VIR Vulnerability Intelligence Relay

CVEs from 2022

6,278 normalized CVEs published or assigned in this year.

Total
6,278
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.4%
% with KEV
2.1%
% with exploit
2.1%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2022-49567 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix uninit-value in mpol_rebind_policy() mpol_set_nodemask()(mm/mempolicy.c) does not set up nodemask when pol->mod… redhatsusedebian
CVE-2022-50562 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tpm: acpi: Call acpi_put_table() to fix memory leak The start and length of the event log area are obtained from TPM2 or TCPA tab… redhatsusedebian
CVE-2022-50391 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leak in set_mempolicy_home_node system call When encountering any vma in the range with policy other tha… redhatsusedebian
CVE-2022-50721 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong calling convention for prep_slave_sg The calling convention for pre_slave_sg is to return NULL on … redhatsusedebian
CVE-2022-50201 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: selinux: fix memleak in security_read_state_kernel() In this function, it directly returns the result of __security_read_policy w… redhatsusedebian
CVE-2022-50771 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state() Running rcutorture with non-zero fqs_duration module pa… redhatsusedebian
CVE-2022-50303 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix double release compute pasid If kfd_process_device_init_vm returns failure after vm is converted to compute vm an… redhatsusedebian
CVE-2022-50389 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak In crb_acpi_add(), we get the TPM2 table to retrieve information… redhatsusedebian
CVE-2022-50117 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: vfio: Split migration ops from main device ops vfio core checks whether the driver sets some migration op (e.g. set_state/get_sta… redhatsusedebian
CVE-2022-40133 high 8.0 3y ago A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dx… redhatsusedebian
CVE-2022-49321 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: xprtrdma: treat all calls not a bcall when bc_serv is NULL When a rdma server returns a fault format reply, nfs v3 client may tre… redhatsusedebian
CVE-2022-50842 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Check whether transferred 2D BO is shmem Transferred 2D BO always must be a shmem BO. Add check for that to prevent N… redhatsusedebian
CVE-2022-49687 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix xdp_rxq_info bug after suspend/resume The following sequence currently causes a driver bug warning when using vir… redhatsusedebian
CVE-2022-50066 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix aq_vec index out of range error The final update statement of the for loop exceeds the array range, the derefe… redhatsusedebian
CVE-2022-50246 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() I got the following report while doing device(mt6370-tcpc) … redhatsusedebian
CVE-2022-50475 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Make sure "ib_port" is valid when access sysfs node The "ib_port" structure must be set before adding the sysfs kobjec… redhatsusedebian
CVE-2022-32084 high 8.0 3y ago Important: galera and mariadb security update rockylinuxredhatalmalinuxsuse+1
CVE-2022-32082 high 8.0 3y ago Important: galera and mariadb security update redhatrockylinuxsusedebian
CVE-2022-32081 high 8.0 3y ago Important: galera and mariadb security update redhatrockylinuxsusedebian
CVE-2022-32091 high 8.0 3y ago Important: galera and mariadb security update rockylinuxredhatalmalinuxsuse+1
CVE-2022-32089 high 8.0 3y ago Important: galera and mariadb security update redhatalmalinuxrockylinuxsuse+1
CVE-2022-47015 high 8.0 3y ago Important: galera and mariadb security update rockylinuxredhatalmalinuxsuse+1
CVE-2022-38791 high 8.0 3y ago Important: galera and mariadb security update rockylinuxredhatalmalinuxsuse+1
CVE-2022-25883 high 8.0 3y ago Important: nodejs:18 security, bug fix, and enhancement update rockylinuxredhatsusedebian+1
CVE-2022-50661 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copy_seccomp() to no failure path. Our syzbot instance reported memory leaks in do_seccomp() [0], similar to the re… redhatsusedebian
CVE-2022-40982 high 8.0 3y ago Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable in… redhatrockylinuxsusedebian
CVE-2022-45869 high 8.0 3y ago A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisatio… redhatsusedebianrockylinux
CVE-2022-32885 high 8.0 3y ago Important: webkit2gtk3 security and bug fix update redhatdebian
CVE-2022-25265 high 8.0 3y ago In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execu… debian
CVE-2022-41218 high 8.0 3y ago In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. archsusedebianalmalinux
CVE-2022-25147 high 8.0 3y ago Important: apr-util security update debianredhatrockylinuxsuse
CVE-2022-50147 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix get_nodes out of bound access When user specified more nodes than supported, get_nodes will access nmask array … redhatsusedebian
CVE-2022-50154 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() of_get_child_by_name() returns a node pointer with refcount … redhatsusedebian
CVE-2022-49630 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_ecn_fallback. While reading sysctl_tcp_ecn_fallback, it can be changed concurrently. Thus,… redhatsusedebian
CVE-2022-49659 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits In commit 1be37d3b0414 ("can: m_can: fix periph RX… redhatsusedebian
CVE-2022-49596 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_min_snd_mss. While reading sysctl_tcp_min_snd_mss, it can be changed concurrently. Thus, we… redhatsusedebian
CVE-2022-49595 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_probe_threshold. While reading sysctl_tcp_probe_threshold, it can be changed concurrently.… redhatsusedebian
CVE-2022-49594 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. While reading sysctl_tcp_mtu_probe_floor, it can be changed concurrently.… redhatsusedebian
CVE-2022-50120 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init of_parse_phandle() returns a node pointer with refcount increment… redhatsusedebian
CVE-2022-49586 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_fastopen. While reading sysctl_tcp_fastopen, it can be changed concurrently. Thus, we need … redhatsusedebian
CVE-2022-49903 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ipv6: fix WARNING in ip6_route_net_exit_late() During the initialization of ip6_route_net_init_late(), if file ipv6_route or rt6_… redhatsusedebian
CVE-2022-49585 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. While reading sysctl_tcp_fastopen_blackhole_timeout, it can be … redhatsusedebian
CVE-2022-21604 high 8.0 3y ago Important: mysql security update redhatdebian
CVE-2022-49552 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix combination of jit blinding and pointers to bpf subprogs. The combination of jit blinding and pointers to bpf subprogs c… redhatsusedebian
CVE-2022-49848 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-combo: fix NULL-deref on runtime resume Commit fc64623637da ("phy: qcom-qmp-combo,usb: add support for separate PCS… redhatsusedebian
CVE-2022-50348 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix a memory leak in an error handling path If this memdup_user() call fails, the memory allocated in a previous call a few… redhatsusedebian
CVE-2022-49539 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: rtw89: ser: fix CAM leaks occurring in L2 reset The CAM, meaning address CAM and bssid CAM here, will get leaks during SER (syste… redhatsusedebian
CVE-2022-50405 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net/tunnel: wait until all sk_user_data reader finish before releasing the sock There is a race condition in vxlan that when dele… redhatsusedebian
CVE-2022-49647 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading css_sets for migration Each cset (css_set) is pinned by its tasks. When we're … redhatsusedebian
CVE-2022-49634 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data-races in proc_dou8vec_minmax(). A sysctl variable is accessed concurrently, and there is always a chance of data… redhatsusedebian
CVE-2022-50002 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY Only set MLX5_LAG_FLAG_NDEVS_READY if both netdevices are registered. Doi… redhatsusedebian
CVE-2022-49236 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF due to race between btf_try_get_module and load_module While working on code to populate kfunc BTF ID sets for modul… redhatsusedebian
CVE-2022-4904 high 8.0 3y ago Important: nodejs:14 security, bug fix, and enhancement update redhatdebianrockylinuxsuse
CVE-2022-49637 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_sync_mem. While reading sysctl_fib_sync_mem, it can be changed concurrently. So, we need … redhatsusedebian
CVE-2022-50035 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex If amdgpu_cs_vm_handling returns r != 0, then it will unlock the bo_list_m… redhatsusedebian
CVE-2022-50021 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ext4: block range must be validated before use in ext4_mb_clear_bb() Block range to free is validated in ext4_free_blocks() using… redhatsusedebian
CVE-2022-49541 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799 redhatsusedebian
CVE-2022-50029 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ipq8074: dont disable gcc_sleep_clk_src Once the usb sleep clocks are disabled, clock framework is trying to disable t… redhatsusedebian
CVE-2022-50392 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() The node returned by of_parse_phandle() w… redhatsusedebian
CVE-2022-49049 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix panic when growing a memfd_secret When one tries to grow an existing memfd_secret with ftruncate, one gets a pa… redhatsusedebian
CVE-2022-49492 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags In nvme_alloc_admin_tags, the admin_q can be set to an error (t… redhatsusedebian
CVE-2022-49862 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header This is a follow-up for commit 974cb0e3e7c9 ("tipc:… redhatsusedebian
CVE-2022-49429 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent panic when SDMA is disabled If the hfi1 module is loaded with HFI1_CAP_SDMA off, a call to hfi1_write_iter() w… redhatsusedebian
CVE-2022-46700 high 8.0 3y ago Important: webkit2gtk3 security and bug fix update redhatdebian
CVE-2022-39408 high 8.0 3y ago Important: mysql:8.0 security, bug fix, and enhancement update redhatdebian
CVE-2022-49587 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_notsent_lowat. While reading sysctl_tcp_notsent_lowat, it can be changed concurrently. Thu… redhatsusedebian
CVE-2022-49588 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_migrate_req. While reading sysctl_tcp_migrate_req, it can be changed concurrently. Thus, we… redhatsusedebian
CVE-2022-48939 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1… redhatsusedebian
CVE-2022-49593 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_probe_interval. While reading sysctl_tcp_probe_interval, it can be changed concurrently. T… redhatsusedebian
CVE-2022-21632 high 8.0 3y ago Important: mysql security update redhatdebian
CVE-2022-49604 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_fwd_use_pmtu. While reading sysctl_ip_fwd_use_pmtu, it can be changed concurrently. Thus, we … redhatsusedebian
CVE-2022-49600 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_ip_autobind_reuse. While reading sysctl_ip_autobind_reuse, it can be changed concurrently. Thus… redhatsusedebian
CVE-2022-50445 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: xfrm: Reinject transport-mode packets through workqueue The following warning is displayed when the tcp6-multi-diffip11 stress te… redhatsusedebian
CVE-2022-49960 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix null pointer dereference Asus chromebook CX550 crashes during boot on v5.17-rc1 kernel. The root cause is null poin… redhatsusedebian
CVE-2022-48915 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference Do not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if the th… redhatsusedebian
CVE-2022-50152 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe of_parse_phandle() returns a node pointer with refcount incremented, we sh… redhatsusedebian
CVE-2022-50146 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors If dw_pcie_ep_init() fails to perform any action after the EPC memory… redhatsusedebian
CVE-2022-49958 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net/sched: fix netdevice reference leaks in attach_default_qdiscs() In attach_default_qdiscs(), if a dev has multiple queues and … redhatsusedebian
CVE-2022-49372 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: tcp_rtx_synack() can be called from process context Laurent reported the enclosed report [1] This bug triggers with followi… redhatsusedebian
CVE-2022-49362 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix potential use-after-free in nfsd_file_put() nfsd_file_put_noref() can free @nf, so don't dereference @nf immediately up… redhatsusedebian
CVE-2022-49416 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free in chanctx code In ieee80211_vif_use_reserved_context(), when we have an old context and the n… redhatsusedebian
CVE-2022-49943 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix obscure lockdep violation for udc_mutex A recent commit expanding the scope of the udc_lock mutex in the gadget … redhatsusedebian
CVE-2022-4129 high 8.0 3y ago A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use t… redhatsusedebianalmalinux
CVE-2022-49371 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in __device_attach In __device_attach function, The lock holding logic is as follows: ... __device_atta… redhatsusedebian
CVE-2022-39189 high 8.0 3y ago An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_V… redhatsusedebianalmalinux
CVE-2022-46699 high 8.0 3y ago Important: webkit2gtk3 security and bug fix update redhatsusedebian
CVE-2022-48934 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_… redhatsusedebian
CVE-2022-39188 high 8.0 3y ago An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still h… redhatsusedebianalmalinux
CVE-2022-50006 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: NFSv4.2 fix problems with __nfs42_ssc_open A destination server while doing a COPY shouldn't accept using the passed in filehandl… redhatsusedebian
CVE-2022-3640 high 8.0 3y ago A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulati… redhatsusedebianalmalinux
CVE-2022-49365 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() The > ARRAY_SIZE() should be >= ARRAY_SIZE() to prevent an out of bounds acce… redhatsusedebian
CVE-2022-3524 high 8.0 3y ago A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads… archredhatsusedebian
CVE-2022-46691 high 8.0 3y ago Important: webkit2gtk3 security and bug fix update redhatsusedebian
CVE-2022-50058 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: vdpa_sim_blk: set number of address spaces and virtqueue groups Commit bda324fd037a ("vdpasim: control virtqueue support") added … redhatsusedebian
CVE-2022-49356 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Trap RDMA segment overflows Prevent svc_rdma_build_writes() from walking off the end of a Write chunk's segment array. Ca… redhatsusedebian
CVE-2022-36879 high 8.0 3y ago An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. archredhatsusedebian
CVE-2022-49323 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() It will cause null-ptr-deref when using 'res', if platform… redhatsusedebian
CVE-2022-3707 high 8.0 3y ago A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This … redhatsusedebianalmalinux
CVE-2022-49328 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mt76: fix use-after-free by removing a non-RCU wcid pointer Fixes an issue caught by KASAN about use-after-free in mt76_txq_sched… redhatsusedebian
CVE-2022-49319 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource… redhatsusedebian