VIR Vulnerability Intelligence Relay

CVEs from 2022

6,002 normalized CVEs published or assigned in this year.

Total
6,002
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2022-50477 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devm_rtc_allocate_device() devm_rtc_allocate_device() will alloc a rtc_device first, and the… redhatsusedebian
CVE-2022-50479 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd: fix potential memory leak This patch fix potential memory leak (clk_src) when function run into last return NULL. s/fre… redhatsusedebian
CVE-2022-50482 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clean up si_domain in the init_dmars() error path A splat from kmem_cache_destroy() was seen with a kernel prior to c… redhatsusedebian
CVE-2022-50489 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/mipi-dsi: Detach devices when removing the host Whenever the MIPI-DSI host is unregistered, the code of mipi_dsi_host_unregis… redhatsusedebian
CVE-2022-50882 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix memory leak in uvc_gpio_parse Previously the unit buffer was allocated before checking the IRQ for privacy G… redhatsusedebian
CVE-2022-50494 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash When CPU 0 is offline and intel_powerclamp … redhatsusedebian
CVE-2022-38076 high 8.0 3y ago Important: linux-firmware security, bug fix, and enhancement update redhatdebian
CVE-2022-50562 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tpm: acpi: Call acpi_put_table() to fix memory leak The start and length of the event log area are obtained from TPM2 or TCPA tab… redhatsusedebian
CVE-2022-50578 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: class: fix possible memory leak in __class_register() If class_add_groups() returns error, the 'cp->subsys' need be unregister, a… redhatsusedebian
CVE-2022-50582 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: regulator: core: Prevent integer underflow By using a ratio of delay to poll_enabled_time that is not integer time_remaining unde… redhatsusedebian
CVE-2022-50616 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: regulator: core: Use different devices for resource allocation and DT lookup Following by the below discussion, there's the poten… redhatsusedebian
CVE-2022-50667 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() If the copy of the description string from userspace fails, then the page … redhatsusedebian
CVE-2022-32933 high 8.0 3y ago An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private… redhatsusedebian
CVE-2022-50671 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix "kernel NULL pointer dereference" error When rxe_queue_init in the function rxe_qp_init_req fails, both qp->req.tas… redhatsusedebian
CVE-2022-50700 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: Delay the unmapping of the buffer On WCN3990, we are seeing a rare scenario where copy engine hardware is sending a… redhatsusedebian
CVE-2022-50677 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ipmi: fix use after free in _ipmi_destroy_user() The intf_free() function frees the "intf" pointer so we cannot dereference it ag… redhatsusedebian
CVE-2022-50701 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host SDIO may need addtional 511 bytes to align bus operation. If the … redhatsusedebian
CVE-2022-38457 high 8.0 3y ago A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. … redhatsusedebian
CVE-2022-49687 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix xdp_rxq_info bug after suspend/resume The following sequence currently causes a driver bug warning when using vir… redhatsusedebian
CVE-2022-50771 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state() Running rcutorture with non-zero fqs_duration module pa… redhatsusedebian
CVE-2022-49716 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions of_get_child_by_name() returns a node pointer with refcount inc… redhatsusedebian
CVE-2022-49731 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() In an unlikely (and probably wrong?) case that the 'ppi' param… redhatsusedebian
CVE-2022-49773 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix optc2_configure warning on dcn314 [Why] dcn314 uses optc2_configure_crc() that wraps optc1_configure_crc() +… redhatsusedebian
CVE-2022-49864 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() ./drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:985:58-62: ERROR: p i… redhatsusedebian
CVE-2022-49873 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type conversion in release_reference() Some helper functions will allocate memory. To avoid memory leaks, the … redhatsusedebian
CVE-2022-49875 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix NULL pointer dereference when pin {PROG, MAP, LINK} without FILE When using bpftool to pin {PROG, MAP, LINK} without… redhatsusedebian
CVE-2022-49878 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf, verifier: Fix memory leak in array reallocation for stack state If an error (NULL) is returned by krealloc(), callers of rea… redhatsusedebian
CVE-2022-49938 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), after the req… redhatsusedebian
CVE-2022-32081 high 8.0 3y ago Important: galera and mariadb security update redhatrockylinuxsusedebian
CVE-2022-38791 high 8.0 3y ago Important: galera and mariadb security update rockylinuxredhatalmalinuxsuse+1
CVE-2022-32091 high 8.0 3y ago Important: galera and mariadb security update rockylinuxredhatalmalinuxsuse+1
CVE-2022-32084 high 8.0 3y ago Important: galera and mariadb security update rockylinuxredhatalmalinuxsuse+1
CVE-2022-47015 high 8.0 3y ago Important: galera and mariadb security update rockylinuxredhatalmalinuxsuse+1
CVE-2022-32089 high 8.0 3y ago Important: galera and mariadb security update redhatalmalinuxrockylinuxsuse+1
CVE-2022-32082 high 8.0 3y ago Important: galera and mariadb security update redhatrockylinuxsusedebian
CVE-2022-25883 high 8.0 3y ago Important: nodejs:18 security, bug fix, and enhancement update rockylinuxredhatsusedebian+1
CVE-2022-50661 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copy_seccomp() to no failure path. Our syzbot instance reported memory leaks in do_seccomp() [0], similar to the re… redhatsusedebian
CVE-2022-40982 high 8.0 3y ago Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable in… redhatrockylinuxsusedebian
CVE-2022-45869 high 8.0 3y ago A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisatio… redhatsusedebianrockylinux
CVE-2022-32885 high 8.0 3y ago Important: webkit2gtk3 security and bug fix update redhatdebian
CVE-2022-25147 high 8.0 3y ago Important: apr-util security update debianredhatrockylinuxsuse
CVE-2022-41218 high 8.0 3y ago In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. archsusedebianalmalinux
CVE-2022-25265 high 8.0 3y ago In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execu… debian
CVE-2022-49081 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: highmem: fix checks in __kmap_local_sched_{in,out} When CONFIG_DEBUG_KMAP_LOCAL is enabled __kmap_local_sched_{in,out} check that… redhatsusedebian
CVE-2022-46698 high 8.0 3y ago Important: webkit2gtk3 security and bug fix update redhatsusedebian
CVE-2022-46692 high 8.0 3y ago Important: webkit2gtk3 security and bug fix update redhatsusedebian
CVE-2022-48883 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent A user is able to configure an arbitrary number of rx que… redhatsusedebian
CVE-2022-48884 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command stats access after free Command may fail while driver is reloading and can't accept FW commands till comman… redhatsusedebian
CVE-2022-48885 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ice: Fix potential memory leak in ice_gnss_tty_write() The ice_gnss_tty_write() return directly if the write_buf alloc failed, le… redhatsusedebian
CVE-2022-48934 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_… redhatsusedebian
CVE-2022-48942 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: hwmon: Handle failure to register sensor with thermal zone correctly If an attempt is made to a sensor with a thermal zone and it… redhatsusedebian
CVE-2022-48974 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: fix using __this_cpu_add in preemptible Currently in nf_conntrack_hash_check_insert(), when it fails in nf_… redhatsusedebian
CVE-2022-48976 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable_offload: fix using __this_cpu_add in preemptible flow_offload_queue_work() can be called in workqueue withou… redhatsusedebian
CVE-2022-48978 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: HID: core: fix shift-out-of-bounds in hid_report_raw_event Syzbot reported shift-out-of-bounds in hid_report_raw_event. microsof… redhatsusedebian
CVE-2022-48992 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: Add NULL check in BE reparenting Add NULL check in dpcm_be_reparent API, to handle kernel NULL pointer dereference… redhatsusedebian
CVE-2022-49070 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix unregistering of framebuffers without device OF framebuffers do not have an underlying device in the Linux device hier… redhatsusedebian
CVE-2022-49072 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: gpio: Restrict usage of GPIO chip irq members before initialization GPIO chip irq members are exposed before they could be comple… redhatsusedebian
CVE-2022-49080 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix mpol_new leak in shared_policy_replace If mpol_new is allocated but not used in restart loop, mpol_new will be … redhatsusedebian
CVE-2022-49111 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hci_send_acl This fixes the following trace caused by receiving HCI_EV_DISCONN_PHY_LINK_COMPLETE… redhatsusedebian
CVE-2022-49114 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix use after free in fc_exch_abts_resp() fc_exch_release(ep) will decrease the ep's reference count. When the refer… redhatsusedebian
CVE-2022-49116 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use memset avoid memory leaks Use memset to initialize structs to prevent memory leaks in l2cap_ecred_connect redhatsusedebian
CVE-2022-49204 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix more uncharged while msg has more_data In tcp_bpf_send_verdict(), if msg has more data after tcp_bpf_sendmsg_re… redhatsusedebian
CVE-2022-49205 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix double uncharge the mem of sk_msg If tcp_bpf_sendmsg is running during a tear down operation, psock may be free… redhatsusedebian
CVE-2022-49207 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in sk_psock_queue_msg If tcp_bpf_sendmsg is running during a tear down operation we may enqueue data on… redhatsusedebian
CVE-2022-50715 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: md/raid1: stop mdx_raid1 thread when raid1 array run failed fail run raid1 array when we assemble array with the inactive disk on… redhatsusedebian
CVE-2022-49283 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: firmware: sysfb: fix platform-device leak in error path Make sure to free the platform device also in the unlikely event that reg… redhatsusedebian
CVE-2022-49275 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_tx_handler(): fix use after free of skb can_put_echo_skb() will clone skb then free the skb. Move the can_put_e… redhatsusedebian
CVE-2022-49319 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource… redhatsusedebian
CVE-2022-49328 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mt76: fix use-after-free by removing a non-RCU wcid pointer Fixes an issue caught by KASAN about use-after-free in mt76_txq_sched… redhatsusedebian
CVE-2022-49323 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() It will cause null-ptr-deref when using 'res', if platform… redhatsusedebian
CVE-2022-49333 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, pair only capable devices OFFLOADS paring using devcom is possible only on devices that support LAG. Filter b… redhatsusedebian
CVE-2022-49345 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net: xfrm: unexport __init-annotated xfrm4_protocol_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text s… redhatsusedebian
CVE-2022-49401 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/page_owner: use strscpy() instead of strlcpy() current->comm[] is not a string (no guarantee for a zero byte in it). strlcpy(… redhatsusedebian
CVE-2022-49416 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free in chanctx code In ieee80211_vif_use_reserved_context(), when we have an old context and the n… redhatsusedebian
CVE-2022-49492 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags In nvme_alloc_admin_tags, the admin_q can be set to an error (t… redhatsusedebian
CVE-2022-49548 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix potential array overflow in bpf_trampoline_get_progs() The cnt value in the 'cnt >= BPF_MAX_TRAMP_PROGS' check does not … redhatsusedebian
CVE-2022-49552 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix combination of jit blinding and pointers to bpf subprogs. The combination of jit blinding and pointers to bpf subprogs c… redhatsusedebian
CVE-2022-49562 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits Use the recently introduced __try_cmpxchg_user() to update guest … redhatsusedebian
CVE-2022-49565 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/lbr: Fix unchecked MSR access error on HSW The fuzzer triggers the below trace. [ 7763.384369] unchecked MSR acce… redhatsusedebian
CVE-2022-49577 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: udp: Fix a data-race around sysctl_udp_l3mdev_accept. While reading sysctl_udp_l3mdev_accept, it can be changed concurrently. Thu… redhatsusedebian
CVE-2022-49612 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: power: supply: core: Fix boundary conditions in interpolation The functions power_supply_temp2resist_simple and power_supply_ocv2… redhatsusedebian
CVE-2022-49630 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_ecn_fallback. While reading sysctl_tcp_ecn_fallback, it can be changed concurrently. Thus,… redhatsusedebian
CVE-2022-49629 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix data-races around nexthop_compat_mode. While reading nexthop_compat_mode, it can be changed concurrently. Thus, we n… redhatsusedebian
CVE-2022-49651 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: srcu: Tighten cleanup_srcu_struct() GP checks Currently, cleanup_srcu_struct() checks for a grace period in progress, but it does… redhatsusedebian
CVE-2022-49655 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: fscache: Fix invalidation/lookup race If an NFS file is opened for writing and closed, fscache_invalidate() will be asked to inva… redhatsusedebian
CVE-2022-49659 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits In commit 1be37d3b0414 ("can: m_can: fix periph RX… redhatsusedebian
CVE-2022-49666 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add add_pages override for PPC With commit ffa0b64e3be5 ("powerpc: Fix virt_addr_valid() for 64-bit Book3E & … redhatsusedebian
CVE-2022-49688 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afs_getattr consult the server didn't account for the pseudo-inodes employ… redhatsusedebian
CVE-2022-49700 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab is stable as long as… redhatsusedebian
CVE-2022-49848 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-combo: fix NULL-deref on runtime resume Commit fc64623637da ("phy: qcom-qmp-combo,usb: add support for separate PCS… redhatsusedebian
CVE-2022-49853 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net: macvlan: fix memory leaks of macvlan_common_newlink kmemleak reports memory leaks in macvlan_common_newlink, as follows: i… redhatsusedebian
CVE-2022-49908 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix memory leak in vhci_write Syzkaller reports a memory leak as follows: ==================================== … redhatsusedebian
CVE-2022-49911 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: enforce documented limit to prevent allocating huge memory Daniel Xu reported that the hash:net,iface type of t… redhatsusedebian
CVE-2022-49920 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: netlink notifier might race to release objects commit release path is invoked via call_rcu and it runs lock… redhatsusedebian
CVE-2022-49925 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix null-ptr-deref in ib_core_cleanup() KASAN reported a null-ptr-deref error: KASAN: null-ptr-deref in range [0x00… redhatsusedebian
CVE-2022-49990 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: s390: fix double free of GS and RI CBs on fork() failure The pointers for guarded storage and runtime instrumentation control blo… redhatsusedebian
CVE-2022-49991 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte In MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages… redhatsusedebian
CVE-2022-49992 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/mprotect: only reference swap pfn page if type match Yu Zhao reported a bug after the commit "mm/swap: Add swp_offset_pfn() to… redhatsusedebian
CVE-2022-49998 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: (1) rxrpc_new_client_call() should … redhatsusedebian
CVE-2022-49993 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop The userspace can configure a loop using an ioctl call, wherein a configuration o… redhatsusedebian