CVEs from 2022
Total
5,876
critical
critical 88
high
high 1,240
medium
medium 887
low
low 24
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.5%
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-50528 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leakage This patch fixes potential memory leakage and seg fault in _gpuvm_import_dmabuf() function | |||
| CVE-2022-50127 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxe_create_qp() In the function rxe_create_qp(), rxe_qp_from_init() is called to initialize qp, int… | |||
| CVE-2022-50201 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: selinux: fix memleak in security_read_state_kernel() In this function, it directly returns the result of __security_read_policy w… | |||
| CVE-2022-50527 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix size validation for non-exclusive domains (v4) Fix amdgpu_bo_validate_size() to check whether the TTM domain mana… | |||
| CVE-2022-50520 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() As comment of pci_get_class() says, it returns a pci_device wi… | |||
| CVE-2022-50515 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue() If construction of the array of work queues to handle hpd_rx_irq off… | |||
| CVE-2022-48950 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: perf: Fix perf_pending_task() UaF Per syzbot it is possible for perf_pending_task() to run after the event is free()'d. There are… | |||
| CVE-2022-49938 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), after the req… | |||
| CVE-2022-50269 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix memory leak in vkms_init() A memory leak was reported after the vkms module install failed. unreferenced object 0x… | |||
| CVE-2022-50628 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/gud: Fix UBSAN warning UBSAN complains about invalid value for bool: [ 101.165172] [drm] Initialized gud 1.0.0 20200422 for… | |||
| CVE-2022-50510 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init() arm_smmu_pmu_init() won't remove the callback added by cpuhp_setup_… | |||
| CVE-2022-50107 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak when using fscache If we hit the 'index == next_cached' case, we leak a refcount on the struct page. Fix t… | |||
| CVE-2022-50505 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in ppr_notifier() As comment of pci_get_domain_bus_and_slot() says, it returns a pci devi… | |||
| CVE-2022-50342 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: floppy: Fix memory leak in do_floppy_init() A memory leak was reported when floppy_alloc_disk() failed in do_floppy_init(). unre… | |||
| CVE-2022-50091 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: locking/csd_lock: Change csdlock_debug from early_param to __setup The csdlock_debug kernel-boot parameter is parsed by the early… | |||
| CVE-2022-50110 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource Unlike release_mem_region(), a call to release_resource() does not … | |||
| CVE-2022-49811 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbd_create_device() The drbd_destroy_connection() frees the "connection" so use the _safe() iterator to … | |||
| CVE-2022-50494 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash When CPU 0 is offline and intel_powerclamp … | |||
| CVE-2022-50076 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak on the deferred close xfstests on smb21 report kmemleak as below: unreferenced object 0xffff8881767d6200… | |||
| CVE-2022-50489 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/mipi-dsi: Detach devices when removing the host Whenever the MIPI-DSI host is unregistered, the code of mipi_dsi_host_unregis… | |||
| CVE-2022-50072 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to free either the open s… | |||
| CVE-2022-50482 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clean up si_domain in the init_dmars() error path A splat from kmem_cache_destroy() was seen with a kernel prior to c… | |||
| CVE-2022-50479 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd: fix potential memory leak This patch fix potential memory leak (clk_src) when function run into last return NULL. s/fre… | |||
| CVE-2022-49774 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign() Should not call eventfd_ctx_put() in case of error. [Introd… | |||
| CVE-2022-50064 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Avoid use-after-free on suspend/resume hctx->user_data is set to vq in virtblk_init_hctx(). However, vq is freed on … | |||
| CVE-2022-50477 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devm_rtc_allocate_device() devm_rtc_allocate_device() will alloc a rtc_device first, and the… | |||
| CVE-2022-50473 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobject_init_and_add() In cpufreq_policy_alloc(), it will call uninitialed completion in cpufreq_… | |||
| CVE-2022-50472 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that might sleep while in atomic context Tracepoints are not allowed to sleep, as such the followi… | |||
| CVE-2022-50470 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally deleted from the bandwidth list … | |||
| CVE-2022-49466 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: regulator: scmi: Fix refcount leak in scmi_regulator_probe of_find_node_by_name() returns a node pointer with refcount incremente… | |||
| CVE-2022-50042 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: genl: fix error path memory leak in policy dumping If construction of the array of policies fails when recording non-first p… | |||
| CVE-2022-50066 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aq_vec index out of range error The final update statement of the for loop exceeds the array range, the derefe… | |||
| CVE-2022-50117 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: vfio: Split migration ops from main device ops vfio core checks whether the driver sets some migration op (e.g. set_state/get_sta… | |||
| CVE-2022-50272 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() Wei Chen reports a kernel bug as blew: general protection fault,… | |||
| CVE-2022-32082 | high | — | 8.0 | 3y ago | Important: galera and mariadb security update | |||
| CVE-2022-32089 | high | — | 8.0 | 3y ago | Important: galera and mariadb security update | |||
| CVE-2022-32091 | high | — | 8.0 | 3y ago | Important: galera and mariadb security update | |||
| CVE-2022-32081 | high | — | 8.0 | 3y ago | Important: galera and mariadb security update | |||
| CVE-2022-38791 | high | — | 8.0 | 3y ago | Important: galera and mariadb security update | |||
| CVE-2022-32084 | high | — | 8.0 | 3y ago | Important: galera and mariadb security update | |||
| CVE-2022-47015 | high | — | 8.0 | 3y ago | Important: galera and mariadb security update | |||
| CVE-2022-25883 | high | — | 8.0 | 3y ago | Important: nodejs:18 security, bug fix, and enhancement update | |||
| CVE-2022-50661 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copy_seccomp() to no failure path. Our syzbot instance reported memory leaks in do_seccomp() [0], similar to the re… | |||
| CVE-2022-40982 | high | — | 8.0 | 3y ago | Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable in… | |||
| CVE-2022-45869 | high | — | 8.0 | 3y ago | A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisatio… | |||
| CVE-2022-32885 | high | — | 8.0 | 3y ago | Important: webkit2gtk3 security and bug fix update | |||
| CVE-2022-25265 | high | — | 8.0 | 3y ago | In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execu… | |||
| CVE-2022-41218 | high | — | 8.0 | 3y ago | In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. | |||
| CVE-2022-25147 | high | — | 8.0 | 3y ago | Important: apr-util security update | |||
| CVE-2022-50467 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID An error case exit from lpfc_cmpl_ct_cmd_gft_id() resu… | |||
| CVE-2022-50465 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix leaking uninitialized memory in fast-commit journal When space at the end of fast-commit journal blocks is unused, make… | |||
| CVE-2022-49136 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set hci_cmd_sync_queue shall return an error if HCI_UNREGISTER f… | |||
| CVE-2022-49903 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: fix WARNING in ip6_route_net_exit_late() During the initialization of ip6_route_net_init_late(), if file ipv6_route or rt6_… | |||
| CVE-2022-50459 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() Fix a NULL pointer crash that occurs when we are freeing t… | |||
| CVE-2022-49637 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_sync_mem. While reading sysctl_fib_sync_mem, it can be changed concurrently. So, we need … | |||
| CVE-2022-49723 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix error_state_read ptr + offset use Fix our pointer offset usage in error_state_read when there is no i915_gpu_… | |||
| CVE-2022-3619 | high | — | 8.0 | 3y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-49631 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: raw: Fix a data-race around sysctl_raw_l3mdev_accept. While reading sysctl_raw_l3mdev_accept, it can be changed concurrently. Thu… | |||
| CVE-2022-50396 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindex_set_parms Syzkaller reports a memory leak as follows: ====================================… | |||
| CVE-2022-49655 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: fscache: Fix invalidation/lookup race If an NFS file is opened for writing and closed, fscache_invalidate() will be asked to inva… | |||
| CVE-2022-49964 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level Though acpi_find_last_cache_level() always … | |||
| CVE-2022-50452 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: sched: cake: fix null pointer access issue when cake_init() fails When the default qdisc is cake, if the qdisc of dev_queue … | |||
| CVE-2022-3566 | high | — | 8.0 | 3y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-49116 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use memset avoid memory leaks Use memset to initialize structs to prevent memory leaks in l2cap_ecred_connect | |||
| CVE-2022-49629 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix data-races around nexthop_compat_mode. While reading nexthop_compat_mode, it can be changed concurrently. Thus, we n… | |||
| CVE-2022-3567 | high | — | 8.0 | 3y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-50439 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Enable IRQ when pdata is ready If the device does not come straight from reset, we might receive an IRQ b… | |||
| CVE-2022-49934 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix UAF in ieee80211_scan_rx() ieee80211_scan_rx() tries to access scan_req->flags after a null check, but a UAF … | |||
| CVE-2022-28388 | high | — | 8.0 | 3y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-50436 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: don't set up encryption key during jbd2 transaction Commit a80f7fcf1867 ("ext4: fixup ext4_fc_track_* functions' signature"… | |||
| CVE-2022-48934 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_… | |||
| CVE-2022-50431 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() dev_set_name() in soundbus_add_one() allocates memory for name, i… | |||
| CVE-2022-1882 | high | — | 8.0 | 3y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-49114 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix use after free in fc_exch_abts_resp() fc_exch_release(ep) will decrease the ep's reference count. When the refer… | |||
| CVE-2022-49666 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add add_pages override for PPC With commit ffa0b64e3be5 ("powerpc: Fix virt_addr_valid() for 64-bit Book3E & … | |||
| CVE-2022-49962 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference in remove if xHC has only one roothub The remove path in xhci platform driver tries to remove … | |||
| CVE-2022-49965 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics Without these, potential memory leak may be induced. | |||
| CVE-2022-1462 | high | — | 8.0 | 3y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-49604 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_fwd_use_pmtu. While reading sysctl_ip_fwd_use_pmtu, it can be changed concurrently. Thus, we … | |||
| CVE-2022-49612 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: power: supply: core: Fix boundary conditions in interpolation The functions power_supply_temp2resist_simple and power_supply_ocv2… | |||
| CVE-2022-20141 | high | — | 8.0 | 3y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-21505 | high | — | 8.0 | 3y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-2196 | high | — | 8.0 | 3y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-2663 | high | — | 8.0 | 3y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-50427 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() If device_register() fails in snd_ac97_dev_register(), it should … | |||
| CVE-2022-3028 | high | — | 8.0 | 3y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-49602 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_fwmark_reflect. While reading sysctl_fwmark_reflect, it can be changed concurrently. Thus, we n… | |||
| CVE-2022-3522 | high | — | 8.0 | 3y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-49097 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: NFS: Avoid writeback threads getting stuck in mempool_alloc() In a low memory situation, allow the NFS writeback code to fail wit… | |||
| CVE-2022-3524 | high | — | 8.0 | 3y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-49902 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: block: Fix possible memory leak for rq_wb on add_disk failure kmemleak reported memory leaks in device_add_disk(): kmemleak: 3 n… | |||
| CVE-2022-49638 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl. While reading icmp sysctl variables, they can be changed concurrently. So, we need to add REA… | |||
| CVE-2022-49630 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_ecn_fallback. While reading sysctl_tcp_ecn_fallback, it can be changed concurrently. Thus,… | |||
| CVE-2022-49632 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. While reading sysctl_icmp_errors_use_inbound_ifaddr, it can b… | |||
| CVE-2022-49601 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. While reading sysctl_tcp_fwmark_accept, it can be changed concurrently… | |||
| CVE-2022-49634 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data-races in proc_dou8vec_minmax(). A sysctl variable is accessed concurrently, and there is always a chance of data… | |||
| CVE-2022-49935 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later Previously when we added a fence to a dma_resv object we always assumed … | |||
| CVE-2022-3623 | high | — | 8.0 | 3y ago | Important: kernel-rt security and bug fix update | |||
| CVE-2022-49603 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_fwd_update_priority. While reading sysctl_ip_fwd_update_priority, it can be changed concurren… | |||
| CVE-2022-49600 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_ip_autobind_reuse. While reading sysctl_ip_autobind_reuse, it can be changed concurrently. Thus… |