherent() will handle\nDMA memory region correctly by pool->dev. GFP_DMA32 can be removed\nsafely.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50151 was patched at 2025-06-17

501. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50154) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() of_get_child_by_name() returns a node pointer with refcount incremented, so we should use of_node_put() on it when we don't need it anymore. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains()\n\nof_get_child_by_name() returns a node pointer with refcount incremented, so\nwe should use of_node_put() on it when we don't need it anymore.\n\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50154 was patched at 2025-06-17

502. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50155) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset of_find_node_by_path() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset\n\nof_find_node_by_path() returns a node pointer with refcount incremented,\nwe should use of_node_put() on it when not need anymore.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50155 was patched at 2025-06-17

503. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50157) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() of_get_next_child() returns a node pointer with refcount incremented, so we should use of_node_put() on it when we don't need it anymore. mc_pcie_init_irq_domains() only calls of_node_put() in the normal path, missing it in some error paths. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()\n\nof_get_next_child() returns a node pointer with refcount incremented, so we\nshould use of_node_put() on it when we don't need it anymore.\n\nmc_pcie_init_irq_domains() only calls of_node_put() in the normal path,\nmissing it in some error paths. Add missing of_node_put() to avoid\nrefcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50157 was patched at 2025-06-17

504. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50159) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: of: check previous kernel's ima-kexec-buffer against memory bounds Presently ima_get_kexec_buffer() doesn't check if the previous kernel's ima-kexec-buffer lies outside the addressable memory range. This can result in a kernel panic if the new kernel is booted with 'mem=X' arg and the ima-kexec-buffer was allocated beyond that range by the previous kernel. The panic is usually of the form below: $ sudo kexec --initrd initrd vmlinux --append='mem=16G' <snip> BUG: Unable to handle kernel data access on read at 0xc000c01fff7f0000 Faulting instruction address: 0xc000000000837974 Oops: Kernel access of bad area, sig: 11 [#1] <snip> NIP [c000000000837974] ima_restore_measurement_list+0x94/0x6c0 LR [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160 Call Trace: [c00000000371fa80] [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160 [c00000000371fb00] [c0000000020512c4] ima_init+0x80/0x108 [c00000000371fb70] [c0000000020514dc] init_ima+0x4c/0x120 [c00000000371fbf0] [c000000000012240] do_one_initcall+0x60/0x2c0 [c00000000371fcc0] [c000000002004ad0] kernel_init_freeable+0x344/0x3ec [c00000000371fda0] [c0000000000128a4] kernel_init+0x34/0x1b0 [c00000000371fe10] [c00000000000ce64] ret_from_kernel_thread+0x5c/0x64 Instruction dump: f92100b8 f92100c0 90e10090 910100a0 4182050c 282a0017 3bc00000 40810330 7c0802a6 fb610198 7c9b2378 f80101d0 <a1240000> 2c090001 40820614 e9240010 ---[ end trace 0000000000000000 ]--- Fix this issue by checking returned PFN range of previous kernel's ima-kexec-buffer with page_is_ram() to ensure correct memory bounds.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nof: check previous kernel's ima-kexec-buffer against memory bounds\n\nPresently ima_get_kexec_buffer() doesn't check if the previous kernel's\nima-kexec-buffer lies outside the addressable memory range. This can result\nin a kernel panic if the new kernel is booted with 'mem=X' arg and the\nima-kexec-buffer was allocated beyond that range by the previous kernel.\nThe panic is usually of the form below:\n\n$ sudo kexec --initrd initrd vmlinux --append='mem=16G'\n\n<snip>\n BUG: Unable to handle kernel data access on read at 0xc000c01fff7f0000\n Faulting instruction address: 0xc000000000837974\n Oops: Kernel access of bad area, sig: 11 [#1]\n<snip>\n NIP [c000000000837974] ima_restore_measurement_list+0x94/0x6c0\n LR [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160\n Call Trace:\n [c00000000371fa80] [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160\n [c00000000371fb00] [c0000000020512c4] ima_init+0x80/0x108\n [c00000000371fb70] [c0000000020514dc] init_ima+0x4c/0x120\n [c00000000371fbf0] [c000000000012240] do_one_initcall+0x60/0x2c0\n [c00000000371fcc0] [c000000002004ad0] kernel_init_freeable+0x344/0x3ec\n [c00000000371fda0] [c0000000000128a4] kernel_init+0x34/0x1b0\n [c00000000371fe10] [c00000000000ce64] ret_from_kernel_thread+0x5c/0x64\n Instruction dump:\n f92100b8 f92100c0 90e10090 910100a0 4182050c 282a0017 3bc00000 40810330\n 7c0802a6 fb610198 7c9b2378 f80101d0 <a1240000> 2c090001 40820614 e9240010\n ---[ end trace 0000000000000000 ]---\n\nFix this issue by checking returned PFN range of previous kernel's\nima-kexec-buffer with page_is_ram() to ensure correct memory bounds.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50159 was patched at 2025-06-17

505. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50163) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ax25: fix incorrect dev_tracker usage While investigating a separate rose issue [1], and enabling CONFIG_NET_DEV_REFCNT_TRACKER=y, Bernard reported an orthogonal ax25 issue [2] An ax25_dev can be used by one (or many) struct ax25_cb. We thus need different dev_tracker, one per struct ax25_cb. After this patch is applied, we are able to focus on rose. [1] https://lore.kernel.org/netdev/fb7544a1-f42e-9254-18cc-c9b071f4ca70@free.fr/ [2] [ 205.798723] reference already released. [ 205.798732] allocated in: [ 205.798734] ax25_bind+0x1a2/0x230 [ax25] [ 205.798747] __sys_bind+0xea/0x110 [ 205.798753] __x64_sys_bind+0x18/0x20 [ 205.798758] do_syscall_64+0x5c/0x80 [ 205.798763] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 205.798768] freed in: [ 205.798770] ax25_release+0x115/0x370 [ax25] [ 205.798778] __sock_release+0x42/0xb0 [ 205.798782] sock_close+0x15/0x20 [ 205.798785] __fput+0x9f/0x260 [ 205.798789] ____fput+0xe/0x10 [ 205.798792] task_work_run+0x64/0xa0 [ 205.798798] exit_to_user_mode_prepare+0x18b/0x190 [ 205.798804] syscall_exit_to_user_mode+0x26/0x40 [ 205.798808] do_syscall_64+0x69/0x80 [ 205.798812] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 205.798827] ------------[ cut here ]------------ [ 205.798829] WARNING: CPU: 2 PID: 2605 at lib/ref_tracker.c:136 ref_tracker_free.cold+0x60/0x81 [ 205.798837] Modules linked in: rose netrom mkiss ax25 rfcomm cmac algif_hash algif_skcipher af_alg bnep snd_hda_codec_hdmi nls_iso8859_1 i915 rtw88_8821ce rtw88_8821c x86_pkg_temp_thermal rtw88_pci intel_powerclamp rtw88_core snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio coretemp snd_hda_intel kvm_intel snd_intel_dspcfg mac80211 snd_hda_codec kvm i2c_algo_bit drm_buddy drm_dp_helper btusb drm_kms_helper snd_hwdep btrtl snd_hda_core btbcm joydev crct10dif_pclmul btintel crc32_pclmul ghash_clmulni_intel mei_hdcp btmtk intel_rapl_msr aesni_intel bluetooth input_leds snd_pcm crypto_simd syscopyarea processor_thermal_device_pci_legacy sysfillrect cryptd intel_soc_dts_iosf snd_seq sysimgblt ecdh_generic fb_sys_fops rapl libarc4 processor_thermal_device intel_cstate processor_thermal_rfim cec snd_timer ecc snd_seq_device cfg80211 processor_thermal_mbox mei_me processor_thermal_rapl mei rc_core at24 snd intel_pch_thermal intel_rapl_common ttm soundcore int340x_thermal_zone video [ 205.798948] mac_hid acpi_pad sch_fq_codel ipmi_devintf ipmi_msghandler drm msr parport_pc ppdev lp parport ramoops pstore_blk reed_solomon pstore_zone efi_pstore ip_tables x_tables autofs4 hid_generic usbhid hid i2c_i801 i2c_smbus r8169 xhci_pci ahci libahci realtek lpc_ich xhci_pci_renesas [last unloaded: ax25] [ 205.798992] CPU: 2 PID: 2605 Comm: ax25ipd Not tainted 5.18.11-F6BVP #3 [ 205.798996] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CK3, BIOS 5.011 09/16/2020 [ 205.798999] RIP: 0010:ref_tracker_free.cold+0x60/0x81 [ 205.799005] Code: e8 d2 01 9b ff 83 7b 18 00 74 14 48 c7 c7 2f d7 ff 98 e8 10 6e fc ff 8b 7b 18 e8 b8 01 9b ff 4c 89 ee 4c 89 e7 e8 5d fd 07 00 <0f> 0b b8 ea ff ff ff e9 30 05 9b ff 41 0f b6 f7 48 c7 c7 a0 fa 4e [ 205.799008] RSP: 0018:ffffaf5281073958 EFLAGS: 00010286 [ 205.799011] RAX: 0000000080000000 RBX: ffff9a0bd687ebe0 RCX: 0000000000000000 [ 205.799014] RDX: 0000000000000001 RSI: 0000000000000282 RDI: 00000000ffffffff [ 205.799016] RBP: ffffaf5281073a10 R08: 0000000000000003 R09: fffffffffffd5618 [ 205.799019] R10: 0000000000ffff10 R11: 000000000000000f R12: ffff9a0bc53384d0 [ 205.799022] R13: 0000000000000282 R14: 00000000ae000001 R15: 0000000000000001 [ 205.799024] FS: 0000000000000000(0000) GS:ffff9a0d0f300000(0000) knlGS:0000000000000000 [ 205.799028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 205.799031] CR2: 00007ff6b8311554 CR3: 000000001ac10004 CR4: 00000000001706e0 [ 205.799033] Call Trace: [ 205.799035] <TASK> [ 205.799038] ? ax25_dev_device_down+0xd9/ ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nax25: fix incorrect dev_tracker usage\n\nWhile investigating a separate rose issue [1], and enabling\nCONFIG_NET_DEV_REFCNT_TRACKER=y, Bernard reported an orthogonal ax25 issue [2]\n\nAn ax25_dev can be used by one (or many) struct ax25_cb.\nWe thus need different dev_tracker, one per struct ax25_cb.\n\nAfter this patch is applied, we are able to focus on rose.\n\n[1] https://lore.kernel.org/netdev/fb7544a1-f42e-9254-18cc-c9b071f4ca70@free.fr/\n\n[2]\n[ 205.798723] reference already released.\n[ 205.798732] allocated in:\n[ 205.798734] ax25_bind+0x1a2/0x230 [ax25]\n[ 205.798747] __sys_bind+0xea/0x110\n[ 205.798753] __x64_sys_bind+0x18/0x20\n[ 205.798758] do_syscall_64+0x5c/0x80\n[ 205.798763] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 205.798768] freed in:\n[ 205.798770] ax25_release+0x115/0x370 [ax25]\n[ 205.798778] __sock_release+0x42/0xb0\n[ 205.798782] sock_close+0x15/0x20\n[ 205.798785] __fput+0x9f/0x260\n[ 205.798789] ____fput+0xe/0x10\n[ 205.798792] task_work_run+0x64/0xa0\n[ 205.798798] exit_to_user_mode_prepare+0x18b/0x190\n[ 205.798804] syscall_exit_to_user_mode+0x26/0x40\n[ 205.798808] do_syscall_64+0x69/0x80\n[ 205.798812] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 205.798827] ------------[ cut here ]------------\n[ 205.798829] WARNING: CPU: 2 PID: 2605 at lib/ref_tracker.c:136 ref_tracker_free.cold+0x60/0x81\n[ 205.798837] Modules linked in: rose netrom mkiss ax25 rfcomm cmac algif_hash algif_skcipher af_alg bnep snd_hda_codec_hdmi nls_iso8859_1 i915 rtw88_8821ce rtw88_8821c x86_pkg_temp_thermal rtw88_pci intel_powerclamp rtw88_core snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio coretemp snd_hda_intel kvm_intel snd_intel_dspcfg mac80211 snd_hda_codec kvm i2c_algo_bit drm_buddy drm_dp_helper btusb drm_kms_helper snd_hwdep btrtl snd_hda_core btbcm joydev crct10dif_pclmul btintel crc32_pclmul ghash_clmulni_intel mei_hdcp btmtk intel_rapl_msr aesni_intel bluetooth input_leds snd_pcm crypto_simd syscopyarea processor_thermal_device_pci_legacy sysfillrect cryptd intel_soc_dts_iosf snd_seq sysimgblt ecdh_generic fb_sys_fops rapl libarc4 processor_thermal_device intel_cstate processor_thermal_rfim cec snd_timer ecc snd_seq_device cfg80211 processor_thermal_mbox mei_me processor_thermal_rapl mei rc_core at24 snd intel_pch_thermal intel_rapl_common ttm soundcore int340x_thermal_zone video\n[ 205.798948] mac_hid acpi_pad sch_fq_codel ipmi_devintf ipmi_msghandler drm msr parport_pc ppdev lp parport ramoops pstore_blk reed_solomon pstore_zone efi_pstore ip_tables x_tables autofs4 hid_generic usbhid hid i2c_i801 i2c_smbus r8169 xhci_pci ahci libahci realtek lpc_ich xhci_pci_renesas [last unloaded: ax25]\n[ 205.798992] CPU: 2 PID: 2605 Comm: ax25ipd Not tainted 5.18.11-F6BVP #3\n[ 205.798996] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CK3, BIOS 5.011 09/16/2020\n[ 205.798999] RIP: 0010:ref_tracker_free.cold+0x60/0x81\n[ 205.799005] Code: e8 d2 01 9b ff 83 7b 18 00 74 14 48 c7 c7 2f d7 ff 98 e8 10 6e fc ff 8b 7b 18 e8 b8 01 9b ff 4c 89 ee 4c 89 e7 e8 5d fd 07 00 <0f> 0b b8 ea ff ff ff e9 30 05 9b ff 41 0f b6 f7 48 c7 c7 a0 fa 4e\n[ 205.799008] RSP: 0018:ffffaf5281073958 EFLAGS: 00010286\n[ 205.799011] RAX: 0000000080000000 RBX: ffff9a0bd687ebe0 RCX: 0000000000000000\n[ 205.799014] RDX: 0000000000000001 RSI: 0000000000000282 RDI: 00000000ffffffff\n[ 205.799016] RBP: ffffaf5281073a10 R08: 0000000000000003 R09: fffffffffffd5618\n[ 205.799019] R10: 0000000000ffff10 R11: 000000000000000f R12: ffff9a0bc53384d0\n[ 205.799022] R13: 0000000000000282 R14: 00000000ae000001 R15: 0000000000000001\n[ 205.799024] FS: 0000000000000000(0000) GS:ffff9a0d0f300000(0000) knlGS:0000000000000000\n[ 205.799028] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 205.799031] CR2: 00007ff6b8311554 CR3: 000000001ac10004 CR4: 00000000001706e0\n[ 205.799033] Call Trace:\n[ 205.799035] <TASK>\n[ 205.799038] ? ax25_dev_device_down+0xd9/\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50163 was patched at 2025-06-17

506. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50166) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in commit 76727c02c1e1 ("Bluetooth: Call drain_workqueue() before resetting state"). There is another delayed work, which will queue command to this drained workqueue. Which results in the following error report: Bluetooth: hci2: command 0x040f tx timeout WARNING: CPU: 1 PID: 18374 at kernel/workqueue.c:1438 __queue_work+0xdad/0x1140 Workqueue: events hci_cmd_timeout RIP: 0010:__queue_work+0xdad/0x1140 RSP: 0000:ffffc90002cffc60 EFLAGS: 00010093 RAX: 0000000000000000 RBX: ffff8880b9d3ec00 RCX: 0000000000000000 RDX: ffff888024ba0000 RSI: ffffffff814e048d RDI: ffff8880b9d3ec08 RBP: 0000000000000008 R08: 0000000000000000 R09: 00000000b9d39700 R10: ffffffff814f73c6 R11: 0000000000000000 R12: ffff88807cce4c60 R13: 0000000000000000 R14: ffff8880796d8800 R15: ffff8880796d8800 FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c0174b4000 CR3: 000000007cae9000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? queue_work_on+0xcb/0x110 ? lockdep_hardirqs_off+0x90/0xd0 queue_work_on+0xee/0x110 process_one_work+0x996/0x1610 ? pwq_dec_nr_in_flight+0x2a0/0x2a0 ? rwlock_bug.part.0+0x90/0x90 ? _raw_spin_lock_irq+0x41/0x50 worker_thread+0x665/0x1080 ? process_one_work+0x1610/0x1610 kthread+0x2e9/0x3a0 ? kthread_complete_and_exit+0x40/0x40 ret_from_fork+0x1f/0x30 </TASK> To fix this, we can add a new HCI_DRAIN_WQ flag, and don't queue the timeout workqueue while command workqueue is draining.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: When HCI work queue is drained, only queue chained work\n\nThe HCI command, event, and data packet processing workqueue is drained\nto avoid deadlock in commit\n76727c02c1e1 ("Bluetooth: Call drain_workqueue() before resetting state").\n\nThere is another delayed work, which will queue command to this drained\nworkqueue. Which results in the following error report:\n\nBluetooth: hci2: command 0x040f tx timeout\nWARNING: CPU: 1 PID: 18374 at kernel/workqueue.c:1438 __queue_work+0xdad/0x1140\nWorkqueue: events hci_cmd_timeout\nRIP: 0010:__queue_work+0xdad/0x1140\nRSP: 0000:ffffc90002cffc60 EFLAGS: 00010093\nRAX: 0000000000000000 RBX: ffff8880b9d3ec00 RCX: 0000000000000000\nRDX: ffff888024ba0000 RSI: ffffffff814e048d RDI: ffff8880b9d3ec08\nRBP: 0000000000000008 R08: 0000000000000000 R09: 00000000b9d39700\nR10: ffffffff814f73c6 R11: 0000000000000000 R12: ffff88807cce4c60\nR13: 0000000000000000 R14: ffff8880796d8800 R15: ffff8880796d8800\nFS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000c0174b4000 CR3: 000000007cae9000 CR4: 00000000003506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n ? queue_work_on+0xcb/0x110\n ? lockdep_hardirqs_off+0x90/0xd0\n queue_work_on+0xee/0x110\n process_one_work+0x996/0x1610\n ? pwq_dec_nr_in_flight+0x2a0/0x2a0\n ? rwlock_bug.part.0+0x90/0x90\n ? _raw_spin_lock_irq+0x41/0x50\n worker_thread+0x665/0x1080\n ? process_one_work+0x1610/0x1610\n kthread+0x2e9/0x3a0\n ? kthread_complete_and_exit+0x40/0x40\n ret_from_fork+0x1f/0x30\n </TASK>\n\nTo fix this, we can add a new HCI_DRAIN_WQ flag, and don't queue the\ntimeout workqueue while command workqueue is draining.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50166 was patched at 2025-06-17

507. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50167) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both index and elem_size are u32. Fix this everywhere by forcing 64-bit multiplication. Extract this formula into separate small helper and use it consistently in various places. Speculative-preventing formula utilizing index_mask trick is left as is, but explicit u64 casts are added in both places.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix potential 32-bit overflow when accessing ARRAY map element\n\nIf BPF array map is bigger than 4GB, element pointer calculation can\noverflow because both index and elem_size are u32. Fix this everywhere\nby forcing 64-bit multiplication. Extract this formula into separate\nsmall helper and use it consistently in various places.\n\nSpeculative-preventing formula utilizing index_mask trick is left as is,\nbut explicit u64 casts are added in both places.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50167 was patched at 2025-06-17

508. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50168) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: bpf, x86: fix freeing of not-finalized bpf_prog_pack syzbot reported a few issues with bpf_prog_pack [1], [2]. This only happens with multiple subprogs. In jit_subprogs(), we first call bpf_int_jit_compile() on each sub program. And then, we call it on each sub program again. jit_data is not freed in the first call of bpf_int_jit_compile(). Similarly we don't call bpf_jit_binary_pack_finalize() in the first call of bpf_int_jit_compile(). If bpf_int_jit_compile() failed for one sub program, we will call bpf_jit_binary_pack_finalize() for this sub program. However, we don't have a chance to call it for other sub programs. Then we will hit "goto out_free" in jit_subprogs(), and call bpf_jit_free on some subprograms that haven't got bpf_jit_binary_pack_finalize() yet. At this point, bpf_jit_binary_pack_free() is called and the whole 2MB page is freed erroneously. Fix this with a custom bpf_jit_free() for x86_64, which calls bpf_jit_binary_pack_finalize() if necessary. Also, with custom bpf_jit_free(), bpf_prog_aux->use_bpf_prog_pack is not needed any more, remove it. [1] https://syzkaller.appspot.com/bug?extid=2f649ec6d2eea1495a8f [2] https://syzkaller.appspot.com/bug?extid=87f65c75f4a72db05445', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, x86: fix freeing of not-finalized bpf_prog_pack\n\nsyzbot reported a few issues with bpf_prog_pack [1], [2]. This only happens\nwith multiple subprogs. In jit_subprogs(), we first call bpf_int_jit_compile()\non each sub program. And then, we call it on each sub program again. jit_data\nis not freed in the first call of bpf_int_jit_compile(). Similarly we don't\ncall bpf_jit_binary_pack_finalize() in the first call of bpf_int_jit_compile().\n\nIf bpf_int_jit_compile() failed for one sub program, we will call\nbpf_jit_binary_pack_finalize() for this sub program. However, we don't have a\nchance to call it for other sub programs. Then we will hit "goto out_free" in\njit_subprogs(), and call bpf_jit_free on some subprograms that haven't got\nbpf_jit_binary_pack_finalize() yet.\n\nAt this point, bpf_jit_binary_pack_free() is called and the whole 2MB page is\nfreed erroneously.\n\nFix this with a custom bpf_jit_free() for x86_64, which calls\nbpf_jit_binary_pack_finalize() if necessary. Also, with custom\nbpf_jit_free(), bpf_prog_aux->use_bpf_prog_pack is not needed any more,\nremove it.\n\n[1] https://syzkaller.appspot.com/bug?extid=2f649ec6d2eea1495a8f\n[2] https://syzkaller.appspot.com/bug?extid=87f65c75f4a72db05445', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50168 was patched at 2025-06-17

509. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50171) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - don't sleep when in softirq When kunpeng920 encryption driver is used to deencrypt and decrypt packets during the softirq, it is not allowed to use mutex lock. The kernel will report the following error: BUG: scheduling while atomic: swapper/57/0/0x00000300 Call trace: dump_backtrace+0x0/0x1e4 show_stack+0x20/0x2c dump_stack+0xd8/0x140 __schedule_bug+0x68/0x80 __schedule+0x728/0x840 schedule+0x50/0xe0 schedule_preempt_disabled+0x18/0x24 __mutex_lock.constprop.0+0x594/0x5dc __mutex_lock_slowpath+0x1c/0x30 mutex_lock+0x50/0x60 sec_request_init+0x8c/0x1a0 [hisi_sec2] sec_process+0x28/0x1ac [hisi_sec2] sec_skcipher_crypto+0xf4/0x1d4 [hisi_sec2] sec_skcipher_encrypt+0x1c/0x30 [hisi_sec2] crypto_skcipher_encrypt+0x2c/0x40 crypto_authenc_encrypt+0xc8/0xfc [authenc] crypto_aead_encrypt+0x2c/0x40 echainiv_encrypt+0x144/0x1a0 [echainiv] crypto_aead_encrypt+0x2c/0x40 esp_output_tail+0x348/0x5c0 [esp4] esp_output+0x120/0x19c [esp4] xfrm_output_one+0x25c/0x4d4 xfrm_output_resume+0x6c/0x1fc xfrm_output+0xac/0x3c0 xfrm4_output+0x64/0x130 ip_build_and_send_pkt+0x158/0x20c tcp_v4_send_synack+0xdc/0x1f0 tcp_conn_request+0x7d0/0x994 tcp_v4_conn_request+0x58/0x6c tcp_v6_conn_request+0xf0/0x100 tcp_rcv_state_process+0x1cc/0xd60 tcp_v4_do_rcv+0x10c/0x250 tcp_v4_rcv+0xfc4/0x10a4 ip_protocol_deliver_rcu+0xf4/0x200 ip_local_deliver_finish+0x58/0x70 ip_local_deliver+0x68/0x120 ip_sublist_rcv_finish+0x70/0x94 ip_list_rcv_finish.constprop.0+0x17c/0x1d0 ip_sublist_rcv+0x40/0xb0 ip_list_rcv+0x140/0x1dc __netif_receive_skb_list_core+0x154/0x28c __netif_receive_skb_list+0x120/0x1a0 netif_receive_skb_list_internal+0xe4/0x1f0 napi_complete_done+0x70/0x1f0 gro_cell_poll+0x9c/0xb0 napi_poll+0xcc/0x264 net_rx_action+0xd4/0x21c __do_softirq+0x130/0x358 irq_exit+0x11c/0x13c __handle_domain_irq+0x88/0xf0 gic_handle_irq+0x78/0x2c0 el1_irq+0xb8/0x140 arch_cpu_idle+0x18/0x40 default_idle_call+0x5c/0x1c0 cpuidle_idle_call+0x174/0x1b0 do_idle+0xc8/0x160 cpu_startup_entry+0x30/0x11c secondary_start_kernel+0x158/0x1e4 softirq: huh, entered softirq 3 NET_RX 0000000093774ee4 with preempt_count 00000100, exited with fffffe00?', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/sec - don't sleep when in softirq\n\nWhen kunpeng920 encryption driver is used to deencrypt and decrypt\npackets during the softirq, it is not allowed to use mutex lock. The\nkernel will report the following error:\n\nBUG: scheduling while atomic: swapper/57/0/0x00000300\nCall trace:\ndump_backtrace+0x0/0x1e4\nshow_stack+0x20/0x2c\ndump_stack+0xd8/0x140\n__schedule_bug+0x68/0x80\n__schedule+0x728/0x840\nschedule+0x50/0xe0\nschedule_preempt_disabled+0x18/0x24\n__mutex_lock.constprop.0+0x594/0x5dc\n__mutex_lock_slowpath+0x1c/0x30\nmutex_lock+0x50/0x60\nsec_request_init+0x8c/0x1a0 [hisi_sec2]\nsec_process+0x28/0x1ac [hisi_sec2]\nsec_skcipher_crypto+0xf4/0x1d4 [hisi_sec2]\nsec_skcipher_encrypt+0x1c/0x30 [hisi_sec2]\ncrypto_skcipher_encrypt+0x2c/0x40\ncrypto_authenc_encrypt+0xc8/0xfc [authenc]\ncrypto_aead_encrypt+0x2c/0x40\nechainiv_encrypt+0x144/0x1a0 [echainiv]\ncrypto_aead_encrypt+0x2c/0x40\nesp_output_tail+0x348/0x5c0 [esp4]\nesp_output+0x120/0x19c [esp4]\nxfrm_output_one+0x25c/0x4d4\nxfrm_output_resume+0x6c/0x1fc\nxfrm_output+0xac/0x3c0\nxfrm4_output+0x64/0x130\nip_build_and_send_pkt+0x158/0x20c\ntcp_v4_send_synack+0xdc/0x1f0\ntcp_conn_request+0x7d0/0x994\ntcp_v4_conn_request+0x58/0x6c\ntcp_v6_conn_request+0xf0/0x100\ntcp_rcv_state_process+0x1cc/0xd60\ntcp_v4_do_rcv+0x10c/0x250\ntcp_v4_rcv+0xfc4/0x10a4\nip_protocol_deliver_rcu+0xf4/0x200\nip_local_deliver_finish+0x58/0x70\nip_local_deliver+0x68/0x120\nip_sublist_rcv_finish+0x70/0x94\nip_list_rcv_finish.constprop.0+0x17c/0x1d0\nip_sublist_rcv+0x40/0xb0\nip_list_rcv+0x140/0x1dc\n__netif_receive_skb_list_core+0x154/0x28c\n__netif_receive_skb_list+0x120/0x1a0\nnetif_receive_skb_list_internal+0xe4/0x1f0\nnapi_complete_done+0x70/0x1f0\ngro_cell_poll+0x9c/0xb0\nnapi_poll+0xcc/0x264\nnet_rx_action+0xd4/0x21c\n__do_softirq+0x130/0x358\nirq_exit+0x11c/0x13c\n__handle_domain_irq+0x88/0xf0\ngic_handle_irq+0x78/0x2c0\nel1_irq+0xb8/0x140\narch_cpu_idle+0x18/0x40\ndefault_idle_call+0x5c/0x1c0\ncpuidle_idle_call+0x174/0x1b0\ndo_idle+0xc8/0x160\ncpu_startup_entry+0x30/0x11c\nsecondary_start_kernel+0x158/0x1e4\nsoftirq: huh, entered softirq 3 NET_RX 0000000093774ee4 with\npreempt_count 00000100, exited with fffffe00?', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.0152

debian: CVE-2022-50171 was patched at 2025-06-17

510. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50174) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: hinic: avoid kernel hung in hinic_get_stats64() When using hinic device as a bond slave device, and reading device stats of master bond device, the kernel may hung. The kernel panic calltrace as follows: Kernel panic - not syncing: softlockup: hung tasks Call trace: native_queued_spin_lock_slowpath+0x1ec/0x31c dev_get_stats+0x60/0xcc dev_seq_printf_stats+0x40/0x120 dev_seq_show+0x1c/0x40 seq_read_iter+0x3c8/0x4dc seq_read+0xe0/0x130 proc_reg_read+0xa8/0xe0 vfs_read+0xb0/0x1d4 ksys_read+0x70/0xfc __arm64_sys_read+0x20/0x30 el0_svc_common+0x88/0x234 do_el0_svc+0x2c/0x90 el0_svc+0x1c/0x30 el0_sync_handler+0xa8/0xb0 el0_sync+0x148/0x180 And the calltrace of task that actually caused kernel hungs as follows: __switch_to+124 __schedule+548 schedule+72 schedule_timeout+348 __down_common+188 __down+24 down+104 hinic_get_stats64+44 [hinic] dev_get_stats+92 bond_get_stats+172 [bonding] dev_get_stats+92 dev_seq_printf_stats+60 dev_seq_show+24 seq_read_iter+964 seq_read+220 proc_reg_read+164 vfs_read+172 ksys_read+108 __arm64_sys_read+28 el0_svc_common+132 do_el0_svc+40 el0_svc+24 el0_sync_handler+164 el0_sync+324 When getting device stats from bond, kernel will call bond_get_stats(). It first holds the spinlock bond->stats_lock, and then call hinic_get_stats64() to collect hinic device's stats. However, hinic_get_stats64() calls `down(&nic_dev->mgmt_lock)` to protect its critical section, which may schedule current task out. And if system is under high pressure, the task cannot be woken up immediately, which eventually triggers kernel hung panic. Since previous patch has replaced hinic_dev.tx_stats/rx_stats with local variable in hinic_get_stats64(), there is nothing need to be protected by lock, so just removing down()/up() is ok.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hinic: avoid kernel hung in hinic_get_stats64()\n\nWhen using hinic device as a bond slave device, and reading device stats\nof master bond device, the kernel may hung.\n\nThe kernel panic calltrace as follows:\nKernel panic - not syncing: softlockup: hung tasks\nCall trace:\n native_queued_spin_lock_slowpath+0x1ec/0x31c\n dev_get_stats+0x60/0xcc\n dev_seq_printf_stats+0x40/0x120\n dev_seq_show+0x1c/0x40\n seq_read_iter+0x3c8/0x4dc\n seq_read+0xe0/0x130\n proc_reg_read+0xa8/0xe0\n vfs_read+0xb0/0x1d4\n ksys_read+0x70/0xfc\n __arm64_sys_read+0x20/0x30\n el0_svc_common+0x88/0x234\n do_el0_svc+0x2c/0x90\n el0_svc+0x1c/0x30\n el0_sync_handler+0xa8/0xb0\n el0_sync+0x148/0x180\n\nAnd the calltrace of task that actually caused kernel hungs as follows:\n __switch_to+124\n __schedule+548\n schedule+72\n schedule_timeout+348\n __down_common+188\n __down+24\n down+104\n hinic_get_stats64+44 [hinic]\n dev_get_stats+92\n bond_get_stats+172 [bonding]\n dev_get_stats+92\n dev_seq_printf_stats+60\n dev_seq_show+24\n seq_read_iter+964\n seq_read+220\n proc_reg_read+164\n vfs_read+172\n ksys_read+108\n __arm64_sys_read+28\n el0_svc_common+132\n do_el0_svc+40\n el0_svc+24\n el0_sync_handler+164\n el0_sync+324\n\nWhen getting device stats from bond, kernel will call bond_get_stats().\nIt first holds the spinlock bond->stats_lock, and then call\nhinic_get_stats64() to collect hinic device's stats.\nHowever, hinic_get_stats64() calls `down(&nic_dev->mgmt_lock)` to\nprotect its critical section, which may schedule current task out.\nAnd if system is under high pressure, the task cannot be woken up\nimmediately, which eventually triggers kernel hung panic.\n\nSince previous patch has replaced hinic_dev.tx_stats/rx_stats with local\nvariable in hinic_get_stats64(), there is nothing need to be protected\nby lock, so just removing down()/up() is ok.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50174 was patched at 2025-06-17

511. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50177) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: rcutorture: Fix ksoftirqd boosting timing and iteration The RCU priority boosting can fail in two situations: 1) If (nr_cpus= > maxcpus=), which means if the total number of CPUs is higher than those brought online at boot, then torture_onoff() may later bring up CPUs that weren't online on boot. Now since rcutorture initialization only boosts the ksoftirqds of the CPUs that have been set online on boot, the CPUs later set online by torture_onoff won't benefit from the boost, making RCU priority boosting fail. 2) The ksoftirqd kthreads are boosted after the creation of rcu_torture_boost() kthreads, which opens a window large enough for these rcu_torture_boost() kthreads to wait (despite running at FIFO priority) for ksoftirqds that are still running at SCHED_NORMAL priority. The issues can trigger for example with: \t./kvm.sh --configs TREE01 --kconfig "CONFIG_RCU_BOOST=y" \t[ 34.968561] rcu-torture: !!! \t[ 34.968627] ------------[ cut here ]------------ \t[ 35.014054] WARNING: CPU: 4 PID: 114 at kernel/rcu/rcutorture.c:1979 rcu_torture_stats_print+0x5ad/0x610 \t[ 35.052043] Modules linked in: \t[ 35.069138] CPU: 4 PID: 114 Comm: rcu_torture_sta Not tainted 5.18.0-rc1 #1 \t[ 35.096424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014 \t[ 35.154570] RIP: 0010:rcu_torture_stats_print+0x5ad/0x610 \t[ 35.198527] Code: 63 1b 02 00 74 02 0f 0b 48 83 3d 35 63 1b 02 00 74 02 0f 0b 48 83 3d 21 63 1b 02 00 74 02 0f 0b 48 83 3d 0d 63 1b 02 00 74 02 <0f> 0b 83 eb 01 0f 8e ba fc ff ff 0f 0b e9 b3 fc ff f82 \t[ 37.251049] RSP: 0000:ffffa92a0050bdf8 EFLAGS: 00010202 \t[ 37.277320] rcu: De-offloading 8 \t[ 37.290367] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001 \t[ 37.290387] RDX: 0000000000000000 RSI: 00000000ffffbfff RDI: 00000000ffffffff \t[ 37.290398] RBP: 000000000000007b R08: 0000000000000000 R09: c0000000ffffbfff \t[ 37.290407] R10: 000000000000002a R11: ffffa92a0050bc18 R12: ffffa92a0050be20 \t[ 37.290417] R13: ffffa92a0050be78 R14: 0000000000000000 R15: 000000000001bea0 \t[ 37.290427] FS: 0000000000000000(0000) GS:ffff96045eb00000(0000) knlGS:0000000000000000 \t[ 37.290448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \t[ 37.290460] CR2: 0000000000000000 CR3: 000000001dc0c000 CR4: 00000000000006e0 \t[ 37.290470] Call Trace: \t[ 37.295049] <TASK> \t[ 37.295065] ? preempt_count_add+0x63/0x90 \t[ 37.295095] ? _raw_spin_lock_irqsave+0x12/0x40 \t[ 37.295125] ? rcu_torture_stats_print+0x610/0x610 \t[ 37.295143] rcu_torture_stats+0x29/0x70 \t[ 37.295160] kthread+0xe3/0x110 \t[ 37.295176] ? kthread_complete_and_exit+0x20/0x20 \t[ 37.295193] ret_from_fork+0x22/0x30 \t[ 37.295218] </TASK> Fix this with boosting the ksoftirqds kthreads from the boosting hotplug callback itself and before the boosting kthreads are created.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrcutorture: Fix ksoftirqd boosting timing and iteration\n\nThe RCU priority boosting can fail in two situations:\n\n1) If (nr_cpus= > maxcpus=), which means if the total number of CPUs\nis higher than those brought online at boot, then torture_onoff() may\nlater bring up CPUs that weren't online on boot. Now since rcutorture\ninitialization only boosts the ksoftirqds of the CPUs that have been\nset online on boot, the CPUs later set online by torture_onoff won't\nbenefit from the boost, making RCU priority boosting fail.\n\n2) The ksoftirqd kthreads are boosted after the creation of\nrcu_torture_boost() kthreads, which opens a window large enough for these\nrcu_torture_boost() kthreads to wait (despite running at FIFO priority)\nfor ksoftirqds that are still running at SCHED_NORMAL priority.\n\nThe issues can trigger for example with:\n\n\t./kvm.sh --configs TREE01 --kconfig "CONFIG_RCU_BOOST=y"\n\n\t[ 34.968561] rcu-torture: !!!\n\t[ 34.968627] ------------[ cut here ]------------\n\t[ 35.014054] WARNING: CPU: 4 PID: 114 at kernel/rcu/rcutorture.c:1979 rcu_torture_stats_print+0x5ad/0x610\n\t[ 35.052043] Modules linked in:\n\t[ 35.069138] CPU: 4 PID: 114 Comm: rcu_torture_sta Not tainted 5.18.0-rc1 #1\n\t[ 35.096424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014\n\t[ 35.154570] RIP: 0010:rcu_torture_stats_print+0x5ad/0x610\n\t[ 35.198527] Code: 63 1b 02 00 74 02 0f 0b 48 83 3d 35 63 1b 02 00 74 02 0f 0b 48 83 3d 21 63 1b 02 00 74 02 0f 0b 48 83 3d 0d 63 1b 02 00 74 02 <0f> 0b 83 eb 01 0f 8e ba fc ff ff 0f 0b e9 b3 fc ff f82\n\t[ 37.251049] RSP: 0000:ffffa92a0050bdf8 EFLAGS: 00010202\n\t[ 37.277320] rcu: De-offloading 8\n\t[ 37.290367] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000001\n\t[ 37.290387] RDX: 0000000000000000 RSI: 00000000ffffbfff RDI: 00000000ffffffff\n\t[ 37.290398] RBP: 000000000000007b R08: 0000000000000000 R09: c0000000ffffbfff\n\t[ 37.290407] R10: 000000000000002a R11: ffffa92a0050bc18 R12: ffffa92a0050be20\n\t[ 37.290417] R13: ffffa92a0050be78 R14: 0000000000000000 R15: 000000000001bea0\n\t[ 37.290427] FS: 0000000000000000(0000) GS:ffff96045eb00000(0000) knlGS:0000000000000000\n\t[ 37.290448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\t[ 37.290460] CR2: 0000000000000000 CR3: 000000001dc0c000 CR4: 00000000000006e0\n\t[ 37.290470] Call Trace:\n\t[ 37.295049] <TASK>\n\t[ 37.295065] ? preempt_count_add+0x63/0x90\n\t[ 37.295095] ? _raw_spin_lock_irqsave+0x12/0x40\n\t[ 37.295125] ? rcu_torture_stats_print+0x610/0x610\n\t[ 37.295143] rcu_torture_stats+0x29/0x70\n\t[ 37.295160] kthread+0xe3/0x110\n\t[ 37.295176] ? kthread_complete_and_exit+0x20/0x20\n\t[ 37.295193] ret_from_fork+0x22/0x30\n\t[ 37.295218] </TASK>\n\nFix this with boosting the ksoftirqds kthreads from the boosting\nhotplug callback itself and before the boosting kthreads are created.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50177 was patched at 2025-06-17

512. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50178) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: 8852a: rfk: fix div 0 exception The DPK is a kind of RF calibration whose algorithm is to fine tune parameters and calibrate, and check the result. If the result isn't good enough, it could adjust parameters and try again. This issue is to read and show the result, but it could be a negative calibration result that causes divisor 0 and core dump. So, fix it by phy_div() that does division only if divisor isn't zero; otherwise, zero is adopted. divide error: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 728 Comm: wpa_supplicant Not tainted 5.10.114-16019-g462a1661811a #1 <HASH:d024 28> RIP: 0010:rtw8852a_dpk+0x14ae/0x288f [rtw89_core] RSP: 0018:ffffa9bb412a7520 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00000000000180fc RDI: ffffa141d01023c0 RBP: ffffa9bb412a76a0 R08: 0000000000001319 R09: 00000000ffffff92 R10: ffffffffc0292de3 R11: ffffffffc00d2f51 R12: 0000000000000000 R13: ffffa141d01023c0 R14: ffffffffc0290250 R15: ffffa141d0102638 FS: 00007fa99f5c2740(0000) GS:ffffa142e5e80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000013e8e010 CR3: 0000000110d2c000 CR4: 0000000000750ee0 PKRU: 55555554 Call Trace: rtw89_core_sta_add+0x95/0x9c [rtw89_core <HASH:d239 29>] rtw89_ops_sta_state+0x5d/0x108 [rtw89_core <HASH:d239 29>] drv_sta_state+0x115/0x66f [mac80211 <HASH:81fe 30>] sta_info_insert_rcu+0x45c/0x713 [mac80211 <HASH:81fe 30>] sta_info_insert+0xf/0x1b [mac80211 <HASH:81fe 30>] ieee80211_prep_connection+0x9d6/0xb0c [mac80211 <HASH:81fe 30>] ieee80211_mgd_auth+0x2aa/0x352 [mac80211 <HASH:81fe 30>] cfg80211_mlme_auth+0x160/0x1f6 [cfg80211 <HASH:00cd 31>] nl80211_authenticate+0x2e5/0x306 [cfg80211 <HASH:00cd 31>] genl_rcv_msg+0x371/0x3a1 ? nl80211_stop_sched_scan+0xe5/0xe5 [cfg80211 <HASH:00cd 31>] ? genl_rcv+0x36/0x36 netlink_rcv_skb+0x8a/0xf9 genl_rcv+0x28/0x36 netlink_unicast+0x27b/0x3a0 netlink_sendmsg+0x2aa/0x469 sock_sendmsg_nosec+0x49/0x4d ____sys_sendmsg+0xe5/0x213 __sys_sendmsg+0xec/0x157 ? syscall_enter_from_user_mode+0xd7/0x116 do_syscall_64+0x43/0x55 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fa99f6e689b', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: 8852a: rfk: fix div 0 exception\n\nThe DPK is a kind of RF calibration whose algorithm is to fine tune\nparameters and calibrate, and check the result. If the result isn't good\nenough, it could adjust parameters and try again.\n\nThis issue is to read and show the result, but it could be a negative\ncalibration result that causes divisor 0 and core dump. So, fix it by\nphy_div() that does division only if divisor isn't zero; otherwise,\nzero is adopted.\n\n divide error: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 728 Comm: wpa_supplicant Not tainted 5.10.114-16019-g462a1661811a #1 <HASH:d024 28>\n RIP: 0010:rtw8852a_dpk+0x14ae/0x288f [rtw89_core]\n RSP: 0018:ffffa9bb412a7520 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 00000000000180fc RDI: ffffa141d01023c0\n RBP: ffffa9bb412a76a0 R08: 0000000000001319 R09: 00000000ffffff92\n R10: ffffffffc0292de3 R11: ffffffffc00d2f51 R12: 0000000000000000\n R13: ffffa141d01023c0 R14: ffffffffc0290250 R15: ffffa141d0102638\n FS: 00007fa99f5c2740(0000) GS:ffffa142e5e80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000013e8e010 CR3: 0000000110d2c000 CR4: 0000000000750ee0\n PKRU: 55555554\n Call Trace:\n rtw89_core_sta_add+0x95/0x9c [rtw89_core <HASH:d239 29>]\n rtw89_ops_sta_state+0x5d/0x108 [rtw89_core <HASH:d239 29>]\n drv_sta_state+0x115/0x66f [mac80211 <HASH:81fe 30>]\n sta_info_insert_rcu+0x45c/0x713 [mac80211 <HASH:81fe 30>]\n sta_info_insert+0xf/0x1b [mac80211 <HASH:81fe 30>]\n ieee80211_prep_connection+0x9d6/0xb0c [mac80211 <HASH:81fe 30>]\n ieee80211_mgd_auth+0x2aa/0x352 [mac80211 <HASH:81fe 30>]\n cfg80211_mlme_auth+0x160/0x1f6 [cfg80211 <HASH:00cd 31>]\n nl80211_authenticate+0x2e5/0x306 [cfg80211 <HASH:00cd 31>]\n genl_rcv_msg+0x371/0x3a1\n ? nl80211_stop_sched_scan+0xe5/0xe5 [cfg80211 <HASH:00cd 31>]\n ? genl_rcv+0x36/0x36\n netlink_rcv_skb+0x8a/0xf9\n genl_rcv+0x28/0x36\n netlink_unicast+0x27b/0x3a0\n netlink_sendmsg+0x2aa/0x469\n sock_sendmsg_nosec+0x49/0x4d\n ____sys_sendmsg+0xe5/0x213\n __sys_sendmsg+0xec/0x157\n ? syscall_enter_from_user_mode+0xd7/0x116\n do_syscall_64+0x43/0x55\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n RIP: 0033:0x7fa99f6e689b', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50178 was patched at 2025-06-17

513. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50181) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset() and it will lead to a NULL dereference by a lately use of it (i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check. [ kraxel: minor codestyle fixup ]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-gpu: fix a missing check to avoid NULL dereference\n\n'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset()\nand it will lead to a NULL dereference by a lately use of it\n(i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check.\n\n\n[ kraxel: minor codestyle fixup ]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50181 was patched at 2025-06-17

514. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50182) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Align upwards buffer size The hardware can support any image size WxH, with arbitrary W (image width) and H (image height) dimensions. Align upwards buffer size for both encoder and decoder. and leave the picture resolution unchanged. For decoder, the risk of memory out of bounds can be avoided. For both encoder and decoder, the driver will lift the limitation of resolution alignment. For example, the decoder can support jpeg whose resolution is 227x149 the encoder can support nv12 1080P, won't change it to 1920x1072.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Align upwards buffer size\n\nThe hardware can support any image size WxH,\nwith arbitrary W (image width) and H (image height) dimensions.\n\nAlign upwards buffer size for both encoder and decoder.\nand leave the picture resolution unchanged.\n\nFor decoder, the risk of memory out of bounds can be avoided.\nFor both encoder and decoder, the driver will lift the limitation of\nresolution alignment.\n\nFor example, the decoder can support jpeg whose resolution is 227x149\nthe encoder can support nv12 1080P, won't change it to 1920x1072.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50182 was patched at 2025-06-17

515. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50183) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoder_cvbs: Fix refcount leak in meson_encoder_cvbs_init of_graph_get_remote_node() returns remote device nodepointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: encoder_cvbs: Fix refcount leak in meson_encoder_cvbs_init\n\nof_graph_get_remote_node() returns remote device nodepointer with\nrefcount incremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50183 was patched at 2025-06-17

516. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50184) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init of_graph_get_remote_node() returns remote device nodepointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: encoder_hdmi: Fix refcount leak in meson_encoder_hdmi_init\n\nof_graph_get_remote_node() returns remote device nodepointer with\nrefcount incremented, we should use of_node_put() on it when done.\nAdd missing of_node_put() to avoid refcount leak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50184 was patched at 2025-06-17

517. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50187) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ath11k: fix netdev open race Make sure to allocate resources needed before registering the device. This specifically avoids having a racing open() trigger a BUG_ON() in mod_timer() when ath11k_mac_op_start() is called before the mon_reap_timer as been set up. I did not see this issue with next-20220310, but I hit it on every probe with next-20220511. Perhaps some timing changed in between. Here's the backtrace: [ 51.346947] kernel BUG at kernel/time/timer.c:990! [ 51.346958] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ... [ 51.578225] Call trace: [ 51.583293] __mod_timer+0x298/0x390 [ 51.589518] mod_timer+0x14/0x20 [ 51.595368] ath11k_mac_op_start+0x41c/0x4a0 [ath11k] [ 51.603165] drv_start+0x38/0x60 [mac80211] [ 51.610110] ieee80211_do_open+0x29c/0x7d0 [mac80211] [ 51.617945] ieee80211_open+0x60/0xb0 [mac80211] [ 51.625311] __dev_open+0x100/0x1c0 [ 51.631420] __dev_change_flags+0x194/0x210 [ 51.638214] dev_change_flags+0x24/0x70 [ 51.644646] do_setlink+0x228/0xdb0 [ 51.650723] __rtnl_newlink+0x460/0x830 [ 51.657162] rtnl_newlink+0x4c/0x80 [ 51.663229] rtnetlink_rcv_msg+0x124/0x390 [ 51.669917] netlink_rcv_skb+0x58/0x130 [ 51.676314] rtnetlink_rcv+0x18/0x30 [ 51.682460] netlink_unicast+0x250/0x310 [ 51.688960] netlink_sendmsg+0x19c/0x3e0 [ 51.695458] ____sys_sendmsg+0x220/0x290 [ 51.701938] ___sys_sendmsg+0x7c/0xc0 [ 51.708148] __sys_sendmsg+0x68/0xd0 [ 51.714254] __arm64_sys_sendmsg+0x28/0x40 [ 51.720900] invoke_syscall+0x48/0x120 Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: fix netdev open race\n\nMake sure to allocate resources needed before registering the device.\n\nThis specifically avoids having a racing open() trigger a BUG_ON() in\nmod_timer() when ath11k_mac_op_start() is called before the\nmon_reap_timer as been set up.\n\nI did not see this issue with next-20220310, but I hit it on every probe\nwith next-20220511. Perhaps some timing changed in between.\n\nHere's the backtrace:\n\n[ 51.346947] kernel BUG at kernel/time/timer.c:990!\n[ 51.346958] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\n...\n[ 51.578225] Call trace:\n[ 51.583293] __mod_timer+0x298/0x390\n[ 51.589518] mod_timer+0x14/0x20\n[ 51.595368] ath11k_mac_op_start+0x41c/0x4a0 [ath11k]\n[ 51.603165] drv_start+0x38/0x60 [mac80211]\n[ 51.610110] ieee80211_do_open+0x29c/0x7d0 [mac80211]\n[ 51.617945] ieee80211_open+0x60/0xb0 [mac80211]\n[ 51.625311] __dev_open+0x100/0x1c0\n[ 51.631420] __dev_change_flags+0x194/0x210\n[ 51.638214] dev_change_flags+0x24/0x70\n[ 51.644646] do_setlink+0x228/0xdb0\n[ 51.650723] __rtnl_newlink+0x460/0x830\n[ 51.657162] rtnl_newlink+0x4c/0x80\n[ 51.663229] rtnetlink_rcv_msg+0x124/0x390\n[ 51.669917] netlink_rcv_skb+0x58/0x130\n[ 51.676314] rtnetlink_rcv+0x18/0x30\n[ 51.682460] netlink_unicast+0x250/0x310\n[ 51.688960] netlink_sendmsg+0x19c/0x3e0\n[ 51.695458] ____sys_sendmsg+0x220/0x290\n[ 51.701938] ___sys_sendmsg+0x7c/0xc0\n[ 51.708148] __sys_sendmsg+0x68/0xd0\n[ 51.714254] __arm64_sys_sendmsg+0x28/0x40\n[ 51.720900] invoke_syscall+0x48/0x120\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50187 was patched at 2025-06-17

518. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50188) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount leak in meson_encoder_hdmi_init of_find_device_by_node() takes reference, we should use put_device() to release it when not need anymore. Add missing put_device() in error path to avoid refcount leak.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: Fix refcount leak in meson_encoder_hdmi_init\n\nof_find_device_by_node() takes reference, we should use put_device()\nto release it when not need anymore.\nAdd missing put_device() in error path to avoid refcount\nleak.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50188 was patched at 2025-06-17

519. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50189) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix file pointer leak Currently if a fscanf fails then an early return leaks an open file pointer. Fix this by fclosing the file before the return. Detected using static analysis with cppcheck: tools/power/x86/turbostat/turbostat.c:2039:3: error: Resource leak: fp [resourceLeak]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntools/power turbostat: Fix file pointer leak\n\nCurrently if a fscanf fails then an early return leaks an open\nfile pointer. Fix this by fclosing the file before the return.\nDetected using static analysis with cppcheck:\n\ntools/power/x86/turbostat/turbostat.c:2039:3: error: Resource leak: fp [resourceLeak]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50189 was patched at 2025-06-17

520. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50190) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: spi: Fix simplification of devm_spi_register_controller This reverts commit 59ebbe40fb51 ("spi: simplify devm_spi_register_controller"). If devm_add_action() fails in devm_add_action_or_reset(), devm_spi_unregister() will be called, it decreases the refcount of 'ctlr->dev' to 0, then it will cause uaf in the drivers that calling spi_put_controller() in error path.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix simplification of devm_spi_register_controller\n\nThis reverts commit 59ebbe40fb51 ("spi: simplify\ndevm_spi_register_controller").\n\nIf devm_add_action() fails in devm_add_action_or_reset(),\ndevm_spi_unregister() will be called, it decreases the\nrefcount of 'ctlr->dev' to 0, then it will cause uaf in\nthe drivers that calling spi_put_controller() in error path.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50190 was patched at 2025-06-17

521. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50192) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: spi: tegra20-slink: fix UAF in tegra_slink_remove() After calling spi_unregister_master(), the refcount of master will be decrease to 0, and it will be freed in spi_controller_release(), the device data also will be freed, so it will lead a UAF when using 'tspi'. To fix this, get the master before unregister and put it when finish using it.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra20-slink: fix UAF in tegra_slink_remove()\n\nAfter calling spi_unregister_master(), the refcount of master will\nbe decrease to 0, and it will be freed in spi_controller_release(),\nthe device data also will be freed, so it will lead a UAF when using\n'tspi'. To fix this, get the master before unregister and put it when\nfinish using it.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50192 was patched at 2025-06-17

522. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50193) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: erofs: wake up all waiters after z_erofs_lzma_head ready When the user mounts the erofs second times, the decompression thread may hung. The problem happens due to a sequence of steps like the following: 1) Task A called z_erofs_load_lzma_config which obtain all of the node from the z_erofs_lzma_head. 2) At this time, task B called the z_erofs_lzma_decompress and wanted to get a node. But the z_erofs_lzma_head was empty, the Task B had to sleep. 3) Task A release nodes and push nodes into the z_erofs_lzma_head. But task B was still sleeping. One example report when the hung happens: task:kworker/u3:1 state:D stack:14384 pid: 86 ppid: 2 flags:0x00004000 Workqueue: erofs_unzipd z_erofs_decompressqueue_work Call Trace: <TASK> __schedule+0x281/0x760 schedule+0x49/0xb0 z_erofs_lzma_decompress+0x4bc/0x580 ? cpu_core_flags+0x10/0x10 z_erofs_decompress_pcluster+0x49b/0xba0 ? __update_load_avg_se+0x2b0/0x330 ? __update_load_avg_se+0x2b0/0x330 ? update_load_avg+0x5f/0x690 ? update_load_avg+0x5f/0x690 ? set_next_entity+0xbd/0x110 ? _raw_spin_unlock+0xd/0x20 z_erofs_decompress_queue.isra.0+0x2e/0x50 z_erofs_decompressqueue_work+0x30/0x60 process_one_work+0x1d3/0x3a0 worker_thread+0x45/0x3a0 ? process_one_work+0x3a0/0x3a0 kthread+0xe2/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 </TASK>', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: wake up all waiters after z_erofs_lzma_head ready\n\nWhen the user mounts the erofs second times, the decompression thread\nmay hung. The problem happens due to a sequence of steps like the\nfollowing:\n\n1) Task A called z_erofs_load_lzma_config which obtain all of the node\n from the z_erofs_lzma_head.\n\n2) At this time, task B called the z_erofs_lzma_decompress and wanted to\n get a node. But the z_erofs_lzma_head was empty, the Task B had to\n sleep.\n\n3) Task A release nodes and push nodes into the z_erofs_lzma_head. But\n task B was still sleeping.\n\nOne example report when the hung happens:\ntask:kworker/u3:1 state:D stack:14384 pid: 86 ppid: 2 flags:0x00004000\nWorkqueue: erofs_unzipd z_erofs_decompressqueue_work\nCall Trace:\n <TASK>\n __schedule+0x281/0x760\n schedule+0x49/0xb0\n z_erofs_lzma_decompress+0x4bc/0x580\n ? cpu_core_flags+0x10/0x10\n z_erofs_decompress_pcluster+0x49b/0xba0\n ? __update_load_avg_se+0x2b0/0x330\n ? __update_load_avg_se+0x2b0/0x330\n ? update_load_avg+0x5f/0x690\n ? update_load_avg+0x5f/0x690\n ? set_next_entity+0xbd/0x110\n ? _raw_spin_unlock+0xd/0x20\n z_erofs_decompress_queue.isra.0+0x2e/0x50\n z_erofs_decompressqueue_work+0x30/0x60\n process_one_work+0x1d3/0x3a0\n worker_thread+0x45/0x3a0\n ? process_one_work+0x3a0/0x3a0\n kthread+0xe2/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n </TASK>', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50193 was patched at 2025-06-17

523. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50195) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ARM: dts: qcom: replace gcc PXO with pxo_board fixed clock Replace gcc PXO phandle to pxo_board fixed clock declared in the dts. gcc driver doesn't provide PXO_SRC as it's a fixed-clock. This cause a kernel panic if any driver actually try to use it.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nARM: dts: qcom: replace gcc PXO with pxo_board fixed clock\n\nReplace gcc PXO phandle to pxo_board fixed clock declared in the dts.\ngcc driver doesn't provide PXO_SRC as it's a fixed-clock. This cause a\nkernel panic if any driver actually try to use it.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50195 was patched at 2025-06-17

524. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50204) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: pdata-quirks: Fix refcount leak bug In pdata_quirks_init_clocks(), the loop contains of_find_node_by_name() but without corresponding of_node_put().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nARM: OMAP2+: pdata-quirks: Fix refcount leak bug\n\nIn pdata_quirks_init_clocks(), the loop contains\nof_find_node_by_name() but without corresponding of_node_put().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50204 was patched at 2025-06-17

525. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50208) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: soc: amlogic: Fix refcount leak in meson-secure-pwrc.c In meson_secure_pwrc_probe(), there is a refcount leak in one fail path.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: amlogic: Fix refcount leak in meson-secure-pwrc.c\n\nIn meson_secure_pwrc_probe(), there is a refcount leak in one fail\npath.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50208 was patched at 2025-06-17

526. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50217) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: fuse: write inode in fuse_release() A race between write(2) and close(2) allows pages to be dirtied after fuse_flush -> write_inode_now(). If these pages are not flushed from fuse_release(), then there might not be a writable open file later. So any remaining dirty pages must be written back before the file is released. This is a partial revert of the blamed commit.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: write inode in fuse_release()\n\nA race between write(2) and close(2) allows pages to be dirtied after\nfuse_flush -> write_inode_now(). If these pages are not flushed from\nfuse_release(), then there might not be a writable open file later. So any\nremaining dirty pages must be written back before the file is released.\n\nThis is a partial revert of the blamed commit.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2022-50217 was patched at 2025-06-17

527. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50221) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/fb-helper: Fix out-of-bounds access Clip memory range to screen-buffer size to avoid out-of-bounds access in fbdev deferred I/O's damage handling. Fbdev's deferred I/O can only track pages. From the range of pages, the damage handler computes the clipping rectangle for the display update. If the fbdev screen buffer ends near the beginning of a page, that page could contain more scanlines. The damage handler would then track these non-existing scanlines as dirty and provoke an out-of-bounds access during the screen update. Hence, clip the maximum memory range to the size of the screen buffer. While at it, rename the variables min/max to min_off/max_off in drm_fb_helper_deferred_io(). This avoids confusion with the macros of the same name.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/fb-helper: Fix out-of-bounds access\n\nClip memory range to screen-buffer size to avoid out-of-bounds access\nin fbdev deferred I/O's damage handling.\n\nFbdev's deferred I/O can only track pages. From the range of pages, the\ndamage handler computes the clipping rectangle for the display update.\nIf the fbdev screen buffer ends near the beginning of a page, that page\ncould contain more scanlines. The damage handler would then track these\nnon-existing scanlines as dirty and provoke an out-of-bounds access\nduring the screen update. Hence, clip the maximum memory range to the\nsize of the screen buffer.\n\nWhile at it, rename the variables min/max to min_off/max_off in\ndrm_fb_helper_deferred_io(). This avoids confusion with the macros of\nthe same name.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50221 was patched at 2025-06-17

528. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50223) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: LoongArch: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected, cpu_max_bits_warn() generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0 [ 3.070072] Modules linked in: efivarfs autofs4 [ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052 [ 3.084034] Hardware name: Loongson Loongson-3A5000-7A1000-1w-V0.1-CRB/Loongson-LS3A5000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27 [ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000 [ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430 [ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff [ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890 [ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa [ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000 [ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000 [ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000 [ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286 [ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c [ 3.195868] ... [ 3.199917] Call Trace: [ 3.203941] [<90000000002086d8>] show_stack+0x38/0x14c [ 3.210666] [<9000000000cf846c>] dump_stack_lvl+0x60/0x88 [ 3.217625] [<900000000023d268>] __warn+0xd0/0x100 [ 3.223958] [<9000000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc [ 3.231150] [<9000000000210220>] show_cpuinfo+0x5e8/0x5f0 [ 3.238080] [<90000000004f578c>] seq_read_iter+0x354/0x4b4 [ 3.245098] [<90000000004c2e90>] new_sync_read+0x17c/0x1c4 [ 3.252114] [<90000000004c5174>] vfs_read+0x138/0x1d0 [ 3.258694] [<90000000004c55f8>] ksys_read+0x70/0x100 [ 3.265265] [<9000000000cfde9c>] do_syscall+0x7c/0x94 [ 3.271820] [<9000000000202fe4>] handle_syscall+0xc4/0x160 [ 3.281824] ---[ end trace 8b484262b4b8c24c ]---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK\n\nWhen CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected,\ncpu_max_bits_warn() generates a runtime warning similar as below while\nwe show /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)\ninstead of NR_CPUS to iterate CPUs.\n\n[ 3.052463] ------------[ cut here ]------------\n[ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0\n[ 3.070072] Modules linked in: efivarfs autofs4\n[ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052\n[ 3.084034] Hardware name: Loongson Loongson-3A5000-7A1000-1w-V0.1-CRB/Loongson-LS3A5000-7A1000-1w-EVB-V1.21, BIOS Loongson-UDK2018-V2.0.04082-beta7 04/27\n[ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000\n[ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430\n[ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff\n[ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890\n[ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa\n[ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000\n[ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000\n[ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000\n[ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286\n[ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c\n[ 3.195868] ...\n[ 3.199917] Call Trace:\n[ 3.203941] [<90000000002086d8>] show_stack+0x38/0x14c\n[ 3.210666] [<9000000000cf846c>] dump_stack_lvl+0x60/0x88\n[ 3.217625] [<900000000023d268>] __warn+0xd0/0x100\n[ 3.223958] [<9000000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc\n[ 3.231150] [<9000000000210220>] show_cpuinfo+0x5e8/0x5f0\n[ 3.238080] [<90000000004f578c>] seq_read_iter+0x354/0x4b4\n[ 3.245098] [<90000000004c2e90>] new_sync_read+0x17c/0x1c4\n[ 3.252114] [<90000000004c5174>] vfs_read+0x138/0x1d0\n[ 3.258694] [<90000000004c55f8>] ksys_read+0x70/0x100\n[ 3.265265] [<9000000000cfde9c>] do_syscall+0x7c/0x94\n[ 3.271820] [<9000000000202fe4>] handle_syscall+0xc4/0x160\n[ 3.281824] ---[ end trace 8b484262b4b8c24c ]---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50223 was patched at 2025-06-17

529. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50224) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT Treat the NX bit as valid when using NPT, as KVM will set the NX bit when the NX huge page mitigation is enabled (mindblowing) and trigger the WARN that fires on reserved SPTE bits being set. KVM has required NX support for SVM since commit b26a71a1a5b9 ("KVM: SVM: Refuse to load kvm_amd if NX support is not available") for exactly this reason, but apparently it never occurred to anyone to actually test NPT with the mitigation enabled. ------------[ cut here ]------------ spte = 0x800000018a600ee7, level = 2, rsvd bits = 0x800f0000001fe000 WARNING: CPU: 152 PID: 15966 at arch/x86/kvm/mmu/spte.c:215 make_spte+0x327/0x340 [kvm] Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 10.48.0 01/27/2022 RIP: 0010:make_spte+0x327/0x340 [kvm] Call Trace: <TASK> tdp_mmu_map_handle_target_level+0xc3/0x230 [kvm] kvm_tdp_mmu_map+0x343/0x3b0 [kvm] direct_page_fault+0x1ae/0x2a0 [kvm] kvm_tdp_page_fault+0x7d/0x90 [kvm] kvm_mmu_page_fault+0xfb/0x2e0 [kvm] npf_interception+0x55/0x90 [kvm_amd] svm_invoke_exit_handler+0x31/0xf0 [kvm_amd] svm_handle_exit+0xf6/0x1d0 [kvm_amd] vcpu_enter_guest+0xb6d/0xee0 [kvm] ? kvm_pmu_trigger_event+0x6d/0x230 [kvm] vcpu_run+0x65/0x2c0 [kvm] kvm_arch_vcpu_ioctl_run+0x355/0x610 [kvm] kvm_vcpu_ioctl+0x551/0x610 [kvm] __se_sys_ioctl+0x77/0xc0 __x64_sys_ioctl+0x1d/0x20 do_syscall_64+0x44/0xa0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 </TASK> ---[ end trace 0000000000000000 ]---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Treat NX as a valid SPTE bit for NPT\n\nTreat the NX bit as valid when using NPT, as KVM will set the NX bit when\nthe NX huge page mitigation is enabled (mindblowing) and trigger the WARN\nthat fires on reserved SPTE bits being set.\n\nKVM has required NX support for SVM since commit b26a71a1a5b9 ("KVM: SVM:\nRefuse to load kvm_amd if NX support is not available") for exactly this\nreason, but apparently it never occurred to anyone to actually test NPT\nwith the mitigation enabled.\n\n ------------[ cut here ]------------\n spte = 0x800000018a600ee7, level = 2, rsvd bits = 0x800f0000001fe000\n WARNING: CPU: 152 PID: 15966 at arch/x86/kvm/mmu/spte.c:215 make_spte+0x327/0x340 [kvm]\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 10.48.0 01/27/2022\n RIP: 0010:make_spte+0x327/0x340 [kvm]\n Call Trace:\n <TASK>\n tdp_mmu_map_handle_target_level+0xc3/0x230 [kvm]\n kvm_tdp_mmu_map+0x343/0x3b0 [kvm]\n direct_page_fault+0x1ae/0x2a0 [kvm]\n kvm_tdp_page_fault+0x7d/0x90 [kvm]\n kvm_mmu_page_fault+0xfb/0x2e0 [kvm]\n npf_interception+0x55/0x90 [kvm_amd]\n svm_invoke_exit_handler+0x31/0xf0 [kvm_amd]\n svm_handle_exit+0xf6/0x1d0 [kvm_amd]\n vcpu_enter_guest+0xb6d/0xee0 [kvm]\n ? kvm_pmu_trigger_event+0x6d/0x230 [kvm]\n vcpu_run+0x65/0x2c0 [kvm]\n kvm_arch_vcpu_ioctl_run+0x355/0x610 [kvm]\n kvm_vcpu_ioctl+0x551/0x610 [kvm]\n __se_sys_ioctl+0x77/0xc0\n __x64_sys_ioctl+0x1d/0x20\n do_syscall_64+0x44/0xa0\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n </TASK>\n ---[ end trace 0000000000000000 ]---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50224 was patched at 2025-06-17

530. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50225) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: riscv:uprobe fix SR_SPIE set/clear handling In riscv the process of uprobe going to clear spie before exec the origin insn,and set spie after that.But When access the page which origin insn has been placed a page fault may happen and irq was disabled in arch_uprobe_pre_xol function,It cause a WARN as follows. There is no need to clear/set spie in arch_uprobe_pre/post/abort_xol. We can just remove it. [ 31.684157] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1488 [ 31.684677] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 76, name: work [ 31.684929] preempt_count: 0, expected: 0 [ 31.685969] CPU: 2 PID: 76 Comm: work Tainted: G [ 31.686542] Hardware name: riscv-virtio,qemu (DT) [ 31.686797] Call Trace: [ 31.687053] [<ffffffff80006442>] dump_backtrace+0x30/0x38 [ 31.687699] [<ffffffff80812118>] show_stack+0x40/0x4c [ 31.688141] [<ffffffff8081817a>] dump_stack_lvl+0x44/0x5c [ 31.688396] [<ffffffff808181aa>] dump_stack+0x18/0x20 [ 31.688653] [<ffffffff8003e454>] __might_resched+0x114/0x122 [ 31.688948] [<ffffffff8003e4b2>] __might_sleep+0x50/0x7a [ 31.689435] [<ffffffff80822676>] down_read+0x30/0x130 [ 31.689728] [<ffffffff8000b650>] do_page_fault+0x166/x446 [ 31.689997] [<ffffffff80003c0c>] ret_from_exception+0x0/0xc', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv:uprobe fix SR_SPIE set/clear handling\n\nIn riscv the process of uprobe going to clear spie before exec\nthe origin insn,and set spie after that.But When access the page\nwhich origin insn has been placed a page fault may happen and\nirq was disabled in arch_uprobe_pre_xol function,It cause a WARN\nas follows.\nThere is no need to clear/set spie in arch_uprobe_pre/post/abort_xol.\nWe can just remove it.\n\n[ 31.684157] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1488\n[ 31.684677] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 76, name: work\n[ 31.684929] preempt_count: 0, expected: 0\n[ 31.685969] CPU: 2 PID: 76 Comm: work Tainted: G\n[ 31.686542] Hardware name: riscv-virtio,qemu (DT)\n[ 31.686797] Call Trace:\n[ 31.687053] [<ffffffff80006442>] dump_backtrace+0x30/0x38\n[ 31.687699] [<ffffffff80812118>] show_stack+0x40/0x4c\n[ 31.688141] [<ffffffff8081817a>] dump_stack_lvl+0x44/0x5c\n[ 31.688396] [<ffffffff808181aa>] dump_stack+0x18/0x20\n[ 31.688653] [<ffffffff8003e454>] __might_resched+0x114/0x122\n[ 31.688948] [<ffffffff8003e4b2>] __might_sleep+0x50/0x7a\n[ 31.689435] [<ffffffff80822676>] down_read+0x30/0x130\n[ 31.689728] [<ffffffff8000b650>] do_page_fault+0x166/x446\n[ 31.689997] [<ffffffff80003c0c>] ret_from_exception+0x0/0xc', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2022-50225 was patched at 2025-06-17

531. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50227) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Initialize Xen timer only once Add a check for existing xen timers before initializing a new one. Currently kvm_xen_init_timer() is called on every KVM_XEN_VCPU_ATTR_TYPE_TIMER, which is causing the following ODEBUG crash when vcpu->arch.xen.timer is already set. ODEBUG: init active (active state 0) object type: hrtimer hint: xen_timer_callbac0 RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:502 Call Trace: __debug_object_init debug_hrtimer_init debug_init hrtimer_init kvm_xen_init_timer kvm_xen_vcpu_set_attr kvm_arch_vcpu_ioctl kvm_vcpu_ioctl vfs_ioctl', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/xen: Initialize Xen timer only once\n\nAdd a check for existing xen timers before initializing a new one.\n\nCurrently kvm_xen_init_timer() is called on every\nKVM_XEN_VCPU_ATTR_TYPE_TIMER, which is causing the following ODEBUG\ncrash when vcpu->arch.xen.timer is already set.\n\nODEBUG: init active (active state 0)\nobject type: hrtimer hint: xen_timer_callbac0\nRIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:502\nCall Trace:\n__debug_object_init\ndebug_hrtimer_init\ndebug_init\nhrtimer_init\nkvm_xen_init_timer\nkvm_xen_vcpu_set_attr\nkvm_arch_vcpu_ioctl\nkvm_vcpu_ioctl\nvfs_ioctl', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50227 was patched at 2025-06-17

532. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50230) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: arm64: set UXN on swapper page tables [ This issue was fixed upstream by accident in c3cee924bd85 ("arm64: head: cover entire kernel image in initial ID map") as part of a large refactoring of the arm64 boot flow. This simple fix is therefore preferred for -stable backporting ] On a system that implements FEAT_EPAN, read/write access to the idmap is denied because UXN is not set on the swapper PTEs. As a result, idmap_kpti_install_ng_mappings panics the kernel when accessing __idmap_kpti_flag. Fix it by setting UXN on these PTEs.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: set UXN on swapper page tables\n\n[ This issue was fixed upstream by accident in c3cee924bd85 ("arm64:\n head: cover entire kernel image in initial ID map") as part of a\n large refactoring of the arm64 boot flow. This simple fix is therefore\n preferred for -stable backporting ]\n\nOn a system that implements FEAT_EPAN, read/write access to the idmap\nis denied because UXN is not set on the swapper PTEs. As a result,\nidmap_kpti_install_ng_mappings panics the kernel when accessing\n__idmap_kpti_flag. Fix it by setting UXN on these PTEs.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50230 was patched at 2025-06-17

533. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50231) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/poly1305 - fix a read out-of-bound A kasan error was reported during fuzzing: BUG: KASAN: slab-out-of-bounds in neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon] Read of size 4 at addr ffff0010e293f010 by task syz-executor.5/1646715 CPU: 4 PID: 1646715 Comm: syz-executor.5 Kdump: loaded Not tainted 5.10.0.aarch64 #1 Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.59 01/31/2019 Call trace: dump_backtrace+0x0/0x394 show_stack+0x34/0x4c arch/arm64/kernel/stacktrace.c:196 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x158/0x1e4 lib/dump_stack.c:118 print_address_description.constprop.0+0x68/0x204 mm/kasan/report.c:387 __kasan_report+0xe0/0x140 mm/kasan/report.c:547 kasan_report+0x44/0xe0 mm/kasan/report.c:564 check_memory_region_inline mm/kasan/generic.c:187 [inline] __asan_load4+0x94/0xd0 mm/kasan/generic.c:252 neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon] neon_poly1305_do_update+0x6c/0x15c [poly1305_neon] neon_poly1305_update+0x9c/0x1c4 [poly1305_neon] crypto_shash_update crypto/shash.c:131 [inline] shash_finup_unaligned+0x84/0x15c crypto/shash.c:179 crypto_shash_finup+0x8c/0x140 crypto/shash.c:193 shash_digest_unaligned+0xb8/0xe4 crypto/shash.c:201 crypto_shash_digest+0xa4/0xfc crypto/shash.c:217 crypto_shash_tfm_digest+0xb4/0x150 crypto/shash.c:229 essiv_skcipher_setkey+0x164/0x200 [essiv] crypto_skcipher_setkey+0xb0/0x160 crypto/skcipher.c:612 skcipher_setkey+0x3c/0x50 crypto/algif_skcipher.c:305 alg_setkey+0x114/0x2a0 crypto/af_alg.c:220 alg_setsockopt+0x19c/0x210 crypto/af_alg.c:253 __sys_setsockopt+0x190/0x2e0 net/socket.c:2123 __do_sys_setsockopt net/socket.c:2134 [inline] __se_sys_setsockopt net/socket.c:2131 [inline] __arm64_sys_setsockopt+0x78/0x94 net/socket.c:2131 __invoke_syscall arch/arm64/kernel/syscall.c:36 [inline] invoke_syscall+0x64/0x100 arch/arm64/kernel/syscall.c:48 el0_svc_common.constprop.0+0x220/0x230 arch/arm64/kernel/syscall.c:155 do_el0_svc+0xb4/0xd4 arch/arm64/kernel/syscall.c:217 el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:353 el0_sync_handler+0x160/0x164 arch/arm64/kernel/entry-common.c:369 el0_sync+0x160/0x180 arch/arm64/kernel/entry.S:683 This error can be reproduced by the following code compiled as ko on a system with kasan enabled: #include <linux/module.h> #include <linux/crypto.h> #include <crypto/hash.h> #include <crypto/poly1305.h> char test_data[] = "\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07" "\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\x0f" "\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17" "\\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e"; int init(void) { struct crypto_shash *tfm = NULL; char *data = NULL, *out = NULL; tfm = crypto_alloc_shash("poly1305", 0, 0); data = kmalloc(POLY1305_KEY_SIZE - 1, GFP_KERNEL); out = kmalloc(POLY1305_DIGEST_SIZE, GFP_KERNEL); memcpy(data, test_data, POLY1305_KEY_SIZE - 1); crypto_shash_tfm_digest(tfm, data, POLY1305_KEY_SIZE - 1, out); kfree(data); kfree(out); return 0; } void deinit(void) { } module_init(init) module_exit(deinit) MODULE_LICENSE("GPL"); The root cause of the bug sits in neon_poly1305_blocks. The logic neon_poly1305_blocks() performed is that if it was called with both s[] and r[] uninitialized, it will first try to initialize them with the data from the first "block" that it believed to be 32 bytes in length. First 16 bytes are used as the key and the next 16 bytes for s[]. This would lead to the aforementioned read out-of-bound. However, after calling poly1305_init_arch(), only 16 bytes were deducted from the input and s[] is initialized yet again with the following 16 bytes. The second initialization of s[] is certainly redundent which indicates that the first initialization should be for r[] only. This patch fixes the issue by calling poly1305_init_arm64() instead o ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: arm64/poly1305 - fix a read out-of-bound\n\nA kasan error was reported during fuzzing:\n\nBUG: KASAN: slab-out-of-bounds in neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon]\nRead of size 4 at addr ffff0010e293f010 by task syz-executor.5/1646715\nCPU: 4 PID: 1646715 Comm: syz-executor.5 Kdump: loaded Not tainted 5.10.0.aarch64 #1\nHardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.59 01/31/2019\nCall trace:\n dump_backtrace+0x0/0x394\n show_stack+0x34/0x4c arch/arm64/kernel/stacktrace.c:196\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x158/0x1e4 lib/dump_stack.c:118\n print_address_description.constprop.0+0x68/0x204 mm/kasan/report.c:387\n __kasan_report+0xe0/0x140 mm/kasan/report.c:547\n kasan_report+0x44/0xe0 mm/kasan/report.c:564\n check_memory_region_inline mm/kasan/generic.c:187 [inline]\n __asan_load4+0x94/0xd0 mm/kasan/generic.c:252\n neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon]\n neon_poly1305_do_update+0x6c/0x15c [poly1305_neon]\n neon_poly1305_update+0x9c/0x1c4 [poly1305_neon]\n crypto_shash_update crypto/shash.c:131 [inline]\n shash_finup_unaligned+0x84/0x15c crypto/shash.c:179\n crypto_shash_finup+0x8c/0x140 crypto/shash.c:193\n shash_digest_unaligned+0xb8/0xe4 crypto/shash.c:201\n crypto_shash_digest+0xa4/0xfc crypto/shash.c:217\n crypto_shash_tfm_digest+0xb4/0x150 crypto/shash.c:229\n essiv_skcipher_setkey+0x164/0x200 [essiv]\n crypto_skcipher_setkey+0xb0/0x160 crypto/skcipher.c:612\n skcipher_setkey+0x3c/0x50 crypto/algif_skcipher.c:305\n alg_setkey+0x114/0x2a0 crypto/af_alg.c:220\n alg_setsockopt+0x19c/0x210 crypto/af_alg.c:253\n __sys_setsockopt+0x190/0x2e0 net/socket.c:2123\n __do_sys_setsockopt net/socket.c:2134 [inline]\n __se_sys_setsockopt net/socket.c:2131 [inline]\n __arm64_sys_setsockopt+0x78/0x94 net/socket.c:2131\n __invoke_syscall arch/arm64/kernel/syscall.c:36 [inline]\n invoke_syscall+0x64/0x100 arch/arm64/kernel/syscall.c:48\n el0_svc_common.constprop.0+0x220/0x230 arch/arm64/kernel/syscall.c:155\n do_el0_svc+0xb4/0xd4 arch/arm64/kernel/syscall.c:217\n el0_svc+0x24/0x3c arch/arm64/kernel/entry-common.c:353\n el0_sync_handler+0x160/0x164 arch/arm64/kernel/entry-common.c:369\n el0_sync+0x160/0x180 arch/arm64/kernel/entry.S:683\n\nThis error can be reproduced by the following code compiled as ko on a\nsystem with kasan enabled:\n\n#include <linux/module.h>\n#include <linux/crypto.h>\n#include <crypto/hash.h>\n#include <crypto/poly1305.h>\n\nchar test_data[] = "\\x00\\x01\\x02\\x03\\x04\\x05\\x06\\x07"\n "\\x08\\x09\\x0a\\x0b\\x0c\\x0d\\x0e\\x0f"\n "\\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17"\n "\\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e";\n\nint init(void)\n{\n struct crypto_shash *tfm = NULL;\n char *data = NULL, *out = NULL;\n\n tfm = crypto_alloc_shash("poly1305", 0, 0);\n data = kmalloc(POLY1305_KEY_SIZE - 1, GFP_KERNEL);\n out = kmalloc(POLY1305_DIGEST_SIZE, GFP_KERNEL);\n memcpy(data, test_data, POLY1305_KEY_SIZE - 1);\n crypto_shash_tfm_digest(tfm, data, POLY1305_KEY_SIZE - 1, out);\n\n kfree(data);\n kfree(out);\n return 0;\n}\n\nvoid deinit(void)\n{\n}\n\nmodule_init(init)\nmodule_exit(deinit)\nMODULE_LICENSE("GPL");\n\nThe root cause of the bug sits in neon_poly1305_blocks. The logic\nneon_poly1305_blocks() performed is that if it was called with both s[]\nand r[] uninitialized, it will first try to initialize them with the\ndata from the first "block" that it believed to be 32 bytes in length.\nFirst 16 bytes are used as the key and the next 16 bytes for s[]. This\nwould lead to the aforementioned read out-of-bound. However, after\ncalling poly1305_init_arch(), only 16 bytes were deducted from the input\nand s[] is initialized yet again with the following 16 bytes. The second\ninitialization of s[] is certainly redundent which indicates that the\nfirst initialization should be for r[] only.\n\nThis patch fixes the issue by calling poly1305_init_arm64() instead o\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2022-50231 was patched at 2025-06-17

534. Unknown Vulnerability Type - Linux Kernel (CVE-2022-50232) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: arm64: set UXN on swapper page tables [ This issue was fixed upstream by accident in c3cee924bd85 ("arm64: head: cover entire kernel image in initial ID map") as part of a large refactoring of the arm64 boot flow. This simple fix is therefore preferred for -stable backporting ] On a system that implements FEAT_EPAN, read/write access to the idmap is denied because UXN is not set on the swapper PTEs. As a result, idmap_kpti_install_ng_mappings panics the kernel when accessing __idmap_kpti_flag. Fix it by setting UXN on these PTEs.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: set UXN on swapper page tables\n\n[ This issue was fixed upstream by accident in c3cee924bd85 ("arm64:\n head: cover entire kernel image in initial ID map") as part of a\n large refactoring of the arm64 boot flow. This simple fix is therefore\n preferred for -stable backporting ]\n\nOn a system that implements FEAT_EPAN, read/write access to the idmap\nis denied because UXN is not set on the swapper PTEs. As a result,\nidmap_kpti_install_ng_mappings panics the kernel when accessing\n__idmap_kpti_flag. Fix it by setting UXN on these PTEs.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2022-50232 was patched at 2025-06-17

535. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38006) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net: mctp: Don't access ifa_index when missing In mctp_dump_addrinfo, ifa_index can be used to filter interfaces, but only when the struct ifaddrmsg is provided. Otherwise it will be comparing to uninitialised memory - reproducible in the syzkaller case from dhcpd, or busybox "ip addr show". The kernel MCTP implementation has always filtered by ifa_index, so existing userspace programs expecting to dump MCTP addresses must already be passing a valid ifa_index value (either 0 or a real index). BUG: KMSAN: uninit-value in mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128 mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128 rtnl_dump_all+0x3ec/0x5b0 net/core/rtnetlink.c:4380 rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6824 netlink_dump+0x97b/0x1690 net/netlink/af_netlink.c:2309', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mctp: Don't access ifa_index when missing\n\nIn mctp_dump_addrinfo, ifa_index can be used to filter interfaces, but\nonly when the struct ifaddrmsg is provided. Otherwise it will be\ncomparing to uninitialised memory - reproducible in the syzkaller case from\ndhcpd, or busybox "ip addr show".\n\nThe kernel MCTP implementation has always filtered by ifa_index, so\nexisting userspace programs expecting to dump MCTP addresses must\nalready be passing a valid ifa_index value (either 0 or a real index).\n\nBUG: KMSAN: uninit-value in mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n mctp_dump_addrinfo+0x208/0xac0 net/mctp/device.c:128\n rtnl_dump_all+0x3ec/0x5b0 net/core/rtnetlink.c:4380\n rtnl_dumpit+0xd5/0x2f0 net/core/rtnetlink.c:6824\n netlink_dump+0x97b/0x1690 net/netlink/af_netlink.c:2309', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2025-38006 was patched at 2025-06-17

536. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38011) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: csa unmap use uninterruptible lock After process exit to unmap csa and free GPU vm, if signal is accepted and then waiting to take vm lock is interrupted and return, it causes memory leaking and below warning backtrace. Change to use uninterruptible wait lock fix the issue. WARNING: CPU: 69 PID: 167800 at amd/amdgpu/amdgpu_kms.c:1525 amdgpu_driver_postclose_kms+0x294/0x2a0 [amdgpu] Call Trace: <TASK> drm_file_free.part.0+0x1da/0x230 [drm] drm_close_helper.isra.0+0x65/0x70 [drm] drm_release+0x6a/0x120 [drm] amdgpu_drm_release+0x51/0x60 [amdgpu] __fput+0x9f/0x280 ____fput+0xe/0x20 task_work_run+0x67/0xa0 do_exit+0x217/0x3c0 do_group_exit+0x3b/0xb0 get_signal+0x14a/0x8d0 arch_do_signal_or_restart+0xde/0x100 exit_to_user_mode_loop+0xc1/0x1a0 exit_to_user_mode_prepare+0xf4/0x100 syscall_exit_to_user_mode+0x17/0x40 do_syscall_64+0x69/0xc0 (cherry picked from commit 7dbbfb3c171a6f63b01165958629c9c26abf38ab)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: csa unmap use uninterruptible lock\n\nAfter process exit to unmap csa and free GPU vm, if signal is accepted\nand then waiting to take vm lock is interrupted and return, it causes\nmemory leaking and below warning backtrace.\n\nChange to use uninterruptible wait lock fix the issue.\n\nWARNING: CPU: 69 PID: 167800 at amd/amdgpu/amdgpu_kms.c:1525\n amdgpu_driver_postclose_kms+0x294/0x2a0 [amdgpu]\n Call Trace:\n <TASK>\n drm_file_free.part.0+0x1da/0x230 [drm]\n drm_close_helper.isra.0+0x65/0x70 [drm]\n drm_release+0x6a/0x120 [drm]\n amdgpu_drm_release+0x51/0x60 [amdgpu]\n __fput+0x9f/0x280\n ____fput+0xe/0x20\n task_work_run+0x67/0xa0\n do_exit+0x217/0x3c0\n do_group_exit+0x3b/0xb0\n get_signal+0x14a/0x8d0\n arch_do_signal_or_restart+0xde/0x100\n exit_to_user_mode_loop+0xc1/0x1a0\n exit_to_user_mode_prepare+0xf4/0x100\n syscall_exit_to_user_mode+0x17/0x40\n do_syscall_64+0x69/0xc0\n\n(cherry picked from commit 7dbbfb3c171a6f63b01165958629c9c26abf38ab)', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2025-38011 was patched at 2025-06-17

537. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38014) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper The idxd_cleanup() helper cleans up perfmon, interrupts, internals and so on. Refactor remove call with the idxd_cleanup() helper to avoid code duplication. Note, this also fixes the missing put_device() for idxd groups, enginces and wqs.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Refactor remove call with idxd_cleanup() helper\n\nThe idxd_cleanup() helper cleans up perfmon, interrupts, internals and\nso on. Refactor remove call with the idxd_cleanup() helper to avoid code\nduplication. Note, this also fixes the missing put_device() for idxd\ngroups, enginces and wqs.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2025-38014 was patched at 2025-06-17

538. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38027) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invalid memory access max20086_parse_regulators_dt() calls of_regulator_match() using an array of struct of_regulator_match allocated on the stack for the matches argument. of_regulator_match() calls devm_of_regulator_put_matches(), which calls devres_alloc() to allocate a struct devm_of_regulator_matches which will be de-allocated using devm_of_regulator_put_matches(). struct devm_of_regulator_matches is populated with the stack allocated matches array. If the device fails to probe, devm_of_regulator_put_matches() will be called and will try to call of_node_put() on that stack pointer, generating the following dmesg entries: max20086 6-0028: Failed to read DEVICE_ID reg: -121 kobject: '\\xc0$\\xa5\\x03' (000000002cebcb7a): is not initialized, yet kobject_put() is being called. Followed by a stack trace matching the call flow described above. Switch to allocating the matches array using devm_kcalloc() to avoid accessing the stack pointer long after it's out of scope. This also has the advantage of allowing multiple max20086 to probe without overriding the data stored inside the global of_regulator_match.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: max20086: fix invalid memory access\n\nmax20086_parse_regulators_dt() calls of_regulator_match() using an\narray of struct of_regulator_match allocated on the stack for the\nmatches argument.\n\nof_regulator_match() calls devm_of_regulator_put_matches(), which calls\ndevres_alloc() to allocate a struct devm_of_regulator_matches which will\nbe de-allocated using devm_of_regulator_put_matches().\n\nstruct devm_of_regulator_matches is populated with the stack allocated\nmatches array.\n\nIf the device fails to probe, devm_of_regulator_put_matches() will be\ncalled and will try to call of_node_put() on that stack pointer,\ngenerating the following dmesg entries:\n\nmax20086 6-0028: Failed to read DEVICE_ID reg: -121\nkobject: '\\xc0$\\xa5\\x03' (000000002cebcb7a): is not initialized, yet\nkobject_put() is being called.\n\nFollowed by a stack trace matching the call flow described above.\n\nSwitch to allocating the matches array using devm_kcalloc() to\navoid accessing the stack pointer long after it's out of scope.\n\nThis also has the advantage of allowing multiple max20086 to probe\nwithout overriding the data stored inside the global of_regulator_match.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2025-38027 was patched at 2025-06-17

539. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38029) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: kasan: avoid sleepable page allocation from atomic context apply_to_pte_range() enters the lazy MMU mode and then invokes kasan_populate_vmalloc_pte() callback on each page table walk iteration. However, the callback can go into sleep when trying to allocate a single page, e.g. if an architecutre disables preemption on lazy MMU mode enter. On s390 if make arch_enter_lazy_mmu_mode() -> preempt_enable() and arch_leave_lazy_mmu_mode() -> preempt_disable(), such crash occurs: [ 0.663336] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321 [ 0.663348] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd [ 0.663358] preempt_count: 1, expected: 0 [ 0.663366] RCU nest depth: 0, expected: 0 [ 0.663375] no locks held by kthreadd/2. [ 0.663383] Preemption disabled at: [ 0.663386] [<0002f3284cbb4eda>] apply_to_pte_range+0xfa/0x4a0 [ 0.663405] CPU: 0 UID: 0 PID: 2 Comm: kthreadd Not tainted 6.15.0-rc5-gcc-kasan-00043-gd76bb1ebb558-dirty #162 PREEMPT [ 0.663408] Hardware name: IBM 3931 A01 701 (KVM/Linux) [ 0.663409] Call Trace: [ 0.663410] [<0002f3284c385f58>] dump_stack_lvl+0xe8/0x140 [ 0.663413] [<0002f3284c507b9e>] __might_resched+0x66e/0x700 [ 0.663415] [<0002f3284cc4f6c0>] __alloc_frozen_pages_noprof+0x370/0x4b0 [ 0.663419] [<0002f3284ccc73c0>] alloc_pages_mpol+0x1a0/0x4a0 [ 0.663421] [<0002f3284ccc8518>] alloc_frozen_pages_noprof+0x88/0xc0 [ 0.663424] [<0002f3284ccc8572>] alloc_pages_noprof+0x22/0x120 [ 0.663427] [<0002f3284cc341ac>] get_free_pages_noprof+0x2c/0xc0 [ 0.663429] [<0002f3284cceba70>] kasan_populate_vmalloc_pte+0x50/0x120 [ 0.663433] [<0002f3284cbb4ef8>] apply_to_pte_range+0x118/0x4a0 [ 0.663435] [<0002f3284cbc7c14>] apply_to_pmd_range+0x194/0x3e0 [ 0.663437] [<0002f3284cbc99be>] __apply_to_page_range+0x2fe/0x7a0 [ 0.663440] [<0002f3284cbc9e88>] apply_to_page_range+0x28/0x40 [ 0.663442] [<0002f3284ccebf12>] kasan_populate_vmalloc+0x82/0xa0 [ 0.663445] [<0002f3284cc1578c>] alloc_vmap_area+0x34c/0xc10 [ 0.663448] [<0002f3284cc1c2a6>] __get_vm_area_node+0x186/0x2a0 [ 0.663451] [<0002f3284cc1e696>] __vmalloc_node_range_noprof+0x116/0x310 [ 0.663454] [<0002f3284cc1d950>] __vmalloc_node_noprof+0xd0/0x110 [ 0.663457] [<0002f3284c454b88>] alloc_thread_stack_node+0xf8/0x330 [ 0.663460] [<0002f3284c458d56>] dup_task_struct+0x66/0x4d0 [ 0.663463] [<0002f3284c45be90>] copy_process+0x280/0x4b90 [ 0.663465] [<0002f3284c460940>] kernel_clone+0xd0/0x4b0 [ 0.663467] [<0002f3284c46115e>] kernel_thread+0xbe/0xe0 [ 0.663469] [<0002f3284c4e440e>] kthreadd+0x50e/0x7f0 [ 0.663472] [<0002f3284c38c04a>] __ret_from_fork+0x8a/0xf0 [ 0.663475] [<0002f3284ed57ff2>] ret_from_fork+0xa/0x38 Instead of allocating single pages per-PTE, bulk-allocate the shadow memory prior to applying kasan_populate_vmalloc_pte() callback on a page range.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkasan: avoid sleepable page allocation from atomic context\n\napply_to_pte_range() enters the lazy MMU mode and then invokes\nkasan_populate_vmalloc_pte() callback on each page table walk iteration. \nHowever, the callback can go into sleep when trying to allocate a single\npage, e.g. if an architecutre disables preemption on lazy MMU mode enter.\n\nOn s390 if make arch_enter_lazy_mmu_mode() -> preempt_enable() and\narch_leave_lazy_mmu_mode() -> preempt_disable(), such crash occurs:\n\n[ 0.663336] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321\n[ 0.663348] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\n[ 0.663358] preempt_count: 1, expected: 0\n[ 0.663366] RCU nest depth: 0, expected: 0\n[ 0.663375] no locks held by kthreadd/2.\n[ 0.663383] Preemption disabled at:\n[ 0.663386] [<0002f3284cbb4eda>] apply_to_pte_range+0xfa/0x4a0\n[ 0.663405] CPU: 0 UID: 0 PID: 2 Comm: kthreadd Not tainted 6.15.0-rc5-gcc-kasan-00043-gd76bb1ebb558-dirty #162 PREEMPT\n[ 0.663408] Hardware name: IBM 3931 A01 701 (KVM/Linux)\n[ 0.663409] Call Trace:\n[ 0.663410] [<0002f3284c385f58>] dump_stack_lvl+0xe8/0x140\n[ 0.663413] [<0002f3284c507b9e>] __might_resched+0x66e/0x700\n[ 0.663415] [<0002f3284cc4f6c0>] __alloc_frozen_pages_noprof+0x370/0x4b0\n[ 0.663419] [<0002f3284ccc73c0>] alloc_pages_mpol+0x1a0/0x4a0\n[ 0.663421] [<0002f3284ccc8518>] alloc_frozen_pages_noprof+0x88/0xc0\n[ 0.663424] [<0002f3284ccc8572>] alloc_pages_noprof+0x22/0x120\n[ 0.663427] [<0002f3284cc341ac>] get_free_pages_noprof+0x2c/0xc0\n[ 0.663429] [<0002f3284cceba70>] kasan_populate_vmalloc_pte+0x50/0x120\n[ 0.663433] [<0002f3284cbb4ef8>] apply_to_pte_range+0x118/0x4a0\n[ 0.663435] [<0002f3284cbc7c14>] apply_to_pmd_range+0x194/0x3e0\n[ 0.663437] [<0002f3284cbc99be>] __apply_to_page_range+0x2fe/0x7a0\n[ 0.663440] [<0002f3284cbc9e88>] apply_to_page_range+0x28/0x40\n[ 0.663442] [<0002f3284ccebf12>] kasan_populate_vmalloc+0x82/0xa0\n[ 0.663445] [<0002f3284cc1578c>] alloc_vmap_area+0x34c/0xc10\n[ 0.663448] [<0002f3284cc1c2a6>] __get_vm_area_node+0x186/0x2a0\n[ 0.663451] [<0002f3284cc1e696>] __vmalloc_node_range_noprof+0x116/0x310\n[ 0.663454] [<0002f3284cc1d950>] __vmalloc_node_noprof+0xd0/0x110\n[ 0.663457] [<0002f3284c454b88>] alloc_thread_stack_node+0xf8/0x330\n[ 0.663460] [<0002f3284c458d56>] dup_task_struct+0x66/0x4d0\n[ 0.663463] [<0002f3284c45be90>] copy_process+0x280/0x4b90\n[ 0.663465] [<0002f3284c460940>] kernel_clone+0xd0/0x4b0\n[ 0.663467] [<0002f3284c46115e>] kernel_thread+0xbe/0xe0\n[ 0.663469] [<0002f3284c4e440e>] kthreadd+0x50e/0x7f0\n[ 0.663472] [<0002f3284c38c04a>] __ret_from_fork+0x8a/0xf0\n[ 0.663475] [<0002f3284ed57ff2>] ret_from_fork+0xa/0x38\n\nInstead of allocating single pages per-PTE, bulk-allocate the shadow\nmemory prior to applying kasan_populate_vmalloc_pte() callback on a page\nrange.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2025-38029 was patched at 2025-06-17

540. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38038) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost set_boost is a per-policy function call, hence a driver wide lock is unnecessary. Also this mutex_acquire can collide with the mutex_acquire from the mode-switch path in status_store(), which can lead to a deadlock. So, remove it.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost\n\nset_boost is a per-policy function call, hence a driver wide lock is\nunnecessary. Also this mutex_acquire can collide with the mutex_acquire\nfrom the mode-switch path in status_store(), which can lead to a\ndeadlock. So, remove it.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2025-38038 was patched at 2025-06-17

541. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38039) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled When attempting to enable MQPRIO while HTB offload is already configured, the driver currently returns `-EINVAL` and triggers a `WARN_ON`, leading to an unnecessary call trace. Update the code to handle this case more gracefully by returning `-EOPNOTSUPP` instead, while also providing a helpful user message.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled\n\nWhen attempting to enable MQPRIO while HTB offload is already\nconfigured, the driver currently returns `-EINVAL` and triggers a\n`WARN_ON`, leading to an unnecessary call trace.\n\nUpdate the code to handle this case more gracefully by returning\n`-EOPNOTSUPP` instead, while also providing a helpful user message.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2025-38039 was patched at 2025-06-17

542. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38040) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs The following splat has been observed on a SAMA5D27 platform using atmel_serial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738 in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name: kworker/u5:0 preempt_count: 1, expected: 0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<00000000>] 0x0 hardirqs last disabled at (0): [<c01588f0>] copy_process+0x1c4c/0x7bec softirqs last enabled at (0): [<c0158944>] copy_process+0x1ca0/0x7bec softirqs last disabled at (0): [<00000000>] 0x0 CPU: 0 UID: 0 PID: 27 Comm: kworker/u5:0 Not tainted 6.13.0-rc7+ #74 Hardware name: Atmel SAMA5 Workqueue: hci0 hci_power_on [bluetooth] Call trace: unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x44/0x70 dump_stack_lvl from __might_resched+0x38c/0x598 __might_resched from disable_irq+0x1c/0x48 disable_irq from mctrl_gpio_disable_ms+0x74/0xc0 mctrl_gpio_disable_ms from atmel_disable_ms.part.0+0x80/0x1f4 atmel_disable_ms.part.0 from atmel_set_termios+0x764/0x11e8 atmel_set_termios from uart_change_line_settings+0x15c/0x994 uart_change_line_settings from uart_set_termios+0x2b0/0x668 uart_set_termios from tty_set_termios+0x600/0x8ec tty_set_termios from ttyport_set_flow_control+0x188/0x1e0 ttyport_set_flow_control from wilc_setup+0xd0/0x524 [hci_wilc] wilc_setup [hci_wilc] from hci_dev_open_sync+0x330/0x203c [bluetooth] hci_dev_open_sync [bluetooth] from hci_dev_do_open+0x40/0xb0 [bluetooth] hci_dev_do_open [bluetooth] from hci_power_on+0x12c/0x664 [bluetooth] hci_power_on [bluetooth] from process_one_work+0x998/0x1a38 process_one_work from worker_thread+0x6e0/0xfb4 worker_thread from kthread+0x3d4/0x484 kthread from ret_from_fork+0x14/0x28 This warning is emitted when trying to toggle, at the highest level, some flow control (with serdev_device_set_flow_control) in a device driver. At the lowest level, the atmel_serial driver is using serial_mctrl_gpio lib to enable/disable the corresponding IRQs accordingly. The warning emitted by CONFIG_DEBUG_ATOMIC_SLEEP is due to disable_irq (called in mctrl_gpio_disable_ms) being possibly called in some atomic context (some tty drivers perform modem lines configuration in regions protected by port lock). Split mctrl_gpio_disable_ms into two differents APIs, a non-blocking one and a blocking one. Replace mctrl_gpio_disable_ms calls with the relevant version depending on whether the call is protected by some port lock.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: mctrl_gpio: split disable_ms into sync and no_sync APIs\n\nThe following splat has been observed on a SAMA5D27 platform using\natmel_serial:\n\nBUG: sleeping function called from invalid context at kernel/irq/manage.c:738\nin_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 27, name: kworker/u5:0\npreempt_count: 1, expected: 0\nINFO: lockdep is turned off.\nirq event stamp: 0\nhardirqs last enabled at (0): [<00000000>] 0x0\nhardirqs last disabled at (0): [<c01588f0>] copy_process+0x1c4c/0x7bec\nsoftirqs last enabled at (0): [<c0158944>] copy_process+0x1ca0/0x7bec\nsoftirqs last disabled at (0): [<00000000>] 0x0\nCPU: 0 UID: 0 PID: 27 Comm: kworker/u5:0 Not tainted 6.13.0-rc7+ #74\nHardware name: Atmel SAMA5\nWorkqueue: hci0 hci_power_on [bluetooth]\nCall trace:\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x44/0x70\n dump_stack_lvl from __might_resched+0x38c/0x598\n __might_resched from disable_irq+0x1c/0x48\n disable_irq from mctrl_gpio_disable_ms+0x74/0xc0\n mctrl_gpio_disable_ms from atmel_disable_ms.part.0+0x80/0x1f4\n atmel_disable_ms.part.0 from atmel_set_termios+0x764/0x11e8\n atmel_set_termios from uart_change_line_settings+0x15c/0x994\n uart_change_line_settings from uart_set_termios+0x2b0/0x668\n uart_set_termios from tty_set_termios+0x600/0x8ec\n tty_set_termios from ttyport_set_flow_control+0x188/0x1e0\n ttyport_set_flow_control from wilc_setup+0xd0/0x524 [hci_wilc]\n wilc_setup [hci_wilc] from hci_dev_open_sync+0x330/0x203c [bluetooth]\n hci_dev_open_sync [bluetooth] from hci_dev_do_open+0x40/0xb0 [bluetooth]\n hci_dev_do_open [bluetooth] from hci_power_on+0x12c/0x664 [bluetooth]\n hci_power_on [bluetooth] from process_one_work+0x998/0x1a38\n process_one_work from worker_thread+0x6e0/0xfb4\n worker_thread from kthread+0x3d4/0x484\n kthread from ret_from_fork+0x14/0x28\n\nThis warning is emitted when trying to toggle, at the highest level,\nsome flow control (with serdev_device_set_flow_control) in a device\ndriver. At the lowest level, the atmel_serial driver is using\nserial_mctrl_gpio lib to enable/disable the corresponding IRQs\naccordingly. The warning emitted by CONFIG_DEBUG_ATOMIC_SLEEP is due to\ndisable_irq (called in mctrl_gpio_disable_ms) being possibly called in\nsome atomic context (some tty drivers perform modem lines configuration\nin regions protected by port lock).\n\nSplit mctrl_gpio_disable_ms into two differents APIs, a non-blocking one\nand a blocking one. Replace mctrl_gpio_disable_ms calls with the\nrelevant version depending on whether the call is protected by some port\nlock.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2025-38040 was patched at 2025-06-17

543. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38041) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes The H616 manual does not state that the GPU PLL supports dynamic frequency configuration, so we must take extra care when changing the frequency. Currently any attempt to do device DVFS on the GPU lead to panfrost various ooops, and GPU hangs. The manual describes the algorithm for changing the PLL frequency, which the CPU PLL notifier code already support, so we reuse that to reparent the GPU clock to GPU1 clock during frequency changes.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: h616: Reparent GPU clock during frequency changes\n\nThe H616 manual does not state that the GPU PLL supports\ndynamic frequency configuration, so we must take extra care when changing\nthe frequency. Currently any attempt to do device DVFS on the GPU lead\nto panfrost various ooops, and GPU hangs.\n\nThe manual describes the algorithm for changing the PLL\nfrequency, which the CPU PLL notifier code already support, so we reuse\nthat to reparent the GPU clock to GPU1 clock during frequency\nchanges.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2025-38041 was patched at 2025-06-17

544. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38042) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn The user of k3_udma_glue_reset_rx_chn() e.g. ti_am65_cpsw_nuss can run on multiple platforms having different DMA architectures. On some platforms there can be one FDQ for all flows in the RX channel while for others there is a separate FDQ for each flow in the RX channel. So far we have been relying on the skip_fdq argument of k3_udma_glue_reset_rx_chn(). Instead of relying on the user to provide this information, infer it based on DMA architecture during k3_udma_glue_request_rx_chn() and save it in an internal flag 'single_fdq'. Use that flag at k3_udma_glue_reset_rx_chn() to deicide if the FDQ needs to be cleared for every flow or just for flow 0. Fixes the below issue on ti_am65_cpsw_nuss driver on AM62-SK. > ip link set eth1 down > ip link set eth0 down > ethtool -L eth0 rx 8 > ip link set eth0 up > modprobe -r ti_am65_cpsw_nuss [ 103.045726] ------------[ cut here ]------------ [ 103.050505] k3_knav_desc_pool size 512000 != avail 64000 [ 103.050703] WARNING: CPU: 1 PID: 450 at drivers/net/ethernet/ti/k3-cppi-desc-pool.c:33 k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool] [ 103.068810] Modules linked in: ti_am65_cpsw_nuss(-) k3_cppi_desc_pool snd_soc_hdmi_codec crct10dif_ce snd_soc_simple_card snd_soc_simple_card_utils display_connector rtc_ti_k3 k3_j72xx_bandgap tidss drm_client_lib snd_soc_davinci_mcas p drm_dma_helper tps6598x phylink snd_soc_ti_udma rti_wdt drm_display_helper snd_soc_tlv320aic3x_i2c typec at24 phy_gmii_sel snd_soc_ti_edma snd_soc_tlv320aic3x sii902x snd_soc_ti_sdma sa2ul omap_mailbox drm_kms_helper authenc cfg80211 r fkill fuse drm drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [last unloaded: k3_cppi_desc_pool] [ 103.119950] CPU: 1 UID: 0 PID: 450 Comm: modprobe Not tainted 6.13.0-rc7-00001-g9c5e3435fa66 #1011 [ 103.119968] Hardware name: Texas Instruments AM625 SK (DT) [ 103.119974] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 103.119983] pc : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool] [ 103.148007] lr : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool] [ 103.154709] sp : ffff8000826ebbc0 [ 103.158015] x29: ffff8000826ebbc0 x28: ffff0000090b6300 x27: 0000000000000000 [ 103.165145] x26: 0000000000000000 x25: 0000000000000000 x24: ffff0000019df6b0 [ 103.172271] x23: ffff0000019df6b8 x22: ffff0000019df410 x21: ffff8000826ebc88 [ 103.179397] x20: 000000000007d000 x19: ffff00000a3b3000 x18: 0000000000000000 [ 103.186522] x17: 0000000000000000 x16: 0000000000000000 x15: 000001e8c35e1cde [ 103.193647] x14: 0000000000000396 x13: 000000000000035c x12: 0000000000000000 [ 103.200772] x11: 000000000000003a x10: 00000000000009c0 x9 : ffff8000826eba20 [ 103.207897] x8 : ffff0000090b6d20 x7 : ffff00007728c180 x6 : ffff00007728c100 [ 103.215022] x5 : 0000000000000001 x4 : ffff000000508a50 x3 : ffff7ffff6146000 [ 103.222147] x2 : 0000000000000000 x1 : e300b4173ee6b200 x0 : 0000000000000000 [ 103.229274] Call trace: [ 103.231714] k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool] (P) [ 103.238408] am65_cpsw_nuss_free_rx_chns+0x28/0x4c [ti_am65_cpsw_nuss] [ 103.244942] devm_action_release+0x14/0x20 [ 103.249040] release_nodes+0x3c/0x68 [ 103.252610] devres_release_all+0x8c/0xdc [ 103.256614] device_unbind_cleanup+0x18/0x60 [ 103.260876] device_release_driver_internal+0xf8/0x178 [ 103.266004] driver_detach+0x50/0x9c [ 103.269571] bus_remove_driver+0x6c/0xbc [ 103.273485] driver_unregister+0x30/0x60 [ 103.277401] platform_driver_unregister+0x14/0x20 [ 103.282096] am65_cpsw_nuss_driver_exit+0x18/0xff4 [ti_am65_cpsw_nuss] [ 103.288620] __arm64_sys_delete_module+0x17c/0x25c [ 103.293404] invoke_syscall+0x44/0x100 [ 103.297149] el0_svc_common.constprop.0+0xc0/0xe0 [ 103.301845] do_el0_svc+0x1c/0x28 [ 103.305155] el0_svc+0x28/0x98 ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn\n\nThe user of k3_udma_glue_reset_rx_chn() e.g. ti_am65_cpsw_nuss can\nrun on multiple platforms having different DMA architectures.\nOn some platforms there can be one FDQ for all flows in the RX channel\nwhile for others there is a separate FDQ for each flow in the RX channel.\n\nSo far we have been relying on the skip_fdq argument of\nk3_udma_glue_reset_rx_chn().\n\nInstead of relying on the user to provide this information, infer it\nbased on DMA architecture during k3_udma_glue_request_rx_chn() and save it\nin an internal flag 'single_fdq'. Use that flag at\nk3_udma_glue_reset_rx_chn() to deicide if the FDQ needs\nto be cleared for every flow or just for flow 0.\n\nFixes the below issue on ti_am65_cpsw_nuss driver on AM62-SK.\n\n> ip link set eth1 down\n> ip link set eth0 down\n> ethtool -L eth0 rx 8\n> ip link set eth0 up\n> modprobe -r ti_am65_cpsw_nuss\n\n[ 103.045726] ------------[ cut here ]------------\n[ 103.050505] k3_knav_desc_pool size 512000 != avail 64000\n[ 103.050703] WARNING: CPU: 1 PID: 450 at drivers/net/ethernet/ti/k3-cppi-desc-pool.c:33 k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.068810] Modules linked in: ti_am65_cpsw_nuss(-) k3_cppi_desc_pool snd_soc_hdmi_codec crct10dif_ce snd_soc_simple_card snd_soc_simple_card_utils display_connector rtc_ti_k3 k3_j72xx_bandgap tidss drm_client_lib snd_soc_davinci_mcas\np drm_dma_helper tps6598x phylink snd_soc_ti_udma rti_wdt drm_display_helper snd_soc_tlv320aic3x_i2c typec at24 phy_gmii_sel snd_soc_ti_edma snd_soc_tlv320aic3x sii902x snd_soc_ti_sdma sa2ul omap_mailbox drm_kms_helper authenc cfg80211 r\nfkill fuse drm drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [last unloaded: k3_cppi_desc_pool]\n[ 103.119950] CPU: 1 UID: 0 PID: 450 Comm: modprobe Not tainted 6.13.0-rc7-00001-g9c5e3435fa66 #1011\n[ 103.119968] Hardware name: Texas Instruments AM625 SK (DT)\n[ 103.119974] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 103.119983] pc : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.148007] lr : k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool]\n[ 103.154709] sp : ffff8000826ebbc0\n[ 103.158015] x29: ffff8000826ebbc0 x28: ffff0000090b6300 x27: 0000000000000000\n[ 103.165145] x26: 0000000000000000 x25: 0000000000000000 x24: ffff0000019df6b0\n[ 103.172271] x23: ffff0000019df6b8 x22: ffff0000019df410 x21: ffff8000826ebc88\n[ 103.179397] x20: 000000000007d000 x19: ffff00000a3b3000 x18: 0000000000000000\n[ 103.186522] x17: 0000000000000000 x16: 0000000000000000 x15: 000001e8c35e1cde\n[ 103.193647] x14: 0000000000000396 x13: 000000000000035c x12: 0000000000000000\n[ 103.200772] x11: 000000000000003a x10: 00000000000009c0 x9 : ffff8000826eba20\n[ 103.207897] x8 : ffff0000090b6d20 x7 : ffff00007728c180 x6 : ffff00007728c100\n[ 103.215022] x5 : 0000000000000001 x4 : ffff000000508a50 x3 : ffff7ffff6146000\n[ 103.222147] x2 : 0000000000000000 x1 : e300b4173ee6b200 x0 : 0000000000000000\n[ 103.229274] Call trace:\n[ 103.231714] k3_cppi_desc_pool_destroy+0xa0/0xa8 [k3_cppi_desc_pool] (P)\n[ 103.238408] am65_cpsw_nuss_free_rx_chns+0x28/0x4c [ti_am65_cpsw_nuss]\n[ 103.244942] devm_action_release+0x14/0x20\n[ 103.249040] release_nodes+0x3c/0x68\n[ 103.252610] devres_release_all+0x8c/0xdc\n[ 103.256614] device_unbind_cleanup+0x18/0x60\n[ 103.260876] device_release_driver_internal+0xf8/0x178\n[ 103.266004] driver_detach+0x50/0x9c\n[ 103.269571] bus_remove_driver+0x6c/0xbc\n[ 103.273485] driver_unregister+0x30/0x60\n[ 103.277401] platform_driver_unregister+0x14/0x20\n[ 103.282096] am65_cpsw_nuss_driver_exit+0x18/0xff4 [ti_am65_cpsw_nuss]\n[ 103.288620] __arm64_sys_delete_module+0x17c/0x25c\n[ 103.293404] invoke_syscall+0x44/0x100\n[ 103.297149] el0_svc_common.constprop.0+0xc0/0xe0\n[ 103.301845] do_el0_svc+0x1c/0x28\n[ 103.305155] el0_svc+0x28/0x98\n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2025-38042 was patched at 2025-06-17

545. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38045) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix debug actions order The order of actions taken for debug was implemented incorrectly. Now we implemented the dump split and do the FW reset only in the middle of the dump (rather than the FW killing itself on error.) As a result, some of the actions taken when applying the config will now crash the device, so we need to fix the order.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix debug actions order\n\nThe order of actions taken for debug was implemented incorrectly.\nNow we implemented the dump split and do the FW reset only in the\nmiddle of the dump (rather than the FW killing itself on error.)\nAs a result, some of the actions taken when applying the config\nwill now crash the device, so we need to fix the order.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2025-38045 was patched at 2025-06-17

546. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38047) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: x86/fred: Fix system hang during S4 resume with FRED enabled Upon a wakeup from S4, the restore kernel starts and initializes the FRED MSRs as needed from its perspective. It then loads a hibernation image, including the image kernel, and attempts to load image pages directly into their original page frames used before hibernation unless those frames are currently in use. Once all pages are moved to their original locations, it jumps to a "trampoline" page in the image kernel. At this point, the image kernel takes control, but the FRED MSRs still contain values set by the restore kernel, which may differ from those set by the image kernel before hibernation. Therefore, the image kernel must ensure the FRED MSRs have the same values as before hibernation. Since these values depend only on the location of the kernel text and data, they can be recomputed from scratch.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fred: Fix system hang during S4 resume with FRED enabled\n\nUpon a wakeup from S4, the restore kernel starts and initializes the\nFRED MSRs as needed from its perspective. It then loads a hibernation\nimage, including the image kernel, and attempts to load image pages\ndirectly into their original page frames used before hibernation unless\nthose frames are currently in use. Once all pages are moved to their\noriginal locations, it jumps to a "trampoline" page in the image kernel.\n\nAt this point, the image kernel takes control, but the FRED MSRs still\ncontain values set by the restore kernel, which may differ from those\nset by the image kernel before hibernation. Therefore, the image kernel\nmust ensure the FRED MSRs have the same values as before hibernation.\nSince these values depend only on the location of the kernel text and\ndata, they can be recomputed from scratch.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2025-38047 was patched at 2025-06-17

547. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38057) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: espintcp: fix skb leaks A few error paths are missing a kfree_skb.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: fix skb leaks\n\nA few error paths are missing a kfree_skb.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2025-38057 was patched at 2025-06-17

548. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38060) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: bpf: copy_verifier_state() should copy 'loop_entry' field The bpf_verifier_state.loop_entry state should be copied by copy_verifier_state(). Otherwise, .loop_entry values from unrelated states would poison env->cur_state. Additionally, env->stack should not contain any states with .loop_entry != NULL. The states in env->stack are yet to be verified, while .loop_entry is set for states that reached an equivalent state. This means that env->cur_state->loop_entry should always be NULL after pop_stack(). See the selftest in the next commit for an example of the program that is not safe yet is accepted by verifier w/o this fix. This change has some verification performance impact for selftests: File Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF) ---------------------------------- ---------------------------- --------- --------- -------------- ---------- ---------- ------------- arena_htab.bpf.o arena_htab_llvm 717 426 -291 (-40.59%) 57 37 -20 (-35.09%) arena_htab_asm.bpf.o arena_htab_asm 597 445 -152 (-25.46%) 47 37 -10 (-21.28%) arena_list.bpf.o arena_list_del 309 279 -30 (-9.71%) 23 14 -9 (-39.13%) iters.bpf.o iter_subprog_check_stacksafe 155 141 -14 (-9.03%) 15 14 -1 (-6.67%) iters.bpf.o iter_subprog_iters 1094 1003 -91 (-8.32%) 88 83 -5 (-5.68%) iters.bpf.o loop_state_deps2 479 725 +246 (+51.36%) 46 63 +17 (+36.96%) kmem_cache_iter.bpf.o open_coded_iter 63 59 -4 (-6.35%) 7 6 -1 (-14.29%) verifier_bits_iter.bpf.o max_words 92 84 -8 (-8.70%) 8 7 -1 (-12.50%) verifier_iterating_callbacks.bpf.o cond_break2 113 107 -6 (-5.31%) 12 12 +0 (+0.00%) And significant negative impact for sched_ext: File Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF) ----------------- ---------------------- --------- --------- -------------------- ---------- ---------- ------------------ bpf.bpf.o lavd_init 7039 14723 +7684 (+109.16%) 490 1139 +649 (+132.45%) bpf.bpf.o layered_dispatch 11485 10548 -937 (-8.16%) 848 762 -86 (-10.14%) bpf.bpf.o layered_dump 7422 1000001 +992579 (+13373.47%) 681 31178 +30497 (+4478.27%) bpf.bpf.o layered_enqueue 16854 71127 +54273 (+322.02%) 1611 6450 +4839 (+300.37%) bpf.bpf.o p2dq_dispatch 665 791 +126 (+18.95%) 68 78 +10 (+14.71%) bpf.bpf.o p2dq_init 2343 2980 +637 (+27.19%) 201 237 +36 (+17.91%) bpf.bpf.o refresh_layer_cpumasks 16487 674760 +658273 (+3992.68%) 1770 65370 +63600 (+3593.22%) bpf.bpf.o rusty_select_cpu 1937 40872 +38935 (+2010.07%) 177 3210 +3033 (+1713.56%) scx_central.bpf.o central_dispatch 636 2687 +2051 (+322.48%) 63 227 +164 (+260.32%) scx_nest.bpf.o nest_init 636 815 +179 (+28.14%) 60 73 +13 (+21.67%) scx_qmap.bpf.o qmap_dispatch ---truncated---', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: copy_verifier_state() should copy 'loop_entry' field\n\nThe bpf_verifier_state.loop_entry state should be copied by\ncopy_verifier_state(). Otherwise, .loop_entry values from unrelated\nstates would poison env->cur_state.\n\nAdditionally, env->stack should not contain any states with\n.loop_entry != NULL. The states in env->stack are yet to be verified,\nwhile .loop_entry is set for states that reached an equivalent state.\nThis means that env->cur_state->loop_entry should always be NULL after\npop_stack().\n\nSee the selftest in the next commit for an example of the program that\nis not safe yet is accepted by verifier w/o this fix.\n\nThis change has some verification performance impact for selftests:\n\nFile Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)\n---------------------------------- ---------------------------- --------- --------- -------------- ---------- ---------- -------------\narena_htab.bpf.o arena_htab_llvm 717 426 -291 (-40.59%) 57 37 -20 (-35.09%)\narena_htab_asm.bpf.o arena_htab_asm 597 445 -152 (-25.46%) 47 37 -10 (-21.28%)\narena_list.bpf.o arena_list_del 309 279 -30 (-9.71%) 23 14 -9 (-39.13%)\niters.bpf.o iter_subprog_check_stacksafe 155 141 -14 (-9.03%) 15 14 -1 (-6.67%)\niters.bpf.o iter_subprog_iters 1094 1003 -91 (-8.32%) 88 83 -5 (-5.68%)\niters.bpf.o loop_state_deps2 479 725 +246 (+51.36%) 46 63 +17 (+36.96%)\nkmem_cache_iter.bpf.o open_coded_iter 63 59 -4 (-6.35%) 7 6 -1 (-14.29%)\nverifier_bits_iter.bpf.o max_words 92 84 -8 (-8.70%) 8 7 -1 (-12.50%)\nverifier_iterating_callbacks.bpf.o cond_break2 113 107 -6 (-5.31%) 12 12 +0 (+0.00%)\n\nAnd significant negative impact for sched_ext:\n\nFile Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF)\n----------------- ---------------------- --------- --------- -------------------- ---------- ---------- ------------------\nbpf.bpf.o lavd_init 7039 14723 +7684 (+109.16%) 490 1139 +649 (+132.45%)\nbpf.bpf.o layered_dispatch 11485 10548 -937 (-8.16%) 848 762 -86 (-10.14%)\nbpf.bpf.o layered_dump 7422 1000001 +992579 (+13373.47%) 681 31178 +30497 (+4478.27%)\nbpf.bpf.o layered_enqueue 16854 71127 +54273 (+322.02%) 1611 6450 +4839 (+300.37%)\nbpf.bpf.o p2dq_dispatch 665 791 +126 (+18.95%) 68 78 +10 (+14.71%)\nbpf.bpf.o p2dq_init 2343 2980 +637 (+27.19%) 201 237 +36 (+17.91%)\nbpf.bpf.o refresh_layer_cpumasks 16487 674760 +658273 (+3992.68%) 1770 65370 +63600 (+3593.22%)\nbpf.bpf.o rusty_select_cpu 1937 40872 +38935 (+2010.07%) 177 3210 +3033 (+1713.56%)\nscx_central.bpf.o central_dispatch 636 2687 +2051 (+322.48%) 63 227 +164 (+260.32%)\nscx_nest.bpf.o nest_init 636 815 +179 (+28.14%) 60 73 +13 (+21.67%)\nscx_qmap.bpf.o qmap_dispatch \n---truncated---', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2025-38060 was patched at 2025-06-17

549. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38062) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie The IOMMU translation for MSI message addresses has been a 2-step process, separated in time: 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address is stored in the MSI descriptor when an MSI interrupt is allocated. 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a translated message address. This has an inherent lifetime problem for the pointer stored in the cookie that must remain valid between the two steps. However, there is no locking at the irq layer that helps protect the lifetime. Today, this works under the assumption that the iommu domain is not changed while MSI interrupts being programmed. This is true for normal DMA API users within the kernel, as the iommu domain is attached before the driver is probed and cannot be changed while a driver is attached. Classic VFIO type1 also prevented changing the iommu domain while VFIO was running as it does not support changing the "container" after starting up. However, iommufd has improved this so that the iommu domain can be changed during VFIO operation. This potentially allows userspace to directly race VFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and VFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()). This potentially causes both the cookie pointer and the unlocked call to iommu_get_domain_for_dev() on the MSI translation path to become UAFs. Fix the MSI cookie UAF by removing the cookie pointer. The translated IOVA address is already known during iommu_dma_prepare_msi() and cannot change. Thus, it can simply be stored as an integer in the MSI descriptor. The other UAF related to iommu_get_domain_for_dev() will be addressed in patch "iommu: Make iommu_dma_prepare_msi() into a generic operation" by using the IOMMU group mutex.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie\n\nThe IOMMU translation for MSI message addresses has been a 2-step process,\nseparated in time:\n\n 1) iommu_dma_prepare_msi(): A cookie pointer containing the IOVA address\n is stored in the MSI descriptor when an MSI interrupt is allocated.\n\n 2) iommu_dma_compose_msi_msg(): this cookie pointer is used to compute a\n translated message address.\n\nThis has an inherent lifetime problem for the pointer stored in the cookie\nthat must remain valid between the two steps. However, there is no locking\nat the irq layer that helps protect the lifetime. Today, this works under\nthe assumption that the iommu domain is not changed while MSI interrupts\nbeing programmed. This is true for normal DMA API users within the kernel,\nas the iommu domain is attached before the driver is probed and cannot be\nchanged while a driver is attached.\n\nClassic VFIO type1 also prevented changing the iommu domain while VFIO was\nrunning as it does not support changing the "container" after starting up.\n\nHowever, iommufd has improved this so that the iommu domain can be changed\nduring VFIO operation. This potentially allows userspace to directly race\nVFIO_DEVICE_ATTACH_IOMMUFD_PT (which calls iommu_attach_group()) and\nVFIO_DEVICE_SET_IRQS (which calls into iommu_dma_compose_msi_msg()).\n\nThis potentially causes both the cookie pointer and the unlocked call to\niommu_get_domain_for_dev() on the MSI translation path to become UAFs.\n\nFix the MSI cookie UAF by removing the cookie pointer. The translated IOVA\naddress is already known during iommu_dma_prepare_msi() and cannot change.\nThus, it can simply be stored as an integer in the MSI descriptor.\n\nThe other UAF related to iommu_get_domain_for_dev() will be addressed in\npatch "iommu: Make iommu_dma_prepare_msi() into a generic operation" by\nusing the IOMMU group mutex.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2025-38062 was patched at 2025-06-17

550. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38063) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: dm: fix unconditional IO throttle caused by REQ_PREFLUSH When a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush() generates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC, which causes the flush_bio to be throttled by wbt_wait(). An example from v5.4, similar problem also exists in upstream: crash> bt 2091206 PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: "kworker/u260:0" #0 [ffff800084a2f7f0] __switch_to at ffff80004008aeb8 #1 [ffff800084a2f820] __schedule at ffff800040bfa0c4 #2 [ffff800084a2f880] schedule at ffff800040bfa4b4 #3 [ffff800084a2f8a0] io_schedule at ffff800040bfa9c4 #4 [ffff800084a2f8c0] rq_qos_wait at ffff8000405925bc #5 [ffff800084a2f940] wbt_wait at ffff8000405bb3a0 #6 [ffff800084a2f9a0] __rq_qos_throttle at ffff800040592254 #7 [ffff800084a2f9c0] blk_mq_make_request at ffff80004057cf38 #8 [ffff800084a2fa60] generic_make_request at ffff800040570138 #9 [ffff800084a2fae0] submit_bio at ffff8000405703b4 #10 [ffff800084a2fb50] xlog_write_iclog at ffff800001280834 [xfs] #11 [ffff800084a2fbb0] xlog_sync at ffff800001280c3c [xfs] #12 [ffff800084a2fbf0] xlog_state_release_iclog at ffff800001280df4 [xfs] #13 [ffff800084a2fc10] xlog_write at ffff80000128203c [xfs] #14 [ffff800084a2fcd0] xlog_cil_push at ffff8000012846dc [xfs] #15 [ffff800084a2fda0] xlog_cil_push_work at ffff800001284a2c [xfs] #16 [ffff800084a2fdb0] process_one_work at ffff800040111d08 #17 [ffff800084a2fe00] worker_thread at ffff8000401121cc #18 [ffff800084a2fe70] kthread at ffff800040118de4 After commit 2def2845cc33 ("xfs: don't allow log IO to be throttled"), the metadata submitted by xlog_write_iclog() should not be throttled. But due to the existence of the dm layer, throttling flush_bio indirectly causes the metadata bio to be throttled. Fix this by conditionally adding REQ_IDLE to flush_bio.bi_opf, which makes wbt_should_throttle() return false to avoid wbt_wait().', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix unconditional IO throttle caused by REQ_PREFLUSH\n\nWhen a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush()\ngenerates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC,\nwhich causes the flush_bio to be throttled by wbt_wait().\n\nAn example from v5.4, similar problem also exists in upstream:\n\n crash> bt 2091206\n PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: "kworker/u260:0"\n #0 [ffff800084a2f7f0] __switch_to at ffff80004008aeb8\n #1 [ffff800084a2f820] __schedule at ffff800040bfa0c4\n #2 [ffff800084a2f880] schedule at ffff800040bfa4b4\n #3 [ffff800084a2f8a0] io_schedule at ffff800040bfa9c4\n #4 [ffff800084a2f8c0] rq_qos_wait at ffff8000405925bc\n #5 [ffff800084a2f940] wbt_wait at ffff8000405bb3a0\n #6 [ffff800084a2f9a0] __rq_qos_throttle at ffff800040592254\n #7 [ffff800084a2f9c0] blk_mq_make_request at ffff80004057cf38\n #8 [ffff800084a2fa60] generic_make_request at ffff800040570138\n #9 [ffff800084a2fae0] submit_bio at ffff8000405703b4\n #10 [ffff800084a2fb50] xlog_write_iclog at ffff800001280834 [xfs]\n #11 [ffff800084a2fbb0] xlog_sync at ffff800001280c3c [xfs]\n #12 [ffff800084a2fbf0] xlog_state_release_iclog at ffff800001280df4 [xfs]\n #13 [ffff800084a2fc10] xlog_write at ffff80000128203c [xfs]\n #14 [ffff800084a2fcd0] xlog_cil_push at ffff8000012846dc [xfs]\n #15 [ffff800084a2fda0] xlog_cil_push_work at ffff800001284a2c [xfs]\n #16 [ffff800084a2fdb0] process_one_work at ffff800040111d08\n #17 [ffff800084a2fe00] worker_thread at ffff8000401121cc\n #18 [ffff800084a2fe70] kthread at ffff800040118de4\n\nAfter commit 2def2845cc33 ("xfs: don't allow log IO to be throttled"),\nthe metadata submitted by xlog_write_iclog() should not be throttled.\nBut due to the existence of the dm layer, throttling flush_bio indirectly\ncauses the metadata bio to be throttled.\n\nFix this by conditionally adding REQ_IDLE to flush_bio.bi_opf, which makes\nwbt_should_throttle() return false to avoid wbt_wait().', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2025-38063 was patched at 2025-06-17

551. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38064) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: virtio: break and reset virtio devices on device_shutdown() Hongyu reported a hang on kexec in a VM. QEMU reported invalid memory accesses during the hang. \tInvalid read at addr 0x102877002, size 2, region '(null)', reason: rejected \tInvalid write at addr 0x102877A44, size 2, region '(null)', reason: rejected \t... It was traced down to virtio-console. Kexec works fine if virtio-console is not in use. The issue is that virtio-console continues to write to the MMIO even after underlying virtio-pci device is reset. Additionally, Eric noticed that IOMMUs are reset before devices, if devices are not reset on shutdown they continue to poke at guest memory and get errors from the IOMMU. Some devices get wedged then. The problem can be solved by breaking all virtio devices on virtio bus shutdown, then resetting them.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: break and reset virtio devices on device_shutdown()\n\nHongyu reported a hang on kexec in a VM. QEMU reported invalid memory\naccesses during the hang.\n\n\tInvalid read at addr 0x102877002, size 2, region '(null)', reason: rejected\n\tInvalid write at addr 0x102877A44, size 2, region '(null)', reason: rejected\n\t...\n\nIt was traced down to virtio-console. Kexec works fine if virtio-console\nis not in use.\n\nThe issue is that virtio-console continues to write to the MMIO even after\nunderlying virtio-pci device is reset.\n\nAdditionally, Eric noticed that IOMMUs are reset before devices, if\ndevices are not reset on shutdown they continue to poke at guest memory\nand get errors from the IOMMU. Some devices get wedged then.\n\nThe problem can be solved by breaking all virtio devices on virtio\nbus shutdown, then resetting them.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2025-38064 was patched at 2025-06-17

552. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38067) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: rseq: Fix segfault on registration when rseq_cs is non-zero The rseq_cs field is documented as being set to 0 by user-space prior to registration, however this is not currently enforced by the kernel. This can result in a segfault on return to user-space if the value stored in the rseq_cs field doesn't point to a valid struct rseq_cs. The correct solution to this would be to fail the rseq registration when the rseq_cs field is non-zero. However, some older versions of glibc will reuse the rseq area of previous threads without clearing the rseq_cs field and will also terminate the process if the rseq registration fails in a secondary thread. This wasn't caught in testing because in this case the leftover rseq_cs does point to a valid struct rseq_cs. What we can do is clear the rseq_cs field on registration when it's non-zero which will prevent segfaults on registration and won't break the glibc versions that reuse rseq areas on thread creation.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrseq: Fix segfault on registration when rseq_cs is non-zero\n\nThe rseq_cs field is documented as being set to 0 by user-space prior to\nregistration, however this is not currently enforced by the kernel. This\ncan result in a segfault on return to user-space if the value stored in\nthe rseq_cs field doesn't point to a valid struct rseq_cs.\n\nThe correct solution to this would be to fail the rseq registration when\nthe rseq_cs field is non-zero. However, some older versions of glibc\nwill reuse the rseq area of previous threads without clearing the\nrseq_cs field and will also terminate the process if the rseq\nregistration fails in a secondary thread. This wasn't caught in testing\nbecause in this case the leftover rseq_cs does point to a valid struct\nrseq_cs.\n\nWhat we can do is clear the rseq_cs field on registration when it's\nnon-zero which will prevent segfaults on registration and won't break\nthe glibc versions that reuse rseq areas on thread creation.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04845

debian: CVE-2025-38067 was patched at 2025-06-17

553. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38069) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops Fix a kernel oops found while testing the stm32_pcie Endpoint driver with handling of PERST# deassertion: During EP initialization, pci_epf_test_alloc_space() allocates all BARs, which are further freed if epc_set_bar() fails (for instance, due to no free inbound window). However, when pci_epc_set_bar() fails, the error path: pci_epc_set_bar() -> pci_epf_free_space() does not clear the previous assignment to epf_test->reg[bar]. Then, if the host reboots, the PERST# deassertion restarts the BAR allocation sequence with the same allocation failure (no free inbound window), creating a double free situation since epf_test->reg[bar] was deallocated and is still non-NULL. Thus, make sure that pci_epf_alloc_space() and pci_epf_free_space() invocations are symmetric, and as such, set epf_test->reg[bar] to NULL when memory is freed. [kwilczynski: commit log]', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops\n\nFix a kernel oops found while testing the stm32_pcie Endpoint driver\nwith handling of PERST# deassertion:\n\nDuring EP initialization, pci_epf_test_alloc_space() allocates all BARs,\nwhich are further freed if epc_set_bar() fails (for instance, due to no\nfree inbound window).\n\nHowever, when pci_epc_set_bar() fails, the error path:\n\n pci_epc_set_bar() ->\n pci_epf_free_space()\n\ndoes not clear the previous assignment to epf_test->reg[bar].\n\nThen, if the host reboots, the PERST# deassertion restarts the BAR\nallocation sequence with the same allocation failure (no free inbound\nwindow), creating a double free situation since epf_test->reg[bar] was\ndeallocated and is still non-NULL.\n\nThus, make sure that pci_epf_alloc_space() and pci_epf_free_space()\ninvocations are symmetric, and as such, set epf_test->reg[bar] to NULL\nwhen memory is freed.\n\n[kwilczynski: commit log]', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2025-38069 was patched at 2025-06-17

554. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38071) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: x86/mm: Check return value from memblock_phys_alloc_range() At least with CONFIG_PHYSICAL_START=0x100000, if there is < 4 MiB of contiguous free memory available at this point, the kernel will crash and burn because memblock_phys_alloc_range() returns 0 on failure, which leads memblock_phys_free() to throw the first 4 MiB of physical memory to the wolves. At a minimum it should fail gracefully with a meaningful diagnostic, but in fact everything seems to work fine without the weird reserve allocation.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Check return value from memblock_phys_alloc_range()\n\nAt least with CONFIG_PHYSICAL_START=0x100000, if there is < 4 MiB of\ncontiguous free memory available at this point, the kernel will crash\nand burn because memblock_phys_alloc_range() returns 0 on failure,\nwhich leads memblock_phys_free() to throw the first 4 MiB of physical\nmemory to the wolves.\n\nAt a minimum it should fail gracefully with a meaningful diagnostic,\nbut in fact everything seems to work fine without the weird reserve\nallocation.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00024, EPSS Percentile is 0.04637

debian: CVE-2025-38071 was patched at 2025-06-17

555. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38073) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: block: fix race between set_blocksize and read paths With the new large sector size support, it's now the case that set_blocksize can change i_blksize and the folio order in a manner that conflicts with a concurrent reader and causes a kernel crash. Specifically, let's say that udev-worker calls libblkid to detect the labels on a block device. The read call can create an order-0 folio to read the first 4096 bytes from the disk. But then udev is preempted. Next, someone tries to mount an 8k-sectorsize filesystem from the same block device. The filesystem calls set_blksize, which sets i_blksize to 8192 and the minimum folio order to 1. Now udev resumes, still holding the order-0 folio it allocated. It then tries to schedule a read bio and do_mpage_readahead tries to create bufferheads for the folio. Unfortunately, blocks_per_folio == 0 because the page size is 4096 but the blocksize is 8192 so no bufferheads are attached and the bh walk never sets bdev. We then submit the bio with a NULL block device and crash. Therefore, truncate the page cache after flushing but before updating i_blksize. However, that's not enough -- we also need to lock out file IO and page faults during the update. Take both the i_rwsem and the invalidate_lock in exclusive mode for invalidations, and in shared mode for read/write operations. I don't know if this is the correct fix, but xfs/259 found it.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix race between set_blocksize and read paths\n\nWith the new large sector size support, it's now the case that\nset_blocksize can change i_blksize and the folio order in a manner that\nconflicts with a concurrent reader and causes a kernel crash.\n\nSpecifically, let's say that udev-worker calls libblkid to detect the\nlabels on a block device. The read call can create an order-0 folio to\nread the first 4096 bytes from the disk. But then udev is preempted.\n\nNext, someone tries to mount an 8k-sectorsize filesystem from the same\nblock device. The filesystem calls set_blksize, which sets i_blksize to\n8192 and the minimum folio order to 1.\n\nNow udev resumes, still holding the order-0 folio it allocated. It then\ntries to schedule a read bio and do_mpage_readahead tries to create\nbufferheads for the folio. Unfortunately, blocks_per_folio == 0 because\nthe page size is 4096 but the blocksize is 8192 so no bufferheads are\nattached and the bh walk never sets bdev. We then submit the bio with a\nNULL block device and crash.\n\nTherefore, truncate the page cache after flushing but before updating\ni_blksize. However, that's not enough -- we also need to lock out file\nIO and page faults during the update. Take both the i_rwsem and the\ninvalidate_lock in exclusive mode for invalidations, and in shared mode\nfor read/write operations.\n\nI don't know if this is the correct fix, but xfs/259 found it.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04119

debian: CVE-2025-38073 was patched at 2025-06-17

556. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38074) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq->log_used with vq->mutex The vhost-scsi completion path may access vq->log_base when vq->log_used is already set to false. vhost-thread QEMU-thread vhost_scsi_complete_cmd_work() -> vhost_add_used() -> vhost_add_used_n() if (unlikely(vq->log_used)) QEMU disables vq->log_used via VHOST_SET_VRING_ADDR. mutex_lock(&vq->mutex); vq->log_used = false now! mutex_unlock(&vq->mutex); \t\t\t\t QEMU gfree(vq->log_base) log_used() -> log_write(vq->log_base) Assuming the VMM is QEMU. The vq->log_base is from QEMU userpace and can be reclaimed via gfree(). As a result, this causes invalid memory writes to QEMU userspace. The control queue path has the same issue.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-scsi: protect vq->log_used with vq->mutex\n\nThe vhost-scsi completion path may access vq->log_base when vq->log_used is\nalready set to false.\n\n vhost-thread QEMU-thread\n\nvhost_scsi_complete_cmd_work()\n-> vhost_add_used()\n -> vhost_add_used_n()\n if (unlikely(vq->log_used))\n QEMU disables vq->log_used\n via VHOST_SET_VRING_ADDR.\n mutex_lock(&vq->mutex);\n vq->log_used = false now!\n mutex_unlock(&vq->mutex);\n\n\t\t\t\t QEMU gfree(vq->log_base)\n log_used()\n -> log_write(vq->log_base)\n\nAssuming the VMM is QEMU. The vq->log_base is from QEMU userpace and can be\nreclaimed via gfree(). As a result, this causes invalid memory writes to\nQEMU userspace.\n\nThe control queue path has the same issue.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2025-38074 was patched at 2025-06-17

557. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38080) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase block_sequence array size [Why] It's possible to generate more than 50 steps in hwss_build_fast_sequence, for example with a 6-pipe asic where all pipes are in one MPC chain. This overflows the block_sequence buffer and corrupts block_sequence_steps, causing a crash. [How] Expand block_sequence to 100 items. A naive upper bound on the possible number of steps for a 6-pipe asic, ignoring the potential for steps to be mutually exclusive, is 91 with current code, therefore 100 is sufficient.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Increase block_sequence array size\n\n[Why]\nIt's possible to generate more than 50 steps in hwss_build_fast_sequence,\nfor example with a 6-pipe asic where all pipes are in one MPC chain. This\noverflows the block_sequence buffer and corrupts block_sequence_steps,\ncausing a crash.\n\n[How]\nExpand block_sequence to 100 items. A naive upper bound on the possible\nnumber of steps for a 6-pipe asic, ignoring the potential for steps to be\nmutually exclusive, is 91 with current code, therefore 100 is sufficient.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2025-38080 was patched at 2025-06-17

558. Unknown Vulnerability Type - Linux Kernel (CVE-2025-38081) - Low [150]

Description: {'nvd_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi-rockchip: Fix register out of bounds access\n\nDo not write native chip select stuff for GPIO chip selects.\nGPIOs can be numbered much higher than native CS.\nAlso, it makes no sense.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile0.010EPSS Probability is 0.00023, EPSS Percentile is 0.04474

debian: CVE-2025-38081 was patched at 2025-06-17

559. Denial of Service - Unknown Product (CVE-2025-6170) - Low [148]

Description: {'nvd_cve_data_all': 'A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.5. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01709

debian: CVE-2025-6170 was patched at 2025-06-17

560. Memory Corruption - Unknown Product (CVE-2025-5898) - Low [148]

Description: {'nvd_cve_data_all': 'A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01728

debian: CVE-2025-5898 was patched at 2025-06-17

561. Memory Corruption - Unknown Product (CVE-2025-6269) - Low [148]

Description: {'nvd_cve_data_all': 'A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01715

debian: CVE-2025-6269 was patched at 2025-06-17

562. Memory Corruption - Unknown Product (CVE-2025-6270) - Low [148]

Description: {'nvd_cve_data_all': 'A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01715

debian: CVE-2025-6270 was patched at 2025-06-17

563. Spoofing - Unknown Product (CVE-2025-2336) - Low [142]

Description: {'nvd_cve_data_all': 'Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing and also negatively affect the application's performance and behavior by using too large or slow-to-load images. This issue affects AngularJS versions greater than or equal to 1.3.1. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's\xa0'ngSanitize'\xa0module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing \xa0and also negatively affect the application's performance and behavior by using too large or slow-to-load images.\n\nThis issue affects AngularJS versions greater than or equal to 1.3.1.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00032, EPSS Percentile is 0.07602

debian: CVE-2025-2336 was patched at 2025-06-17

564. Unknown Vulnerability Type - Nomad (CVE-2023-3072) - Low [142]

Description: {'nvd_cve_data_all': 'HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Product detected by a:hashicorp:nomad (exists in CPE dict)
CVSS Base Score0.410CVSS Base Score is 3.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00031, EPSS Percentile is 0.07121

redos: CVE-2023-3072 was patched at 2025-05-26

565. Memory Corruption - Unknown Product (CVE-2025-5278) - Low [136]

Description: {'nvd_cve_data_all': 'A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00015, EPSS Percentile is 0.02006

debian: CVE-2025-5278 was patched at 2025-06-17

566. Unknown Vulnerability Type - Unknown Product (CVE-2024-6717) - Low [130]

Description: {'nvd_cve_data_all': 'HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.7. According to NVD data source
EPSS Percentile0.310EPSS Probability is 0.00137, EPSS Percentile is 0.34512

redos: CVE-2024-6717 was patched at 2025-05-26

567. Unknown Vulnerability Type - GitHub (CVE-2025-48938) - Low [128]

Description: {'nvd_cve_data_all': 'go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. In `2.12.1`, `Browser.Browse()` has been enhanced to allow and disallow a variety of scenarios to avoid opening or executing files on the filesystem without unduly impacting HTTP URLs. No known workarounds are available other than upgrading.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. In `2.12.1`, `Browser.Browse()` has been enhanced to allow and disallow a variety of scenarios to avoid opening or executing files on the filesystem without unduly impacting HTTP URLs. No known workarounds are available other than upgrading.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.214GitHub, Inc. is an Internet hosting service for software development and version control using Git
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile0.110EPSS Probability is 0.00044, EPSS Percentile is 0.13114

debian: CVE-2025-48938 was patched at 2025-06-17

568. Incorrect Calculation - Unknown Product (CVE-2025-49112) - Low [125]

Description: {'nvd_cve_data_all': 'setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.1. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.0002, EPSS Percentile is 0.03612

debian: CVE-2025-49112 was patched at 2025-06-17

569. Memory Corruption - Unknown Product (CVE-2025-46415) - Low [125]

Description: {'nvd_cve_data_all': 'A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.2. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00012, EPSS Percentile is 0.01139

debian: CVE-2025-46415 was patched at 2025-06-17

570. Memory Corruption - Unknown Product (CVE-2025-6141) - Low [125]

Description: {'nvd_cve_data_all': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.0174

debian: CVE-2025-6141 was patched at 2025-06-17

571. Memory Corruption - Unknown Product (CVE-2025-6275) - Low [125]

Description: {'nvd_cve_data_all': 'A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01724

debian: CVE-2025-6275 was patched at 2025-06-17

572. Memory Corruption - Unknown Product (CVE-2025-6375) - Low [125]

Description: {'nvd_cve_data_all': 'A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.0174

debian: CVE-2025-6375 was patched at 2025-06-17

573. Memory Corruption - Unknown Product (CVE-2025-6496) - Low [125]

Description: {'nvd_cve_data_all': 'A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01724

debian: CVE-2025-6496 was patched at 2025-06-17

574. Memory Corruption - Unknown Product (CVE-2025-6498) - Low [125]

Description: {'nvd_cve_data_all': 'A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01724

debian: CVE-2025-6498 was patched at 2025-06-17

575. Unknown Vulnerability Type - Unknown Product (CVE-2025-29785) - Low [119]

Description: {'nvd_cve_data_all': 'quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses (thereby triggering the newly added path validation logic: the server sends path probe packets), and then sending ACKs for packets received from the server specifically crafted to trigger the nil-pointer dereference. v0.50.1 contains a patch that fixes the vulnerability. This release contains a test that generates random sequences of sent packets (both regular and path probe packets), that was used to verify that the patch actually covers all corner cases. No known workarounds are available.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses (thereby triggering the newly added path validation logic: the server sends path probe packets), and then sending ACKs for packets received from the server specifically crafted to trigger the nil-pointer dereference. v0.50.1 contains a patch that fixes the vulnerability. This release contains a test that generates random sequences of sent packets (both regular and path probe packets), that was used to verify that the patch actually covers all corner cases. No known workarounds are available.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.0005, EPSS Percentile is 0.15323

debian: CVE-2025-29785 was patched at 2025-06-17

576. Unknown Vulnerability Type - Unknown Product (CVE-2025-48948) - Low [119]

Description: {'nvd_cve_data_all': 'Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. In the threat model where administrators are trusted but regular users are not, this vulnerability represents a significant security risk when transcoding is enabled. Version 0.56.0 patches the issue.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. In the threat model where administrators are trusted but regular users are not, this vulnerability represents a significant security risk when transcoding is enabled. Version 0.56.0 patches the issue.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.7. According to Vulners data source
EPSS Percentile0.110EPSS Probability is 0.00041, EPSS Percentile is 0.11647

altlinux: CVE-2025-48948 was patched at 2025-06-10

577. Unknown Vulnerability Type - Flask (CVE-2025-47278) - Low [107]

Description: {'nvd_cve_data_all': 'Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangerous` library. A list of keys can be passed, and it expects the last (top) key in the list to be the most recent key, and uses that for signing. Flask was incorrectly constructing that list in reverse, passing the signing key first. Sites that have opted-in to use key rotation by setting `SECRET_KEY_FALLBACKS` care likely to unexpectedly be signing their sessions with stale keys, and their transition to fresher keys will be impeded. Sessions are still signed, so this would not cause any sort of data integrity loss. Version 3.1.1 contains a patch for the issue.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangerous` library. A list of keys can be passed, and it expects the last (top) key in the list to be the most recent key, and uses that for signing. Flask was incorrectly constructing that list in reverse, passing the signing key first. Sites that have opted-in to use key rotation by setting `SECRET_KEY_FALLBACKS` care likely to unexpectedly be signing their sessions with stale keys, and their transition to fresher keys will be impeded. Sessions are still signed, so this would not cause any sort of data integrity loss. Version 3.1.1 contains a patch for the issue.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Flask is a lightweight WSGI web application framework
CVSS Base Score0.210CVSS Base Score is 1.8. According to Vulners data source
EPSS Percentile0.010EPSS Probability is 0.00017, EPSS Percentile is 0.02547

ubuntu: CVE-2025-47278 was patched at 2025-05-26

578. Unknown Vulnerability Type - Unknown Product (CVE-2025-52936) - Low [107]

Description: {'nvd_cve_data_all': 'Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile0.010EPSS Probability is 0.00016, EPSS Percentile is 0.0224

debian: CVE-2025-52936 was patched at 2025-06-17

579. Unknown Vulnerability Type - Unknown Product (CVE-2025-22239) - Low [95]

Description: {'nvd_cve_data_all': 'Arbitrary event injection on Salt Master. The master's "_minion_event" method can be used by and authorized minion to send arbitrary events onto the master's event bus.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Arbitrary event injection on Salt Master. The master's "_minion_event" method can be used by and authorized minion to send arbitrary events onto the master's event bus.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.0002, EPSS Percentile is 0.03643

altlinux: CVE-2025-22239 was patched at 2025-06-18, 2025-06-19

580. Unknown Vulnerability Type - Unknown Product (CVE-2025-22874) - Low [95]

Description: {'nvd_cve_data_all': 'Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00022, EPSS Percentile is 0.04065

altlinux: CVE-2025-22874 was patched at 2025-06-16

581. Unknown Vulnerability Type - Unknown Product (CVE-2025-4673) - Low [95]

Description: {'nvd_cve_data_all': 'Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.0004, EPSS Percentile is 0.11383

altlinux: CVE-2025-4673 was patched at 2025-06-16

debian: CVE-2025-4673 was patched at 2025-06-17

ubuntu: CVE-2025-4673 was patched at 2025-06-18

582. Unknown Vulnerability Type - Artifex Ghostscript (CVE-2025-48708) - Low [85]

Description: {'nvd_cve_data_all': 'gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.314Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
CVSS Base Score0.310CVSS Base Score is 3.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 5e-05, EPSS Percentile is 0.0019

debian: CVE-2025-48708 was patched at 2025-06-17

583. Unknown Vulnerability Type - Unknown Product (CVE-2024-38866) - Low [83]

Description: {'nvd_cve_data_all': 'Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile0.210EPSS Probability is 0.00081, EPSS Percentile is 0.24634

debian: CVE-2024-38866 was patched at 2025-06-17

584. Unknown Vulnerability Type - Unknown Product (CVE-2025-50200) - Low [83]

Description: {'nvd_cve_data_all': 'RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile0.010EPSS Probability is 0.00019, EPSS Percentile is 0.03188

debian: CVE-2025-50200 was patched at 2025-06-17

585. Unknown Vulnerability Type - Unknown Product (CVE-2025-26531) - Low [59]

Description: {'nvd_cve_data_all': 'Insufficient capability checks made it possible to disable badges a user does not have permission to access.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Insufficient capability checks made it possible to disable badges a user does not have permission to access.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.1. According to NVD data source
EPSS Percentile0.210EPSS Probability is 0.00057, EPSS Percentile is 0.17799

altlinux: CVE-2025-26531 was patched at 2025-05-26

586. Unknown Vulnerability Type - Unknown Product (CVE-2025-48432) - Low [59]

Description: {'nvd_cve_data_all': 'An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00036, EPSS Percentile is 0.08992

debian: CVE-2025-48432 was patched at 2025-06-17

ubuntu: CVE-2025-48432 was patched at 2025-06-04

587. Unknown Vulnerability Type - Unknown Product (CVE-2025-4877) - Low [59]

Description: {'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.5. According to BDU data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

debian: CVE-2025-4877 was patched at 2025-06-17

588. Unknown Vulnerability Type - Unknown Product (CVE-2025-5372) - Low [59]

Description: {'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to BDU data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

debian: CVE-2025-5372 was patched at 2025-06-17

589. Unknown Vulnerability Type - Unknown Product (CVE-2025-5899) - Low [59]

Description: {'nvd_cve_data_all': 'A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00014, EPSS Percentile is 0.01728

debian: CVE-2025-5899 was patched at 2025-06-17

590. Unknown Vulnerability Type - Unknown Product (CVE-2025-5987) - Low [59]

Description: {'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to BDU data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

debian: CVE-2025-5987 was patched at 2025-06-17

591. Unknown Vulnerability Type - Unknown Product (CVE-2025-22873) - Low [47]

Description: {'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to BDU data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

altlinux: CVE-2025-22873 was patched at 2025-05-22, 2025-06-16

redos: CVE-2025-22873 was patched at 2025-06-19

592. Unknown Vulnerability Type - Unknown Product (CVE-2025-26532) - Low [47]

Description: {'nvd_cve_data_all': 'Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.1. According to NVD data source
EPSS Percentile0.110EPSS Probability is 0.00047, EPSS Percentile is 0.14268

altlinux: CVE-2025-26532 was patched at 2025-05-26

593. Unknown Vulnerability Type - Unknown Product (CVE-2025-4878) - Low [47]

Description: {'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to BDU data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

debian: CVE-2025-4878 was patched at 2025-06-17

594. Unknown Vulnerability Type - Unknown Product (CVE-2025-5351) - Low [47]

Description: {'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.2. According to BDU data source
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

debian: CVE-2025-5351 was patched at 2025-06-17

595. Unknown Vulnerability Type - Unknown Product (CVE-2025-46416) - Low [35]

Description: {'nvd_cve_data_all': 'The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.9. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00012, EPSS Percentile is 0.01156

debian: CVE-2025-46416 was patched at 2025-06-17

596. Unknown Vulnerability Type - Unknown Product (CVE-2025-52968) - Low [35]

Description: {'nvd_cve_data_all': 'xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.7. According to NVD data source
EPSS Percentile0.010EPSS Probability is 0.00013, EPSS Percentile is 0.01356

debian: CVE-2025-52968 was patched at 2025-06-17

597. Unknown Vulnerability Type - Unknown Product (CVE-2025-52992) - Low [35]

Description: {'nvd_cve_data_all': 'The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.2. According to NVD data source
EPSS Percentile0.010EPSS Probability is 9e-05, EPSS Percentile is 0.00614

debian: CVE-2025-52992 was patched at 2025-06-17

598. Unknown Vulnerability Type - Unknown Product (CVE-2025-3877) - Low [0]

Description: {'nvd_cve_data_all': 'Rejected reason: This CVE was marked as fixed, but due to other code landing - was not actually fixed. It was subsequently fixed in CVE-2025-5986.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Rejected reason: This CVE was marked as fixed, but due to other code landing - was not actually fixed. It was subsequently fixed in CVE-2025-5986.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The existence of publicly available or private exploit is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS Probability is 0, EPSS Percentile is 0

almalinux: CVE-2025-3877 was patched at 2025-06-10

oraclelinux: CVE-2025-3877 was patched at 2025-05-27, 2025-06-10

redhat: CVE-2025-3877 was patched at 2025-05-27, 2025-05-29, 2025-06-02, 2025-06-04, 2025-06-05, 2025-06-10

Exploitation in the wild detected (3)

Security Feature Bypass (1)

Memory Corruption (1)

Code Injection (1)

Public exploit exists, but exploitation in the wild is NOT detected (40)

Remote Code Execution (4)

XXE Injection (1)

Security Feature Bypass (2)

Elevation of Privilege (2)

Denial of Service (8)

Memory Corruption (22)

Spoofing (1)

Other Vulnerabilities (555)

Remote Code Execution (18)

Elevation of Privilege (2)

Code Injection (5)

Authentication Bypass (13)

Information Disclosure (11)

Denial of Service (31)

Arbitrary File Reading (2)

Security Feature Bypass (12)

Cross Site Scripting (4)

Memory Corruption (147)

Incorrect Calculation (11)

Command Injection (2)

Path Traversal (7)

Open Redirect (1)

Spoofing (3)

Unknown Vulnerability Type (285)

Arbitrary File Writing (1)