RHSA-2022:7683MediumCVSS 7.8

Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Published
November 8, 2022
Last Modified
June 29, 2026

🔗 CVE IDs covered (134)

CVE-2022-28893CVE-2022-49160CVE-2022-49611CVE-2022-49626CVE-2022-49664CVE-2022-3107CVE-2022-36946CVE-2022-49605CVE-2022-50027CVE-2022-50213CVE-2022-49543CVE-2022-49695CVE-2022-2078CVE-2022-49272CVE-2021-47099CVE-2022-2586CVE-2022-49235CVE-2022-49347CVE-2022-49537CVE-2022-49066CVE-2022-1280CVE-2022-2639CVE-2022-20368CVE-2022-48765CVE-2022-48918CVE-2022-49175CVE-2022-1016CVE-2022-1158CVE-2022-49710CVE-2022-49409CVE-2022-49610CVE-2022-50187CVE-2022-1184CVE-2022-49426CVE-2022-49534CVE-2022-50081 · pendingCVE-2022-50115CVE-2022-49086CVE-2022-49156CVE-2022-49398CVE-2022-49697CVE-2021-3640CVE-2021-47639CVE-2022-21499CVE-2022-49123CVE-2022-49404CVE-2022-29581CVE-2022-49129CVE-2022-50092CVE-2021-47378CVE-2022-48912CVE-2022-49263CVE-2022-50178CVE-2022-1852CVE-2022-24448CVE-2022-49130CVE-2021-47580CVE-2022-49158CVE-2022-49374CVE-2022-49541CVE-2022-50069CVE-2022-2938CVE-2022-49288CVE-2022-49290CVE-2022-49673CVE-2022-50055CVE-2020-36516CVE-2022-1263CVE-2022-49063CVE-2020-36558CVE-2022-1048CVE-2022-2503CVE-2022-49378CVE-2022-49707CVE-2022-50054CVE-2022-50030CVE-2023-53181CVE-2022-0168CVE-2022-28390CVE-2022-49044CVE-2022-49199CVE-2022-49616CVE-2022-49674CVE-2021-47107CVE-2021-47213 · pendingCVE-2022-23960CVE-2022-27950CVE-2022-49122CVE-2022-50053CVE-2022-48943CVE-2022-49259CVE-2022-49418CVE-2022-50110CVE-2021-47649CVE-2022-1055CVE-2022-26373CVE-2022-49098CVE-2021-30002CVE-2021-47657CVE-2022-49145CVE-2022-49584CVE-2022-49606CVE-2022-0617CVE-2022-49615CVE-2022-49669CVE-2022-48786CVE-2022-49238CVE-2022-49559CVE-2022-50084CVE-2022-50177CVE-2022-0854CVE-2022-49671CVE-2022-49708CVE-2021-47103CVE-2022-20572CVE-2022-48915CVE-2022-49268CVE-2022-49292CVE-2022-49433CVE-2022-49536CVE-2022-49561CVE-2022-2153CVE-2022-49265CVE-2022-49343CVE-2022-49349CVE-2022-49625CVE-2022-49698CVE-2022-48735CVE-2022-48738CVE-2022-49060CVE-2022-49515CVE-2022-49538CVE-2022-50085CVE-2023-4387

📋 Description

CVE-2020-36516 — kernel: off-path attacker may inject data or terminate victim's TCP session CVE-2020-36558 — kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference CVE-2021-3640 — kernel: use-after-free vulnerability in function sco_sock_sendmsg() CVE-2021-30002 — kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c CVE-2021-47099 — kernel: veth: ensure skb entering GRO are not cloned. CVE-2021-47103 — kernel: inet: fully convert sk->sk_rx_dst to RCU rules CVE-2021-47107 — kernel: NFSD: Fix READDIR buffer overflow CVE-2021-47213 — kernel: NFSD: Fix exposure in nfsd4_decode_bitmap() CVE-2021-47378 — kernel: nvme-rdma: destroy cm id before destroy qp to avoid use after free CVE-2021-47580 — kernel: scsi: scsi_debug: Fix type in min_t to avoid stack OOB CVE-2021-47639 — kernel: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU CVE-2021-47649 — kernel: udmabuf: validate ubuf->pagecount CVE-2021-47657 — kernel: drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() CVE-2022-0168 — kernel: smb2_ioctl_query_info NULL pointer dereference CVE-2022-0617 — kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback CVE-2022-0854 — kernel: swiotlb information leak with DMA_FROM_DEVICE CVE-2022-1016 — kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM CVE-2022-1048 — kernel: race condition in snd_pcm_hw_free leading to use-after-free CVE-2022-1055 — kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c CVE-2022-1158 — kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region CVE-2022-1184 — kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image CVE-2022-1263 — kernel: KVM: NULL pointer dereference in kvm_dirty_ring_push in virt/kvm/dirty_ring.c CVE-2022-1280 — kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources CVE-2022-1852 — kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS CVE-2022-2078 — kernel: buffer overflow in nft_set_desc_concat_parse() CVE-2022-2153 — kernel: KVM: NULL pointer dereference in kvm_irq_delivery_to_apic_fast() CVE-2022-2503 — kernel: LoadPin bypass via dm-verity table reload CVE-2022-2586 — kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation CVE-2022-2639 — kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() CVE-2022-2938 — kernel: use-after-free when psi trigger is destroyed while being polled CVE-2022-3107 — kernel: hv_netvsc: NULL pointer dereference in netvsc_get_ethtool_stats() CVE-2022-20368 — kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() CVE-2022-20572 — kernel: missing DM_TARGET_IMMUTABLE feature flag in verity_target in drivers/md/dm-verity-target.c CVE-2022-21499 — kernel: possible to use the debugger to write zero into a location of choice CVE-2022-23960 — hw: cpu: arm64: Spectre-BHB CVE-2022-24448 — kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR CVE-2022-26373 — hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions CVE-2022-27950 — kernel: memory leak in drivers/hid/hid-elo.c CVE-2022-28390 — kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c CVE-2022-28893 — kernel: use after free in SUNRPC subsystem CVE-2022-29581 — kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c CVE-2022-36946 — kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c CVE-2022-48735 — kernel: ALSA: hda: Fix UAF of leds class devs at unbinding CVE-2022-48738 — kernel: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() CVE-2022-48765 — kernel: KVM: LAPIC: Also cancel preemption timer during SET_LAPIC CVE-2022-48786 — kernel: vsock: remove vsock from connected table when connect is interrupted by a signal CVE-2022-48912 — kernel: netfilter: fix use-after-free in __nf_register_net_hook() CVE-2022-48915 — kernel: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference CVE-2022-48918 — kernel: iwlwifi: mvm: check debugfs_dir ptr before use CVE-2022-48943 — kernel: KVM: x86/mmu: make apf token non-zero to fix bug CVE-2022-49044 — kernel: dm integrity: fix memory corruption when tag_size is less than digest size CVE-2022-49060 — kernel: net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() CVE-2022-49063 — kernel: ice: arfs: fix use-after-free when freeing @rx_cpu_rmap CVE-2022-49066 — kernel: veth: Ensure eth header is in skb's linear part CVE-2022-49086 — kernel: net: openvswitch: fix leak of nested actions CVE-2022-49098 — kernel: Drivers: hv: vmbus: Fix potential crash on module unload CVE-2022-49122 — kernel: dm ioctl: prevent potential spectre v1 gadget CVE-2022-49123 — kernel: ath11k: Fix frames flush failure caused by deadlock CVE-2022-49129 — kernel: mt76: mt7921: fix crash when startup fails. CVE-2022-49130 — kernel: ath11k: mhi: use mhi_sync_power_up() CVE-2022-49145 — kernel: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data CVE-2022-49156 — kernel: scsi: qla2xxx: Fix scheduling while atomic CVE-2022-49158 — kernel: scsi: qla2xxx: Fix warning message due to adisc being flushed CVE-2022-49160 — kernel: scsi: qla2xxx: Fix crash during module load unload test CVE-2022-49175 — kernel: PM: core: keep irq flags in device_pm_check_callbacks() CVE-2022-49199 — kernel: RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() CVE-2022-49235 — kernel: ath9k_htc: fix uninit value bugs CVE-2022-49238 — kernel: ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855 CVE-2022-49259 — kernel: block: don't delete queue kobject before its children CVE-2022-49263 — kernel: brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path CVE-2022-49265 — kernel: PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() CVE-2022-49268 — kernel: ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM CVE-2022-49272 — kernel: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock CVE-2022-49288 — kernel: ALSA: pcm: Fix races among concurrent prealloc proc writes CVE-2022-49290 — kernel: mac80211: fix potential double free on mesh join CVE-2022-49292 — kernel: ALSA: oss: Fix PCM OSS buffer allocation overflow CVE-2022-49343 — kernel: ext4: avoid cycles in directory h-tree CVE-2022-49347 — kernel: ext4: fix bug_on in ext4_writepages CVE-2022-49349 — kernel: ext4: fix use-after-free in ext4_rename_dir_prepare CVE-2022-49374 — kernel: tipc: check attribute length for bearer name CVE-2022-49378 — kernel: sfc: fix considering that all channels have TX queues CVE-2022-49398 — kernel: usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback CVE-2022-49404 — kernel: RDMA/hfi1: Fix potential integer multiplication overflow errors CVE-2022-49409 — kernel: ext4: fix bug_on in __es_tree_search CVE-2022-49418 — kernel: NFSv4: Fix free of uninitialized nfs4_label on referral lookup. CVE-2022-49426 — kernel: iommu/arm-smmu-v3-sva: Fix mm use-after-free CVE-2022-49433 — kernel: RDMA/hfi1: Prevent use of lock before it is initialized CVE-2022-49515 — kernel: ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t CVE-2022-49534 — kernel: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT CVE-2022-49536 — kernel: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock CVE-2022-49537 — kernel: scsi: lpfc: Fix call trace observed during I/O with CMF enabled CVE-2022-49538 — kernel: ALSA: jack: Access input_dev under mutex CVE-2022-49541 — kernel: cifs: fix potential double free during failed mount CVE-2022-49543 — kernel: ath11k: fix the warning of dev_wake in mhi_pm_disable_transition() CVE-2022-49559 — kernel: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 CVE-2022-49561 — kernel: netfilter: conntrack: re-fetch conntrack after insertion CVE-2022-49584 — kernel: ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero CVE-2022-49605 — kernel: igc: Reinstate IGC_REMOVED logic and implement it properly CVE-2022-49606 — kernel: RDMA/irdma: Fix sleep from invalid context BUG CVE-2022-49610 — kernel: KVM: VMX: Prevent RSB underflow before vmenter CVE-2022-49611 — kernel: x86/speculation: Fill RSB on vmexit for IBRS CVE-2022-49615 — kernel: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error CVE-2022-49616 — kernel: ASoC: rt7*-sdw: harden jack_detect_handler CVE-2022-49625 — kernel: sfc: fix kernel panic when creating VF CVE-2022-49626 — kernel: sfc: fix use after free when disabling sriov CVE-2022-49664 — kernel: tipc: move bc link creation back to tipc_node_create CVE-2022-49669 — kernel: mptcp: fix race on unaccepted mptcp sockets CVE-2022-49671 — kernel: RDMA/cm: Fix memory leak in ib_cm_insert_listen CVE-2022-49673 — kernel: dm raid: fix KASAN warning in raid5_add_disks CVE-2022-49674 — kernel: Linux kernel: Device Mapper RAID out-of-bounds access CVE-2022-49695 — kernel: igb: fix a use-after-free issue in igb_clean_tx_ring CVE-2022-49697 — kernel: bpf: Fix request_sock leak in sk lookup helpers CVE-2022-49698 — kernel: netfilter: use get_random_u32 instead of prandom CVE-2022-49707 — kernel: ext4: add reserved GDT blocks check CVE-2022-49708 — kernel: ext4: fix bug_on ext4_mb_use_inode_pa CVE-2022-49710 — kernel: dm mirror log: round up region bitmap size to BITS_PER_LONG CVE-2022-50027 — kernel: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE CVE-2022-50030 — kernel: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input CVE-2022-50053 — kernel: iavf: Fix reset error handling CVE-2022-50054 — kernel: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings CVE-2022-50055 — kernel: iavf: Fix adminq error handling CVE-2022-50069 — kernel: BPF: Fix potential bad pointer dereference in bpf_sys_bpf() CVE-2022-50081 — kernel: KVM: Unconditionally get a ref to /dev/kvm module when creating a VM CVE-2022-50084 — kernel: dm raid: fix address sanitizer warning in raid_status CVE-2022-50085 — kernel: dm raid: fix address sanitizer warning in raid_resume CVE-2022-50092 — kernel: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback CVE-2022-50110 — kernel: watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource CVE-2022-50115 — kernel: ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes CVE-2022-50177 — kernel: rcutorture: Fix ksoftirqd boosting timing and iteration CVE-2022-50178 — kernel: wifi: rtw89: 8852a: rfk: fix div 0 exception CVE-2022-50187 — kernel: ath11k: fix netdev open race CVE-2022-50213 — kernel: netfilter: nf_tables: do not allow SET_ID to refer to another table CVE-2023-4387 — kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf() CVE-2023-53181 — kernel: dma-buf/dma-resv: Stop leaking on krealloc() failure

🔗 References (52)