CVEs from 2022
Total
5,243
critical
critical 92
high
high 1,233
medium
medium 961
low
low 24
% Critical
1.8%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3110 | unknown | — | — | — | An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the … | |||
| CVE-2022-3526 | unknown | — | — | — | A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulat… | |||
| CVE-2022-36123 | unknown | — | — | — | The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. | |||
| CVE-2022-3577 | unknown | — | — | — | An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system.… | |||
| CVE-2022-3595 | unknown | — | — | — | A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The mani… | |||
| CVE-2022-44034 | unknown | — | — | — | An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device… | |||
| CVE-2022-48667 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data corruption in insert range insert range doesn't discard the affected cached region so can risk temporari… | |||
| CVE-2022-48671 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() syzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) wa… | |||
| CVE-2022-48668 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data corruption in collapse range collapse range doesn't discard the affected cached region so can risk tempo… | |||
| CVE-2022-48689 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report [1] showing a possible misuse of pfmemalloc pag… | |||
| CVE-2022-48675 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmput_async(). From the … | |||
| CVE-2022-48686 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the io_work loop when we set rd_enabled to true, so we do… | |||
| CVE-2022-48690 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ice: Fix DMA mappings leak Fix leak, when user changes ring parameters. During reallocation of RX buffers, new DMA mappings are c… | |||
| CVE-2022-48691 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clean up hook list when offload flags check fails splice back the hook list so nft_chain_release_hook() has… | |||
| CVE-2022-48693 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs In brcmstb_pm_probe(), there are two kinds of leak bugs: (1) we ne… | |||
| CVE-2022-48697 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a use-after-free Fix the following use-after-free complaint triggered by blktests nvme/004: BUG: KASAN: user-memory-a… | |||
| CVE-2022-48698 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix memory leak when using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on … | |||
| CVE-2022-48699 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sched/debug: fix dentry leak in update_sched_domain_debugfs Kuyo reports that the pattern of using debugfs_remove(debugfs_lookup(… | |||
| CVE-2022-48704 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current … | |||
| CVE-2022-48740 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the c… | |||
| CVE-2022-48742 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() While looking at one unrelated syzbot bug, I found the repla… | |||
| CVE-2022-48753 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: block: fix memory leak in disk_register_independent_access_ranges kobject_init_and_add() takes reference even when it fails. Acco… | |||
| CVE-2022-48741 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ovl: fix NULL pointer dereference in copy up warning This patch is fixing a NULL pointer dereference to get a recently introduced… | |||
| CVE-2022-48745 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use del_timer_sync in fw reset flow of halting poll Substitute del_timer() with del_timer_sync() in fw reset polling de… | |||
| CVE-2022-3559 | unknown | — | — | — | A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the p… | |||
| CVE-2022-37451 | unknown | — | — | — | Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. | |||
| CVE-2022-3620 | unknown | — | — | — | A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use aft… | |||
| CVE-2022-48746 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix handling of wrong devices during bond netevent Current implementation of bond netevent handler only check if the h… | |||
| CVE-2022-48748 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: bridge: vlan: fix memory leak in __allowed_ingress When using per-vlan state, if vlan snooping and stats are disabled, untag… | |||
| CVE-2022-37452 | unknown | — | — | — | Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. | |||
| CVE-2022-48749 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc The function performs a check on the "ctx" input parameter, however, i… | |||
| CVE-2022-48750 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775) Fix crash in clear_caseopen Paweł Marciniak reports the following crash, observed when clearing the chassis intr… | |||
| CVE-2022-48751 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smc_setsockopt() and it is caused by accessing sm… | |||
| CVE-2022-48780 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of clcsock will be saved and replaced … | |||
| CVE-2022-48785 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() Some time ago 8965779d2c0e ("ipv6,mcast: always hold idev->lock before mca… | |||
| CVE-2022-48782 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mctp: fix use after free Clang static analysis reports this problem route.c:425:4: warning: Use of memory after it is freed tra… | |||
| CVE-2022-48783 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: fix use after free in gswip_remove() of_node_put(priv->ds->slave_mii_bus->dev.of_node) should be done bef… | |||
| CVE-2022-48784 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix race in netlink owner interface destruction My previous fix here to fix the deadlock left a race where the exact sa… | |||
| CVE-2022-48787 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iwlwifi: fix use-after-free If no firmware was present at all (or, presumably, all of the firmware files failed to parse), we end… | |||
| CVE-2022-48788 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nvme_rdma_submit_async_event_work is checking the c… | |||
| CVE-2022-48789 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport error_recovery work While nvme_tcp_submit_async_event_work is checking the ctr… | |||
| CVE-2022-48790 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queue_rq, in .submit_async_event drivers may not chec… | |||
| CVE-2022-48791 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted befor… | |||
| CVE-2022-48792 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by th… | |||
| CVE-2022-48794 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: at86rf230: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wa… | |||
| CVE-2022-48793 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fix potential NULL derefernce on nested migration Turns out that due to review feedback and/or rebases I accident… | |||
| CVE-2022-48797 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm: don't try to NUMA-migrate COW pages that have other uses Oded Gabbay reports that enabling NUMA balancing causes corruption w… | |||
| CVE-2022-48795 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: parisc: Fix data TLB miss in sba_unmap_sg Rolf Eike Beer reported the following bug: [1274934.746891] Bad Address (null pointer … | |||
| CVE-2022-48796 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iommu: Fix potential use-after-free during probe Kasan has reported the following use after free on dev->iommu. when a device pro… | |||
| CVE-2022-48826 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix deadlock on DSI device attach error DSI device attach to DSI host will be done with host device's lock held. Un-reg… | |||
| CVE-2022-48831 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ima: fix reference leak in asymmetric_verify() Don't leak a reference to the key if its algorithm is unknown. | |||
| CVE-2022-48832 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: audit: don't deref the syscall args when checking the openat2 open_how::flags As reported by Jeff, dereferencing the openat2 sysc… | |||
| CVE-2022-48834 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fix bug in pipe direction for control transfers The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-… | |||
| CVE-2022-48837 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: prevent integer overflow in rndis_set_response() If "BufOffset" is very large the "BufOffset + 8" operation c… | |||
| CVE-2022-48838 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: Fix use-after-free bug by not setting udc->dev.driver The syzbot fuzzer found a use-after-free bug: BUG: KASAN: use… | |||
| CVE-2022-48840 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iavf: Fix hang during reboot/shutdown Recent commit 974578017fc1 ("iavf: Add waiting so the port is initialized in remove") adds … | |||
| CVE-2022-48846 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: block: release rq qos structures for queue without disk blkcg_init_queue() may add rq qos structures to request queue, previously… | |||
| CVE-2022-48841 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() It is possible to do NULL pointer dereference in routine that… | |||
| CVE-2022-48870 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tty: fix possible null-ptr-defer in spk_ttyio_release Run the following tests on the qemu platform: syzkaller:~# modprobe speaku… | |||
| CVE-2022-48872 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() until map->fl-… | |||
| CVE-2022-48873 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Don't remove map on creater_process and device_release Do not remove the map from the list on error path in fastrp… | |||
| CVE-2022-48874 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free and race in fastrpc_map_find Currently, there is a race window between the point when the mutex… | |||
| CVE-2022-48876 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix initialization of rx->link and rx->link_sta There are some codepaths that do not initialize rx->link_sta prop… | |||
| CVE-2022-48877 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extent_tree is not created This patch avoids the below panic. pc : __lookup_extent_tree+0xd8/0x760 lr… | |||
| CVE-2022-48878 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Fix driver shutdown on closed serdev The driver shutdown callback (which sends EDL_SOC_RESET to the device ov… | |||
| CVE-2022-48879 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime servi… | |||
| CVE-2022-48880 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: platform/surface: aggregator: Add missing call to ssam_request_sync_free() Although rare, ssam_request_sync_init() can fail. In t… | |||
| CVE-2022-48881 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix refcount leak in amd_pmc_probe pci_get_domain_bus_and_slot() takes reference, the caller should release the… | |||
| CVE-2022-48882 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) Upon updating MAC security entity (SecY)… | |||
| CVE-2022-48907 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: auxdisplay: lcd2s: Fix memory leak in ->remove() Once allocated the struct lcd2s_data is never freed. Fix the memory leak by swit… | |||
| CVE-2022-48909 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix connection leak There's a potential leak issue under following execution sequence : smc_release smc_connect_wo… | |||
| CVE-2022-48916 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix double list_add when enabling VMD in scalable mode When enabling VMD and IOMMU scalable mode, the following kerne… | |||
| CVE-2022-48910 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ensure we call ipv6_mc_down() at most once There are two reasons for addrconf_notify() to be called with NETDEV_DOWN: … | |||
| CVE-2022-48911 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no gua… | |||
| CVE-2022-48922 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: riscv: fix oops caused by irqsoff latency tracer The trace_hardirqs_{on,off}() require the caller to setup frame pointer properly… | |||
| CVE-2022-48925 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.src_addr outside state checks If the state is not idle then resolve_prepare_src() should immed… | |||
| CVE-2022-48920 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost… | |||
| CVE-2022-48923 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: prevent copying too big compressed lzo segment Compressed length can be corrupted to be a lot larger than memory we have a… | |||
| CVE-2022-48951 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() The bounds checks in snd_soc_put_volsw_sx() are only being a… | |||
| CVE-2022-48952 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: PCI: mt7621: Add sentinel to quirks table Current driver is missing a sentinel in the struct soc_device_attribute array, which ca… | |||
| CVE-2022-48953 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpi_install_fixed_event_handler() enables the event automatical… | |||
| CVE-2022-48955 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: thunderbolt: fix memory leak in tbnet_open() When tb_ring_alloc_rx() failed in tbnet_open(), ida that allocated in tb_xdomai… | |||
| CVE-2022-48957 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() The cmd_buff needs to be freed … | |||
| CVE-2022-48958 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in greth_init_rings() The greth_init_rings() function won't free the newly allocated s… | |||
| CVE-2022-48959 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() When dsa_devlink_region_create failed in sja1105_setup_devl… | |||
| CVE-2022-48960 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after … | |||
| CVE-2022-48961 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix unbalanced fwnode reference count in mdio_device_release() There is warning report about of_node refcount leak whi… | |||
| CVE-2022-48962 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, aft… | |||
| CVE-2022-48963 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipc_mux_init() When failed to alloc ipc_mux->ul_adb.pp_qlt in ipc_mux_init(), ipc_mux is not … | |||
| CVE-2022-48964 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ravb: Fix potential use-after-free in ravb_rx_gbeth() The skb is delivered to napi_gro_receive() which may free it, after calling… | |||
| CVE-2022-48965 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gpio/rockchip: fix refcount leak in rockchip_gpiolib_register() The node returned by of_get_parent() with refcount incremented, o… | |||
| CVE-2022-48966 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: mvneta: Prevent out of bounds read in mvneta_config_rss() The pp->indir[0] value comes from the user. It is passed to: if… | |||
| CVE-2022-48996 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damon_sysfs_set_schemes() Commit da87878010e5 ("mm/damo… | |||
| CVE-2022-49000 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix PCI device refcount leak in has_external_pci() for_each_pci_dev() is implemented by pci_get_device(). The comment… | |||
| CVE-2022-1137 | unknown | — | — | — | Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information … | |||
| CVE-2022-1488 | unknown | — | — | — | Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafte… | |||
| CVE-2022-48999 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference Gwangun Jung reported a slab-out-of-bounds … | |||
| CVE-2022-1145 | unknown | — | — | — | Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user… | |||
| CVE-2022-49237 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ath11k: add missing of_node_put() to avoid leak The node pointer is returned by of_find_node_by_type() or of_parse_phandle() with… | |||
| CVE-2022-1479 | unknown | — | — | — | Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |