VIR Vulnerability Intelligence Relay

CVEs from 2022

6,001 normalized CVEs published or assigned in this year.

Total
6,001
critical
critical 88
high
high 1,239
medium
medium 887
low
low 24
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2022-21505 high 8.0 3y ago Important: kernel-rt security and bug fix update redhatsusedebianalmalinux
CVE-2022-2196 high 8.0 3y ago Important: kernel-rt security and bug fix update redhatsusedebianalmalinux
CVE-2022-2663 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatsusedebian+1
CVE-2022-28388 high 8.0 3y ago Important: kernel-rt security and bug fix update redhatarchsusedebian+1
CVE-2022-3028 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatsusedebian+1
CVE-2022-3567 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatsusedebian+1
CVE-2022-3522 high 8.0 3y ago Important: kernel-rt security and bug fix update redhatsusealmalinux
CVE-2022-49629 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix data-races around nexthop_compat_mode. While reading nexthop_compat_mode, it can be changed concurrently. Thus, we n… redhatsusedebian
CVE-2022-3524 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatsusedebian+1
CVE-2022-3566 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatsusedebian+1
CVE-2022-49638 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl. While reading icmp sysctl variables, they can be changed concurrently. So, we need to add REA… redhatsusedebian
CVE-2022-49630 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_ecn_fallback. While reading sysctl_tcp_ecn_fallback, it can be changed concurrently. Thus,… redhatsusedebian
CVE-2022-49632 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. While reading sysctl_icmp_errors_use_inbound_ifaddr, it can b… redhatsusedebian
CVE-2022-49631 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: raw: Fix a data-race around sysctl_raw_l3mdev_accept. While reading sysctl_raw_l3mdev_accept, it can be changed concurrently. Thu… redhatsusedebian
CVE-2022-49634 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data-races in proc_dou8vec_minmax(). A sysctl variable is accessed concurrently, and there is always a chance of data… redhatsusedebian
CVE-2022-3619 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatsusedebian+1
CVE-2022-3623 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatsusedebian+1
CVE-2022-49637 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_sync_mem. While reading sysctl_fib_sync_mem, it can be changed concurrently. So, we need … redhatsusedebian
CVE-2022-49641 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec(). A sysctl variable is accessed concurrently, and there is always a chance of data-race… redhatsusedebian
CVE-2022-49639 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add R… redhatsusedebian
CVE-2022-3640 high 8.0 3y ago Important: kernel-rt security and bug fix update redhatsusedebianalmalinux
CVE-2022-49642 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driver for … redhatsusedebian
CVE-2022-3707 high 8.0 3y ago Important: kernel-rt security and bug fix update redhatsusedebianalmalinux
CVE-2022-49644 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() If drm_connector_init fails, intel_connector_free will be … redhatsusedebian
CVE-2022-41674 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatsusedebian+1
CVE-2022-39188 high 8.0 3y ago Important: kernel-rt security and bug fix update redhatsusedebianalmalinux
CVE-2022-49646 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue fo… redhatsusedebian
CVE-2022-39189 high 8.0 3y ago Important: kernel-rt security and bug fix update redhatsusedebianalmalinux
CVE-2022-42703 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatsusedebian+1
CVE-2022-4129 high 8.0 3y ago Important: kernel-rt security and bug fix update redhatsusedebianalmalinux
CVE-2022-42721 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatsusedebian+1
CVE-2022-4128 high 8.0 3y ago Important: kernel-rt security and bug fix update redhatsusedebianalmalinux
CVE-2022-49655 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: fscache: Fix invalidation/lookup race If an NFS file is opened for writing and closed, fscache_invalidate() will be asked to inva… redhatsusedebian
CVE-2022-49651 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: srcu: Tighten cleanup_srcu_struct() GP checks Currently, cleanup_srcu_struct() checks for a grace period in progress, but it does… redhatsusedebian
CVE-2022-42720 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatsusedebian+1
CVE-2022-49659 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits In commit 1be37d3b0414 ("can: m_can: fix periph RX… redhatsusedebian
CVE-2022-42722 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatsusedebian+1
CVE-2022-42896 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatrockylinuxsuse+2
CVE-2022-47929 high 8.0 3y ago Important: kernel-rt security and bug fix update archredhatdebiansuse+1
CVE-2022-49666 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add add_pages override for PPC With commit ffa0b64e3be5 ("powerpc: Fix virt_addr_valid() for 64-bit Book3E & … redhatsusedebian
CVE-2022-49700 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab is stable as long as… redhatsusedebian
CVE-2022-49688 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afs_getattr consult the server didn't account for the pseudo-inodes employ… redhatsusedebian
CVE-2022-49726 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL and __init is a bad combination because the .… redhatsusedebian
CVE-2022-49739 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed (inline) inodes is within the allowed range whe… redhatsusedebian
CVE-2022-49848 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-combo: fix NULL-deref on runtime resume Commit fc64623637da ("phy: qcom-qmp-combo,usb: add support for separate PCS… redhatsusedebian
CVE-2022-49853 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net: macvlan: fix memory leaks of macvlan_common_newlink kmemleak reports memory leaks in macvlan_common_newlink, as follows: i… redhatsusedebian
CVE-2022-49862 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header This is a follow-up for commit 974cb0e3e7c9 ("tipc:… redhatsusedebian
CVE-2022-49872 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net: gso: fix panic on frag_list with mixed head alloc types Since commit 3dcbdb134f32 ("net: gso: Fix skb_segment splat when spl… redhatsusedebian
CVE-2022-49902 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: block: Fix possible memory leak for rq_wb on add_disk failure kmemleak reported memory leaks in device_add_disk(): kmemleak: 3 n… redhatsusedebian
CVE-2022-49903 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ipv6: fix WARNING in ip6_route_net_exit_late() During the initialization of ip6_route_net_init_late(), if file ipv6_route or rt6_… redhatsusedebian
CVE-2022-49908 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix memory leak in vhci_write Syzkaller reports a memory leak as follows: ==================================== … redhatsusedebian
CVE-2022-49911 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: enforce documented limit to prevent allocating huge memory Daniel Xu reported that the hash:net,iface type of t… redhatsusedebian
CVE-2022-49934 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix UAF in ieee80211_scan_rx() ieee80211_scan_rx() tries to access scan_req->flags after a null check, but a UAF … redhatsusedebian
CVE-2022-49920 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: netlink notifier might race to release objects commit release path is invoked via call_rcu and it runs lock… redhatsusedebian
CVE-2022-49925 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix null-ptr-deref in ib_core_cleanup() KASAN reported a null-ptr-deref error: KASAN: null-ptr-deref in range [0x00… redhatsusedebian
CVE-2022-49935 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later Previously when we added a fence to a dma_resv object we always assumed … redhatsusedebian
CVE-2022-49942 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected When we are not connected to a channel, sending channel … redhatsusedebian
CVE-2022-49959 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix memory leak at failed datapath creation ovs_dp_cmd_new()->ovs_dp_change()->ovs_dp_set_upcall_portids() allocates… redhatsusedebian
CVE-2022-49951 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix use-after-free during unregister In the following code within firmware_upload_unregister(), the call to devi… redhatsusedebian
CVE-2022-49958 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net/sched: fix netdevice reference leaks in attach_default_qdiscs() In attach_default_qdiscs(), if a dev has multiple queues and … redhatsusedebian
CVE-2022-49960 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix null pointer dereference Asus chromebook CX550 crashes during boot on v5.17-rc1 kernel. The root cause is null poin… redhatsusedebian
CVE-2022-49962 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference in remove if xHC has only one roothub The remove path in xhci platform driver tries to remove … redhatsusedebian
CVE-2022-49964 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level Though acpi_find_last_cache_level() always … redhatsusedebian
CVE-2022-49965 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics Without these, potential memory leak may be induced. redhatsusedebian
CVE-2022-49966 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid To avoid any potential memory leak. redhatsusedebian
CVE-2022-49967 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpf_jit_limit. While reading bpf_jit_limit, it can be changed concurrently via sysctl, WRITE_ONCE() i… redhatsusedebian
CVE-2022-49969 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: clear optc underflow before turn off odm clock [Why] After ODM clock off, optc underflow bit will be kept there … redhatsusedebian
CVE-2022-49970 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purge_effective_progs Syzkaller reported a triggered kernel BUG as follows: ------------[ cut h… redhatsusedebian
CVE-2022-49971 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix a potential gpu_metrics_table memory leak Memory is allocated for gpu_metrics_table in smu_v13_0_4_init_smc_table… redhatsusedebian
CVE-2022-49973 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: skmsg: Fix wrong last sg check in sk_msg_recvmsg() Fix one kernel NULL pointer dereference as below: [ 224.462334] Call Trace: … redhatsusedebian
CVE-2022-49974 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: fix rumble worker null pointer deref We can dereference a null pointer trying to queue work to a destroyed workque… redhatsusedebian
CVE-2022-49981 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix memory leak in hidraw_release() Free the buffered reports before deleting the list entry. BUG: memory leak unre… redhatsusedebian
CVE-2022-49979 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net: fix refcount bug in sk_psock_get (2) Syzkaller reports refcount bug as follows: ------------[ cut here ]------------ refcoun… redhatsusedebian
CVE-2022-49980 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free Read in usb_udc_uevent() The syzbot fuzzer found a race between uevent callbacks and gadget drive… redhatsusedebian
CVE-2022-49982 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix memory leak in pvr_probe The error handling code in pvr2_hdw_create forgets to unregister the v4l2 device. Wh… redhatsusedebian
CVE-2022-49984 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report It is possible for a malicious device to forgo submittin… redhatsusedebian
CVE-2022-49986 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq storvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as i… redhatsusedebian
CVE-2022-49990 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: s390: fix double free of GS and RI CBs on fork() failure The pointers for guarded storage and runtime instrumentation control blo… redhatsusedebian
CVE-2022-49991 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte In MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages… redhatsusedebian
CVE-2022-49992 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/mprotect: only reference swap pfn page if type match Yu Zhao reported a bug after the commit "mm/swap: Add swp_offset_pfn() to… redhatsusedebian
CVE-2022-49993 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop The userspace can configure a loop using an ioctl call, wherein a configuration o… redhatsusedebian
CVE-2022-49994 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem The vmemmap pages is marked by kmemleak when allocated from m… redhatsusedebian
CVE-2022-49995 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: writeback: avoid use-after-free after removing device When a disk is removed, bdi_unregister gets called to stop further writebac… redhatsusedebian
CVE-2022-49998 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: (1) rxrpc_new_client_call() should … redhatsusedebian
CVE-2022-50006 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: NFSv4.2 fix problems with __nfs42_ssc_open A destination server while doing a COPY shouldn't accept using the passed in filehandl… redhatsusedebian
CVE-2022-50007 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: xfrm: fix refcount leak in __xfrm_policy_check() The issue happens on an error path in __xfrm_policy_check(). When the fetching p… redhatsusedebian
CVE-2022-50014 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW Ever since the Dirty COW (CVE-2016-5195) security issue happened, w… redhatsusedebian
CVE-2022-50015 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot It is not yet clear, but it is possible to create a firm… redhatsusedebian
CVE-2022-50016 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot It is not yet clear, but it is possible to create a firmware… redhatsusedebian
CVE-2022-50020 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ext4: avoid resizing to a partial cluster size This patch avoids an attempt to resize the filesystem to an unaligned cluster boun… redhatrockylinuxsusedebian+1
CVE-2022-50021 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ext4: block range must be validated before use in ext4_mb_clear_bb() Block range to free is validated in ext4_free_blocks() using… redhatsusedebian
CVE-2022-50022 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drivers:md:fix a potential use-after-free bug In line 2884, "raid5_release_stripe(sh);" drops the reference to sh and may cause s… redhatsusedebian
CVE-2022-50028 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: gadgetfs: ep_io - wait until IRQ finishes after usb_ep_queue() if wait_for_completion_interruptible() is interrupted we need to w… redhatsusedebian
CVE-2022-50029 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ipq8074: dont disable gcc_sleep_clk_src Once the usb sleep clocks are disabled, clock framework is trying to disable t… redhatsusedebian
CVE-2022-50032 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: usb: renesas: Fix refcount leak bug In usbhs_rza1_hardware_init(), of_find_node_by_name() will return a node pointer with refcoun… redhatsusedebian
CVE-2022-50033 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-ppc-of: Fix refcount leak bug In ohci_hcd_ppc_of_probe(), of_find_compatible_node() will return a node pointer wi… redhatsusedebian
CVE-2022-50034 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: usb: cdns3 fix use-after-free at workaround 2 BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac cdns3_wa2_rem… redhatsusedebian
CVE-2022-50037 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/i915/ttm: don't leak the ccs state The kernel only manages the ccs state with lmem-only objects, however the kernel should st… redhatsusedebian
CVE-2022-50046 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() The issue happens on some error handling paths. When the … redhatsusedebian
CVE-2022-50050 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() snprintf() returns the would-be-filled size when the string ov… redhatsusedebian