VIR Vulnerability Intelligence Relay

CVEs from 2022

6,002 normalized CVEs published or assigned in this year.

Total
6,002
critical
critical 88
high
high 1,240
medium
medium 887
low
low 23
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%

Top vendors

Top products

  • jdk 116
  • jre 109
  • openjdk 100
  • zulu 82
  • graalvm 74
  • cloud_secure_agent 35
  • oncommand_insight 34
  • cloud_insights_acquisition_unit 34

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2022-48976 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable_offload: fix using __this_cpu_add in preemptible flow_offload_queue_work() can be called in workqueue withou… redhatsusedebian
CVE-2022-50021 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ext4: block range must be validated before use in ext4_mb_clear_bb() Block range to free is validated in ext4_free_blocks() using… redhatsusedebian
CVE-2022-50020 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ext4: avoid resizing to a partial cluster size This patch avoids an attempt to resize the filesystem to an unaligned cluster boun… redhatrockylinuxsusedebian
CVE-2022-49943 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix obscure lockdep violation for udc_mutex A recent commit expanding the scope of the udc_lock mutex in the gadget … redhatsusedebian
CVE-2022-50016 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot It is not yet clear, but it is possible to create a firmware… redhatsusedebian
CVE-2022-42826 high 8.0 3y ago Important: webkit2gtk3 security and bug fix update redhatsusedebian
CVE-2022-50015 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot It is not yet clear, but it is possible to create a firm… redhatsusedebian
CVE-2022-21611 high 8.0 3y ago Important: mysql security update redhatdebian
CVE-2022-50149 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential deadlock in __driver_attach In __driver_attach function, There are also AA deadlock problem, like the … redhatsusedebian
CVE-2022-48974 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: fix using __this_cpu_add in preemptible Currently in nf_conntrack_hash_check_insert(), when it fails in nf_… redhatsusedebian
CVE-2022-48942 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: hwmon: Handle failure to register sensor with thermal zone correctly If an attempt is made to a sensor with a thermal zone and it… redhatsusedebian
CVE-2022-50014 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW Ever since the Dirty COW (CVE-2016-5195) security issue happened, w… redhatsusedebian
CVE-2022-48934 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_… redhatsusedebian
CVE-2022-50007 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: xfrm: fix refcount leak in __xfrm_policy_check() The issue happens on an error path in __xfrm_policy_check(). When the fetching p… redhatsusedebian
CVE-2022-49985 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnum_range on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF run… redhatrockylinuxsusedebian
CVE-2022-48915 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference Do not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if the th… redhatsusedebian
CVE-2022-50006 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: NFSv4.2 fix problems with __nfs42_ssc_open A destination server while doing a COPY shouldn't accept using the passed in filehandl… redhatsusedebian
CVE-2022-49636 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: vlan: fix memory leak in vlan_newlink() Blamed commit added back a bug I fixed in commit 9bbd917e0bec ("vlan: fix memory leak in … redhatsusedebian
CVE-2022-48885 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ice: Fix potential memory leak in ice_gnss_tty_write() The ice_gnss_tty_write() return directly if the write_buf alloc failed, le… redhatsusedebian
CVE-2022-49995 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: writeback: avoid use-after-free after removing device When a disk is removed, bdi_unregister gets called to stop further writebac… redhatsusedebian
CVE-2022-49994 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bootmem: remove the vmemmap pages from kmemleak in put_page_bootmem The vmemmap pages is marked by kmemleak when allocated from m… redhatsusedebian
CVE-2022-49993 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop The userspace can configure a loop using an ioctl call, wherein a configuration o… redhatsusedebian
CVE-2022-49998 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: (1) rxrpc_new_client_call() should … redhatsusedebian
CVE-2022-49992 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/mprotect: only reference swap pfn page if type match Yu Zhao reported a bug after the commit "mm/swap: Add swp_offset_pfn() to… redhatsusedebian
CVE-2022-49991 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte In MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages… redhatsusedebian
CVE-2022-49990 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: s390: fix double free of GS and RI CBs on fork() failure The pointers for guarded storage and runtime instrumentation control blo… redhatsusedebian
CVE-2022-49984 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report It is possible for a malicious device to forgo submittin… redhatsusedebian
CVE-2022-49983 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set the DMA mask for the udmabuf device (v2) If the DMA mask is not set explicitly, the following warning occurs when th… redhatsusedebian
CVE-2022-49982 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix memory leak in pvr_probe The error handling code in pvr2_hdw_create forgets to unregister the v4l2 device. Wh… redhatsusedebian
CVE-2022-49986 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq storvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as i… redhatsusedebian
CVE-2022-49981 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix memory leak in hidraw_release() Free the buffered reports before deleting the list entry. BUG: memory leak unre… redhatsusedebian
CVE-2022-49980 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free Read in usb_udc_uevent() The syzbot fuzzer found a race between uevent callbacks and gadget drive… redhatsusedebian
CVE-2022-49519 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ath10k: skip ath10k_halt during suspend for driver state RESTARTING Double free crash is observed when FW recovery(caused by wmi … redhatsusedebian
CVE-2022-49979 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net: fix refcount bug in sk_psock_get (2) Syzkaller reports refcount bug as follows: ------------[ cut here ]------------ refcoun… redhatsusedebian
CVE-2022-49974 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: fix rumble worker null pointer deref We can dereference a null pointer trying to queue work to a destroyed workque… redhatsusedebian
CVE-2022-49973 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: skmsg: Fix wrong last sg check in sk_msg_recvmsg() Fix one kernel NULL pointer dereference as below: [ 224.462334] Call Trace: … redhatsusedebian
CVE-2022-49971 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix a potential gpu_metrics_table memory leak Memory is allocated for gpu_metrics_table in smu_v13_0_4_init_smc_table… redhatsusedebian
CVE-2022-49970 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purge_effective_progs Syzkaller reported a triggered kernel BUG as follows: ------------[ cut h… redhatsusedebian
CVE-2022-49967 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpf_jit_limit. While reading bpf_jit_limit, it can be changed concurrently via sysctl, WRITE_ONCE() i… redhatsusedebian
CVE-2022-49966 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid To avoid any potential memory leak. redhatsusedebian
CVE-2022-21599 high 8.0 3y ago Important: mysql security update redhatdebian
CVE-2022-49965 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics Without these, potential memory leak may be induced. redhatsusedebian
CVE-2022-21604 high 8.0 3y ago Important: mysql security update redhatdebian
CVE-2022-49962 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference in remove if xHC has only one roothub The remove path in xhci platform driver tries to remove … redhatsusedebian
CVE-2022-21625 high 8.0 3y ago Important: mysql security update redhatdebian
CVE-2022-49960 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix null pointer dereference Asus chromebook CX550 crashes during boot on v5.17-rc1 kernel. The root cause is null poin… redhatsusedebian
CVE-2022-21637 high 8.0 3y ago Important: mysql security update redhatdebian
CVE-2022-49959 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix memory leak at failed datapath creation ovs_dp_cmd_new()->ovs_dp_change()->ovs_dp_set_upcall_portids() allocates… redhatsusedebian
CVE-2022-49958 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net/sched: fix netdevice reference leaks in attach_default_qdiscs() In attach_default_qdiscs(), if a dev has multiple queues and … redhatsusedebian
CVE-2022-49969 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: clear optc underflow before turn off odm clock [Why] After ODM clock off, optc underflow bit will be kept there … redhatsusedebian
CVE-2022-49964 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level Though acpi_find_last_cache_level() always … redhatsusedebian
CVE-2022-50133 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: usb: xhci_plat_remove: avoid NULL dereference Since commit 4736ebd7fcaff1eb8481c140ba494962847d6e0a ("usb: host: xhci-plat: omit … redhatsusedebian
CVE-2022-48884 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command stats access after free Command may fail while driver is reloading and can't accept FW commands till comman… redhatsusedebian
CVE-2022-49942 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected When we are not connected to a channel, sending channel … redhatsusedebian
CVE-2022-49951 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix use-after-free during unregister In the following code within firmware_upload_unregister(), the call to devi… redhatsusedebian
CVE-2022-49935 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later Previously when we added a fence to a dma_resv object we always assumed … redhatsusedebian
CVE-2022-49934 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix UAF in ieee80211_scan_rx() ieee80211_scan_rx() tries to access scan_req->flags after a null check, but a UAF … redhatsusedebian
CVE-2022-49925 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix null-ptr-deref in ib_core_cleanup() KASAN reported a null-ptr-deref error: KASAN: null-ptr-deref in range [0x00… redhatsusedebian
CVE-2022-49920 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: netlink notifier might race to release objects commit release path is invoked via call_rcu and it runs lock… redhatsusedebian
CVE-2022-48883 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent A user is able to configure an arbitrary number of rx que… redhatsusedebian
CVE-2022-49911 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: enforce documented limit to prevent allocating huge memory Daniel Xu reported that the hash:net,iface type of t… redhatsusedebian
CVE-2022-49908 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix memory leak in vhci_write Syzkaller reports a memory leak as follows: ==================================== … redhatsusedebian
CVE-2022-42863 high 8.0 3y ago Important: webkit2gtk3 security and bug fix update redhatsusedebian
CVE-2022-49903 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ipv6: fix WARNING in ip6_route_net_exit_late() During the initialization of ip6_route_net_init_late(), if file ipv6_route or rt6_… redhatsusedebian
CVE-2022-49902 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: block: Fix possible memory leak for rq_wb on add_disk failure kmemleak reported memory leaks in device_add_disk(): kmemleak: 3 n… redhatsusedebian
CVE-2022-49872 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net: gso: fix panic on frag_list with mixed head alloc types Since commit 3dcbdb134f32 ("net: gso: Fix skb_segment splat when spl… redhatsusedebian
CVE-2022-49862 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header This is a follow-up for commit 974cb0e3e7c9 ("tipc:… redhatsusedebian
CVE-2022-49853 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net: macvlan: fix memory leaks of macvlan_common_newlink kmemleak reports memory leaks in macvlan_common_newlink, as follows: i… redhatsusedebian
CVE-2022-49848 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-combo: fix NULL-deref on runtime resume Commit fc64623637da ("phy: qcom-qmp-combo,usb: add support for separate PCS… redhatsusedebian
CVE-2022-49739 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed (inline) inodes is within the allowed range whe… redhatsusedebian
CVE-2022-48939 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1… redhatsusedebian
CVE-2022-49723 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix error_state_read ptr + offset use Fix our pointer offset usage in error_state_read when there is no i915_gpu_… redhatsusedebian
CVE-2022-49726 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL and __init is a bad combination because the .… redhatsusedebian
CVE-2022-50583 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: md/raid0, raid10: Don't set discard sectors for request queue It should use disk_stack_limits to get a proper max_discard_sectors… redhatsusedebian
CVE-2022-49700 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab is stable as long as… redhatsusedebian
CVE-2022-49688 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afs_getattr consult the server didn't account for the pseudo-inodes employ… redhatsusedebian
CVE-2022-49666 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/memhotplug: Add add_pages override for PPC With commit ffa0b64e3be5 ("powerpc: Fix virt_addr_valid() for 64-bit Book3E & … redhatsusedebian
CVE-2022-49659 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits In commit 1be37d3b0414 ("can: m_can: fix periph RX… redhatsusedebian
CVE-2022-42703 high 8.0 3y ago mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. archredhatsusedebian+1
CVE-2022-50445 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: xfrm: Reinject transport-mode packets through workqueue The following warning is displayed when the tcp6-multi-diffip11 stress te… redhatsusedebian
CVE-2022-49590 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_llm_reports. While reading sysctl_igmp_llm_reports, it can be changed concurrently. Thus,… redhatsusedebian
CVE-2022-49936 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ===… redhatsusedebian
CVE-2022-49655 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: fscache: Fix invalidation/lookup race If an NFS file is opened for writing and closed, fscache_invalidate() will be asked to inva… redhatsusedebian
CVE-2022-49651 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: srcu: Tighten cleanup_srcu_struct() GP checks Currently, cleanup_srcu_struct() checks for a grace period in progress, but it does… redhatsusedebian
CVE-2022-50041 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ice: Fix call trace with null VSI during VF reset During stress test with attaching and detaching VF from KVM and simultaneously … redhatsusedebian
CVE-2022-49646 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue fo… redhatsusedebian
CVE-2022-42799 high 8.0 3y ago Important: webkit2gtk3 security and bug fix update redhatsusedebian
CVE-2022-21608 high 8.0 3y ago Important: mysql security update redhatdebian
CVE-2022-49644 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() If drm_connector_init fails, intel_connector_free will be … redhatsusedebian
CVE-2022-49642 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driver for … redhatsusedebian
CVE-2022-49641 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec(). A sysctl variable is accessed concurrently, and there is always a chance of data-race… redhatsusedebian
CVE-2022-49639 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add R… redhatsusedebian
CVE-2022-50003 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ice: xsk: prohibit usage of non-balanced queue id Fix the following scenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t… redhatsusedebian
CVE-2022-49638 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl. While reading icmp sysctl variables, they can be changed concurrently. So, we need to add REA… redhatsusedebian
CVE-2022-49637 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_sync_mem. While reading sysctl_fib_sync_mem, it can be changed concurrently. So, we need … redhatsusedebian
CVE-2022-49634 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data-races in proc_dou8vec_minmax(). A sysctl variable is accessed concurrently, and there is always a chance of data… redhatsusedebian
CVE-2022-49632 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. While reading sysctl_icmp_errors_use_inbound_ifaddr, it can b… redhatsusedebian
CVE-2022-49631 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: raw: Fix a data-race around sysctl_raw_l3mdev_accept. While reading sysctl_raw_l3mdev_accept, it can be changed concurrently. Thu… redhatsusedebian
CVE-2022-49629 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix data-races around nexthop_compat_mode. While reading nexthop_compat_mode, it can be changed concurrently. Thus, we n… redhatsusedebian
CVE-2022-49630 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_ecn_fallback. While reading sysctl_tcp_ecn_fallback, it can be changed concurrently. Thus,… redhatsusedebian