CVEs from 2022
Total
5,252
critical
critical 90
high
high 1,233
medium
medium 957
low
low 24
% Critical
1.7%
% with KEV
2.5%
% with exploit
3.4%
Top vendors
- oracle 616
- netapp 438
- microsoft 165
- omron 109
- azul 82
- schneider-electric 33
- mitsubishielectric 32
- siemens 10
Top products
- jdk 116
- jre 109
- openjdk 100
- zulu 82
- graalvm 74
- cloud_secure_agent 35
- oncommand_insight 34
- cloud_insights_acquisition_unit 34
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-50535 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null-deref in dm_resume [Why] Fixing smatch error: dm_resume() error: we previously assumed 'aconn… | |||
| CVE-2022-49839 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will c… | |||
| CVE-2022-49837 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in __check_func_call kmemleak reports this issue: unreferenced object 0xffff88817139d000 (size 2048): co… | |||
| CVE-2022-49827 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() drm_vblank_init() call drmm_add_action_or_reset() with drm_vblan… | |||
| CVE-2022-49774 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign() Should not call eventfd_ctx_put() in case of error. [Introd… | |||
| CVE-2022-49773 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix optc2_configure warning on dcn314 [Why] dcn314 uses optc2_configure_crc() that wraps optc1_configure_crc() +… | |||
| CVE-2022-27635 | high | — | 8.0 | 3y ago | Important: linux-firmware security, bug fix, and enhancement update | |||
| CVE-2022-49752 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: device property: fix of node refcount leak in fwnode_graph_get_next_endpoint() The 'parent' returned by fwnode_graph_get_port_par… | |||
| CVE-2022-49750 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Add u64 casts to avoid overflowing The fields of the _CPC object are unsigned 32-bits values. To avoid overflows w… | |||
| CVE-2022-49746 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init If the function sdma_load_context() fails, the sdma_desc wi… | |||
| CVE-2022-50005 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout When the pn532 uart device is detaching, the pn532_uart_remove() … | |||
| CVE-2022-49567 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix uninit-value in mpol_rebind_policy() mpol_set_nodemask()(mm/mempolicy.c) does not set up nodemask when pol->mod… | |||
| CVE-2022-50072 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must not try to free either the open s… | |||
| CVE-2022-50076 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak on the deferred close xfstests on smb21 report kmemleak as below: unreferenced object 0xffff8881767d6200… | |||
| CVE-2022-50091 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: locking/csd_lock: Change csdlock_debug from early_param to __setup The csdlock_debug kernel-boot parameter is parsed by the early… | |||
| CVE-2022-50127 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxe_create_qp() In the function rxe_create_qp(), rxe_qp_from_init() is called to initialize qp, int… | |||
| CVE-2022-49316 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open() compound, we have to b… | |||
| CVE-2022-50239 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom: fix writes in read-only memory region This commit fixes a kernel oops because of a write in some read-only memory:… | |||
| CVE-2022-50107 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak when using fscache If we hit the 'index == next_cached' case, we leak a refcount on the struct page. Fix t… | |||
| CVE-2022-50064 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: virtio-blk: Avoid use-after-free on suspend/resume hctx->user_data is set to vq in virtblk_init_hctx(). However, vq is freed on … | |||
| CVE-2022-36351 | high | — | 8.0 | 3y ago | Important: linux-firmware security, bug fix, and enhancement update | |||
| CVE-2022-50135 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup The function rxe_create_qp calls rxe_qp_from_init. If some error oc… | |||
| CVE-2022-50191 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: regulator: of: Fix refcount leak bug in of_get_regulation_constraints() We should call the of_node_put() for the reference return… | |||
| CVE-2022-50200 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: selinux: Add boundary check in put_entry() Just like next_entry(), boundary check is necessary to prevent memory out-of-bound acc… | |||
| CVE-2022-50234 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: defer registered files gc to io_uring release Instead of putting io_uring's registered files in unix_gc() we wa… | |||
| CVE-2022-50817 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skb_clone() syzbot got a crash [1] in skb_clone(), caused by a bug in hsr_get_untagged_fra… | |||
| CVE-2022-50004 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix metadata dst->dev xmit null pointer dereference When we try to transmit an skb with metadata_dst attached (i.e.… | |||
| CVE-2022-50297 | high | — | 8.0 | 3y ago | RHSA-2023:7077: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2022-50705 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: defer fsnotify calls to task context We can't call these off the kiocb completion as that might be off soft/hard irq… | |||
| CVE-2022-46329 | high | — | 8.0 | 3y ago | Important: linux-firmware security, bug fix, and enhancement update | |||
| CVE-2022-49938 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), after the req… | |||
| CVE-2022-33196 | high | — | 8.0 | 3y ago | RHEA-2023:7117: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2022-21216 | high | — | 8.0 | 3y ago | RHEA-2023:7117: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2022-40284 | high | — | 8.0 | 3y ago | RHSA-2023:5264: virt:rhel and virt-devel:rhel security and bug fix update (Important) | |||
| CVE-2022-47015 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-32084 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-32091 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-32082 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-38791 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-32089 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-32081 | high | — | 8.0 | 3y ago | RHSA-2023:5683: mariadb:10.5 security update (Important) | |||
| CVE-2022-25883 | high | — | 8.0 | 3y ago | RHSA-2023:5362: nodejs:18 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-50661 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copy_seccomp() to no failure path. Our syzbot instance reported memory leaks in do_seccomp() [0], similar to the re… | |||
| CVE-2022-40982 | high | — | 8.0 | 3y ago | Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable in… | |||
| CVE-2022-41804 | high | — | 8.0 | 3y ago | RHEA-2023:4995: microcode_ctl bug fix and enhancement update (Important) | |||
| CVE-2022-45869 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-32885 | high | — | 8.0 | 3y ago | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lea… | |||
| CVE-2022-40609 | high | — | 8.0 | 3y ago | RHSA-2023:4103: java-1.8.0-ibm security update (Important) | |||
| CVE-2022-37967 | high | — | 8.0 | 3y ago | RHEA-2023:3850: krb5 bug fix update (Important) | |||
| CVE-2022-25147 | high | — | 8.0 | 3y ago | RHSA-2023:3109: apr-util security update (Important) | |||
| CVE-2022-41218 | high | — | 8.0 | 3y ago | In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. | |||
| CVE-2022-25265 | high | — | 8.0 | 3y ago | In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execu… | |||
| CVE-2022-50130 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: core: set smem_len before fb_deferred_io_init call The fbtft_framebuffer_alloc() calls fb_deferred_io_init() befo… | |||
| CVE-2022-49959 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix memory leak at failed datapath creation ovs_dp_cmd_new()->ovs_dp_change()->ovs_dp_set_upcall_portids() allocates… | |||
| CVE-2022-50427 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() If device_register() fails in snd_ac97_dev_register(), it should … | |||
| CVE-2022-1789 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-1882 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-20141 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-2663 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-21505 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-2196 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-28388 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-3028 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-33743 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-3435 | high | — | 8.0 | 3y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2022-50839 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential buffer head reference count leak As in 'jbd2_fc_wait_bufs' if buffer isn't uptodate, will return -EIO without… | |||
| CVE-2022-49964 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level Though acpi_find_last_cache_level() always … | |||
| CVE-2022-49973 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: skmsg: Fix wrong last sg check in sk_msg_recvmsg() Fix one kernel NULL pointer dereference as below: [ 224.462334] Call Trace: … | |||
| CVE-2022-49979 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net: fix refcount bug in sk_psock_get (2) Syzkaller reports refcount bug as follows: ------------[ cut here ]------------ refcoun… | |||
| CVE-2022-50014 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW Ever since the Dirty COW (CVE-2016-5195) security issue happened, w… | |||
| CVE-2022-50029 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ipq8074: dont disable gcc_sleep_clk_src Once the usb sleep clocks are disabled, clock framework is trying to disable t… | |||
| CVE-2022-50046 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() The issue happens on some error handling paths. When the … | |||
| CVE-2022-21594 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-21599 | high | — | 8.0 | 3y ago | RHSA-2023:3087: mysql:8.0 security, bug fix, and enhancement update (Important) | |||
| CVE-2022-50168 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf, x86: fix freeing of not-finalized bpf_prog_pack syzbot reported a few issues with bpf_prog_pack [1], [2]. This only happens … | |||
| CVE-2022-50172 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg Free the skb if mt76u_bulk_msg fails in __mt76x02u_mcu_send_m… | |||
| CVE-2022-50227 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Initialize Xen timer only once Add a check for existing xen timers before initializing a new one. Currently kvm_xe… | |||
| CVE-2022-49492 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags In nvme_alloc_admin_tags, the admin_q can be set to an error (t… | |||
| CVE-2022-49511 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: fix the pagelist corruption Easily hit the below list corruption: == list_add corruption. prev->next should be next… | |||
| CVE-2022-49513 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release() method to free dbs_data The struct dbs_data embeds a struct gov_attr_set and the struct … | |||
| CVE-2022-49520 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall If a compat process tries to execute an unknown system ca… | |||
| CVE-2022-49539 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: rtw89: ser: fix CAM leaks occurring in L2 reset The CAM, meaning address CAM and bssid CAM here, will get leaks during SER (syste… | |||
| CVE-2022-49548 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix potential array overflow in bpf_trampoline_get_progs() The cnt value in the 'cnt >= BPF_MAX_TRAMP_PROGS' check does not … | |||
| CVE-2022-49552 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix combination of jit blinding and pointers to bpf subprogs. The combination of jit blinding and pointers to bpf subprogs c… | |||
| CVE-2022-49565 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/lbr: Fix unchecked MSR access error on HSW The fuzzer triggers the below trace. [ 7763.384369] unchecked MSR acce… | |||
| CVE-2022-49572 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. While reading sysctl_tcp_slow_start_after_idle, it can be changed co… | |||
| CVE-2022-49575 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. While reading sysctl_tcp_thin_linear_timeouts, it can be changed con… | |||
| CVE-2022-49577 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: udp: Fix a data-race around sysctl_udp_l3mdev_accept. While reading sysctl_udp_l3mdev_accept, it can be changed concurrently. Thu… | |||
| CVE-2022-49578 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_prot_sock. sysctl_ip_prot_sock is accessed concurrently, and there is always a chance of data… | |||
| CVE-2022-49579 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctl_fib_multipath_hash_policy. While reading sysctl_fib_multipath_hash_policy, it can be changed c… | |||
| CVE-2022-49580 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. While reading sysctl_fib_multipath_use_neigh, it can be changed conc… | |||
| CVE-2022-49585 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. While reading sysctl_tcp_fastopen_blackhole_timeout, it can be … | |||
| CVE-2022-49586 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_fastopen. While reading sysctl_tcp_fastopen, it can be changed concurrently. Thus, we need … | |||
| CVE-2022-49587 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_notsent_lowat. While reading sysctl_tcp_notsent_lowat, it can be changed concurrently. Thu… | |||
| CVE-2022-49588 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_migrate_req. While reading sysctl_tcp_migrate_req, it can be changed concurrently. Thus, we… | |||
| CVE-2022-49589 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_qrv. While reading sysctl_igmp_qrv, it can be changed concurrently. Thus, we need to add … | |||
| CVE-2022-49593 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_probe_interval. While reading sysctl_tcp_probe_interval, it can be changed concurrently. T… | |||
| CVE-2022-49595 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_probe_threshold. While reading sysctl_tcp_probe_threshold, it can be changed concurrently.… | |||
| CVE-2022-49612 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: power: supply: core: Fix boundary conditions in interpolation The functions power_supply_temp2resist_simple and power_supply_ocv2… | |||
| CVE-2022-49596 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_min_snd_mss. While reading sysctl_tcp_min_snd_mss, it can be changed concurrently. Thus, we… |