VIR Vulnerability Intelligence Relay

CVEs from 2022

6,002 normalized CVEs published or assigned in this year.

Total
6,002
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2022-49839 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will c… redhatsusedebian
CVE-2022-49750 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Add u64 casts to avoid overflowing The fields of the _CPC object are unsigned 32-bits values. To avoid overflows w… redhatsusedebian
CVE-2022-49466 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: regulator: scmi: Fix refcount leak in scmi_regulator_probe of_find_node_by_name() returns a node pointer with refcount incremente… redhatsusedebian
CVE-2022-50004 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix metadata dst->dev xmit null pointer dereference When we try to transmit an skb with metadata_dst attached (i.e.… redhatsusedebian
CVE-2022-50619 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() If the number of pages from the userptr BO differs from the SG BO then th… redhatsusedebian
CVE-2022-49220 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: dax: make sure inodes are flushed before destroy cache A bug can be triggered by following command $ modprobe nd_pmem && modprob… redhatsusedebian
CVE-2022-46725 high 8.0 3y ago A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to ad… redhatsusedebian
CVE-2022-50297 high 8.0 3y ago RHSA-2023:6583: kernel security, bug fix, and enhancement update (Important) redhatsuse
CVE-2022-49746 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init If the function sdma_load_context() fails, the sdma_desc wi… redhatsusedebian
CVE-2022-50369 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix null-ptr-deref in vkms_release() A null-ptr-deref is triggered when it tries to destroy the workqueue in vkms->outp… redhatsusedebian
CVE-2022-49837 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in __check_func_call kmemleak reports this issue: unreferenced object 0xffff88817139d000 (size 2048): co… redhatsusedebian
CVE-2022-50064 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Avoid use-after-free on suspend/resume hctx->user_data is set to vq in virtblk_init_hctx(). However, vq is freed on … redhatsusedebian
CVE-2022-38900 high 8.0 3y ago Important: nodejs:14 security, bug fix, and enhancement update redhatrockylinuxnpm
CVE-2022-50784 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mei: fix potential NULL-ptr deref after clone If cloning the SKB fails, don't try to use it, but rather return as … redhatsusedebian
CVE-2022-27635 high 8.0 3y ago Important: linux-firmware security, bug fix, and enhancement update redhatdebian
CVE-2022-49339 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport __init-annotated seg6_hmac_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text sectio… redhatsusedebian
CVE-2022-50117 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: vfio: Split migration ops from main device ops vfio core checks whether the driver sets some migration op (e.g. set_state/get_sta… redhatsusedebian
CVE-2022-50066 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aq_vec index out of range error The final update statement of the for loop exceeds the array range, the derefe… redhatsusedebian
CVE-2022-50127 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxe_create_qp() In the function rxe_create_qp(), rxe_qp_from_init() is called to initialize qp, int… redhatsusedebian
CVE-2022-49028 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevf_init_module() ixgbevf_init_module() won't destroy the workqueue created by create_singlethr… redhatsusedebian
CVE-2022-50756 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor that calculates the worst-case n… redhatsusedebian
CVE-2022-49653 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: i2c: piix4: Fix a memory leak in the EFCH MMIO support The recently added support for EFCH MMIO regions introduced a memory leak … redhatsusedebian
CVE-2022-50699 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() The following warning was triggered on a hardware envi… redhatsusedebian
CVE-2022-50406 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: iomap: iomap: fix memory corruption when recording errors during writeback Every now and then I see this crash on arm64: Unable … redhatsusedebian
CVE-2022-50239 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom: fix writes in read-only memory region This commit fixes a kernel oops because of a write in some read-only memory:… redhatsusedebian
CVE-2022-50135 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup The function rxe_create_qp calls rxe_qp_from_init. If some error oc… redhatsusedebian
CVE-2022-50809 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: xhci: dbc: Fix memory leak in xhci_alloc_dbc() If DbC is already in use, then the allocated memory for the xhci_dbc struct doesn'… redhatsusedebian
CVE-2022-49827 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() drm_vblank_init() call drmm_add_action_or_reset() with drm_vblan… redhatsusedebian
CVE-2022-32091 high 8.0 3y ago Important: galera and mariadb security update rockylinuxredhatalmalinuxsuse+1
CVE-2022-32082 high 8.0 3y ago Important: galera and mariadb security update redhatrockylinuxsusedebian
CVE-2022-32081 high 8.0 3y ago Important: galera and mariadb security update redhatrockylinuxsusedebian
CVE-2022-32084 high 8.0 3y ago Important: galera and mariadb security update rockylinuxredhatalmalinuxsuse+1
CVE-2022-32089 high 8.0 3y ago Important: galera and mariadb security update redhatalmalinuxrockylinuxsuse+1
CVE-2022-47015 high 8.0 3y ago Important: galera and mariadb security update rockylinuxredhatalmalinuxsuse+1
CVE-2022-38791 high 8.0 3y ago Important: galera and mariadb security update rockylinuxredhatalmalinuxsuse+1
CVE-2022-25883 high 8.0 3y ago Important: nodejs:18 security, bug fix, and enhancement update rockylinuxredhatsusedebian+1
CVE-2022-50661 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copy_seccomp() to no failure path. Our syzbot instance reported memory leaks in do_seccomp() [0], similar to the re… redhatsusedebian
CVE-2022-40982 high 8.0 3y ago Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable in… redhatrockylinuxsusedebian
CVE-2022-45869 high 8.0 3y ago A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisatio… redhatsusedebianrockylinux
CVE-2022-32885 high 8.0 3y ago Important: webkit2gtk3 security and bug fix update redhatdebian
CVE-2022-41218 high 8.0 3y ago In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. archsusedebianalmalinux
CVE-2022-25265 high 8.0 3y ago In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execu… debian
CVE-2022-25147 high 8.0 3y ago Important: apr-util security update debianredhatrockylinuxsuse
CVE-2022-49638 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl. While reading icmp sysctl variables, they can be changed concurrently. So, we need to add REA… redhatsusedebian
CVE-2022-49961 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO Precision markers need to be propagated whenever we have an ARG_CON… redhatsusedebian
CVE-2022-50263 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: vdpasim: fix memory leak when freeing IOTLBs After commit bda324fd037a ("vdpasim: control virtqueue support"), vdpasim->iommu bec… redhatsusedebian
CVE-2022-50418 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() mhi_alloc_controller() allocates a memory space for mhi_ctr… redhatsusedebian
CVE-2022-50039 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() Commit 09f012e64e4b ("stmmac: intel: Fix cloc… redhatsusedebian
CVE-2022-3435 high 8.0 3y ago A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation l… redhatsusedebian
CVE-2022-49442 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drivers/base/node.c: fix compaction sysfs file leak Compaction sysfs file is created via compaction_register_node in register_nod… redhatsusedebian
CVE-2022-1462 high 8.0 3y ago An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC … redhatsusedebian
CVE-2022-50496 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy() Dm_cache also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefor… redhatsusedebian
CVE-2022-21633 high 8.0 3y ago Important: mysql security update redhatdebian
CVE-2022-32923 high 8.0 3y ago Important: webkit2gtk3 security and bug fix update redhatsusedebian
CVE-2022-50752 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() When running chunk-sized reads on disks with badblocks duplicate… redhatsusedebian
CVE-2022-49580 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. While reading sysctl_fib_multipath_use_neigh, it can be changed conc… redhatsusedebian
CVE-2022-50484 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a buffer, it aborts and goes to t… redhatsusedebian
CVE-2022-3623 high 8.0 3y ago A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulat… archredhatsusedebian+1
CVE-2022-48339 high 8.0 3y ago Important: emacs security update redhatdebiansuse
CVE-2022-3566 high 8.0 3y ago A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race c… archredhatsusedebian
CVE-2022-1882 high 8.0 3y ago A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. Thi… redhatsusedebian
CVE-2022-50100 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: sched/core: Do not requeue task on CPU excluded from cpus_mask The following warning was triggered on a large machine early in bo… redhatsusedebian
CVE-2022-49578 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_prot_sock. sysctl_ip_prot_sock is accessed concurrently, and there is always a chance of data… redhatsusedebian
CVE-2022-50113 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type() We should call of_node_put() for the reference before its re… redhatsusedebian
CVE-2022-50861 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: NFSD: Finish converting the NFSv2 GETACL result encoder The xdr_stream conversion inadvertently left some code that set the page_… redhatsusedebian
CVE-2022-49644 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() If drm_connector_init fails, intel_connector_free will be … redhatsusedebian
CVE-2022-50111 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: mt6359: Fix refcount leak bug In mt6359_parse_dt() and mt6359_accdet_parse_dt(), we should call of_node_put() for the refer… redhatsusedebian
CVE-2022-50003 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ice: xsk: prohibit usage of non-balanced queue id Fix the following scenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t… redhatsusedebian
CVE-2022-2663 high 8.0 3y ago An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using u… archredhatsusedebian
CVE-2022-50348 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix a memory leak in an error handling path If this memdup_user() call fails, the memory allocated in a previous call a few… redhatsusedebian
CVE-2022-50855 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: prevent leak of lsm program after failed attach In [0], we added the ability to bpf_prog_attach LSM programs to cgroups, but… redhatsusedebian
CVE-2022-50164 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue After successfull station association, if station queues are… redhatsusedebian
CVE-2022-50744 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs During I/O and simultaneous cat of /sys/kernel/debug/lpfc/fn… redhatsusedebian
CVE-2022-49579 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctl_fib_multipath_hash_policy. While reading sysctl_fib_multipath_hash_policy, it can be changed c… redhatsusedebian
CVE-2022-49753 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fix double increment of client_count in dma_chan_get() The first time dma_chan_get() is called for a channel the chann… redhatsusedebian
CVE-2022-50445 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: xfrm: Reinject transport-mode packets through workqueue The following warning is displayed when the tcp6-multi-diffip11 stress te… redhatsusedebian
CVE-2022-48939 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1… redhatsusedebian
CVE-2022-50583 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: md/raid0, raid10: Don't set discard sectors for request queue It should use disk_stack_limits to get a proper max_discard_sectors… redhatsusedebian
CVE-2022-50738 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix an iotlb memory leak Before commit 3d5698793897 ("vhost-vdpa: introduce asid based IOTLB") we called vhost_vdpa_i… redhatsusedebian
CVE-2022-3619 high 8.0 3y ago A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Blueto… archredhatsusedebian+1
CVE-2022-49639 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add R… redhatsusedebian
CVE-2022-50034 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: usb: cdns3 fix use-after-free at workaround 2 BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac cdns3_wa2_rem… redhatsusedebian
CVE-2022-50563 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in run_timer_softirq() When dm_resume() and dm_destroy() are concurrent, it will lead to UAF, as follows: BUG:… redhatsusedebian
CVE-2022-49637 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_sync_mem. While reading sysctl_fib_sync_mem, it can be changed concurrently. So, we need … redhatsusedebian
CVE-2022-49726 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL and __init is a bad combination because the .… redhatsusedebian
CVE-2022-50022 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drivers:md:fix a potential use-after-free bug In line 2884, "raid5_release_stripe(sh);" drops the reference to sh and may cause s… redhatsusedebian
CVE-2022-50037 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should st… redhatsusedebian
CVE-2022-50133 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: usb: xhci_plat_remove: avoid NULL dereference Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a ("usb: host: xhci-plat: omit … redhatsusedebian
CVE-2022-50032 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fix refcount leak bug In usbhs_rza1_hardware_init(), of_find_node_by_name() will return a node pointer with refcoun… redhatsusedebian
CVE-2022-49594 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. While reading sysctl_tcp_mtu_probe_floor, it can be changed concurrently.… redhatsusedebian
CVE-2022-49967 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpf_jit_limit. While reading bpf_jit_limit, it can be changed concurrently via sysctl, WRITE_ONCE() i… redhatsusedebian
CVE-2022-50863 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: free unused skb to prevent memory leak This avoid potential memory leak under power saving mode. redhatsusedebian
CVE-2022-50554 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double ->queue_rq() because of early timeout David Jeffery found one double ->queue_rq() issue, so far it can be tr… redhatsusedebian
CVE-2022-50168 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf, x86: fix freeing of not-finalized bpf_prog_pack syzbot reported a few issues with bpf_prog_pack [1], [2]. This only happens … redhatsusedebian
CVE-2022-50033 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return a node pointer wi… redhatsusedebian
CVE-2022-50029 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ipq8074: dont disable gcc_sleep_clk_src Once the usb sleep clocks are disabled, clock framework is trying to disable t… redhatsusedebian
CVE-2022-49647 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading css_sets for migration Each cset (css_set) is pinned by its tasks. When we're … redhatsusedebian
CVE-2022-50549 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata Following concurrent processes: P1(drop cach… redhatsusedebian
CVE-2022-49593 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_probe_interval. While reading sysctl_tcp_probe_interval, it can be changed concurrently. T… redhatsusedebian
CVE-2022-49985 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnum_range on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF run… redhatrockylinuxsusedebian