RHSA-2022:8267MediumCVSS 8.2

Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Published
November 15, 2022
Last Modified
July 3, 2026

🔗 CVE IDs covered (192)

CVE-2021-47649CVE-2022-0168CVE-2022-49215CVE-2022-49332CVE-2022-49412CVE-2022-49418CVE-2022-50506CVE-2022-28693CVE-2022-49057CVE-2022-49109CVE-2022-49291CVE-2022-49440CVE-2022-49663CVE-2022-50178CVE-2022-0854CVE-2022-1852CVE-2022-23816 · pendingCVE-2022-49259CVE-2022-49343CVE-2022-49673CVE-2022-0617CVE-2022-29901CVE-2022-49066CVE-2022-49122CVE-2022-49270CVE-2022-49292CVE-2022-49708CVE-2021-47103CVE-2022-1353CVE-2022-24448CVE-2022-48943CVE-2022-49093CVE-2022-49334CVE-2023-1095CVE-2022-1679CVE-2022-2503CVE-2022-49253CVE-2022-49584CVE-2022-49606CVE-2022-50027CVE-2023-2008CVE-2021-3640CVE-2022-3107CVE-2022-3239CVE-2022-21499CVE-2022-29581CVE-2022-48912CVE-2022-48918CVE-2022-49123CVE-2022-48866CVE-2022-48905CVE-2022-49090CVE-2022-49130CVE-2022-49152CVE-2022-49247CVE-2022-49534CVE-2022-49559CVE-2022-48765CVE-2022-48786CVE-2022-49238CVE-2022-49325CVE-2022-49389CVE-2022-49394CVE-2022-49413CVE-2022-49626CVE-2021-47373CVE-2022-49188CVE-2022-49404CVE-2022-49697CVE-2022-50048CVE-2022-21166CVE-2022-28893CVE-2022-48738CVE-2022-49504CVE-2021-47455CVE-2021-47580CVE-2022-36946CVE-2022-49158CVE-2022-49281CVE-2023-4387CVE-2022-29900CVE-2022-49145CVE-2022-49147CVE-2022-49664CVE-2020-36516CVE-2022-2153CVE-2022-49228CVE-2022-49537CVE-2022-48735CVE-2022-48936 · pendingCVE-2022-49107CVE-2022-49543CVE-2022-49698CVE-2021-47646CVE-2022-2639CVE-2022-49451CVE-2022-49732CVE-2022-50115CVE-2022-50536CVE-2022-1998CVE-2022-28390CVE-2022-49129CVE-2022-49142CVE-2022-49288CVE-2022-49348CVE-2022-49671CVE-2022-49695CVE-2022-21125CVE-2022-49263CVE-2022-49264CVE-2022-49465CVE-2022-49545CVE-2022-49707CVE-2022-50092CVE-2022-1048CVE-2022-3108CVE-2022-49160CVE-2022-49179CVE-2022-49268CVE-2022-49306CVE-2021-47657CVE-2022-1158CVE-2022-2586CVE-2022-21123CVE-2022-23825CVE-2022-49227CVE-2022-49330CVE-2022-49340CVE-2022-49086CVE-2022-49398CVE-2022-49408CVE-2022-49409CVE-2022-49615CVE-2022-49625CVE-2022-49710CVE-2022-50001CVE-2022-49349CVE-2022-49426CVE-2022-49531CVE-2022-50030CVE-2022-50095CVE-2022-50213CVE-2021-47099CVE-2022-49156CVE-2022-49180CVE-2022-49347CVE-2022-49557CVE-2022-50187CVE-2023-53660CVE-2021-47572CVE-2022-1184CVE-2022-49060CVE-2022-49175CVE-2022-49272CVE-2022-49297CVE-2022-49411CVE-2022-49515CVE-2022-1016CVE-2022-20368CVE-2022-49538CVE-2021-47639CVE-2022-1263CVE-2022-20572CVE-2022-48921CVE-2022-49199CVE-2022-49235CVE-2022-49605CVE-2023-28410CVE-2021-47378CVE-2022-42432CVE-2022-49374CVE-2022-49378CVE-2022-49433CVE-2022-50084CVE-2021-47556CVE-2022-1280CVE-2022-49153CVE-2022-49536CVE-2022-49561CVE-2022-50000CVE-2022-50212CVE-2022-26373CVE-2022-49229CVE-2022-49691CVE-2022-50085CVE-2023-53181CVE-2022-49290CVE-2022-50179CVE-2022-39190CVE-2022-49098CVE-2022-49265CVE-2022-49669

📋 Description

CVE-2020-36516 — kernel: off-path attacker may inject data or terminate victim's TCP session CVE-2021-3640 — kernel: use-after-free vulnerability in function sco_sock_sendmsg() CVE-2021-47099 — kernel: veth: ensure skb entering GRO are not cloned. CVE-2021-47103 — kernel: inet: fully convert sk->sk_rx_dst to RCU rules CVE-2021-47373 — kernel: irqchip/gic-v3-its: Fix potential VPE leak on error CVE-2021-47378 — kernel: nvme-rdma: destroy cm id before destroy qp to avoid use after free CVE-2021-47455 — kernel: ptp: Fix possible memory leak in ptp_clock_register() CVE-2021-47556 — kernel: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() CVE-2021-47572 — kernel: net: nexthop: fix null pointer dereference when IPv6 is not enabled CVE-2021-47580 — kernel: scsi: scsi_debug: Fix type in min_t to avoid stack OOB CVE-2021-47639 — kernel: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU CVE-2021-47646 — kernel: Revert "Revert "block, bfq: honor already-setup queue merges"" CVE-2021-47649 — kernel: udmabuf: validate ubuf->pagecount CVE-2021-47657 — kernel: drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() CVE-2022-0168 — kernel: smb2_ioctl_query_info NULL pointer dereference CVE-2022-0617 — kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback CVE-2022-0854 — kernel: swiotlb information leak with DMA_FROM_DEVICE CVE-2022-1016 — kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM CVE-2022-1048 — kernel: race condition in snd_pcm_hw_free leading to use-after-free CVE-2022-1158 — kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region CVE-2022-1184 — kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image CVE-2022-1263 — kernel: KVM: NULL pointer dereference in kvm_dirty_ring_push in virt/kvm/dirty_ring.c CVE-2022-1280 — kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources CVE-2022-1353 — kernel: kernel info leak issue in pfkey_register CVE-2022-1679 — kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges CVE-2022-1852 — kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS CVE-2022-1998 — kernel: fanotify misuses fd_install() which could lead to use-after-free CVE-2022-2153 — kernel: KVM: NULL pointer dereference in kvm_irq_delivery_to_apic_fast() CVE-2022-2503 — kernel: LoadPin bypass via dm-verity table reload CVE-2022-2586 — kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation CVE-2022-2639 — kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() CVE-2022-3107 — kernel: hv_netvsc: NULL pointer dereference in netvsc_get_ethtool_stats() CVE-2022-3108 — kernel: drm/amdkfd: NULL pointer dereference in kfd_parse_subtype_iolink() CVE-2022-3239 — kernel: media: em28xx: initialize refcount before kref_get CVE-2022-20368 — kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() CVE-2022-20572 — kernel: missing DM_TARGET_IMMUTABLE feature flag in verity_target in drivers/md/dm-verity-target.c CVE-2022-21123 — hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) CVE-2022-21125 — hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) CVE-2022-21166 — hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) CVE-2022-21499 — kernel: possible to use the debugger to write zero into a location of choice CVE-2022-23816 — hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions CVE-2022-23825 — hw: cpu: AMD: Branch Type Confusion (non-retbleed) CVE-2022-24448 — kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR CVE-2022-26373 — hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions CVE-2022-28390 — kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c CVE-2022-28693 — hw: cpu: Intel: information disclosure via local access CVE-2022-28893 — kernel: use after free in SUNRPC subsystem CVE-2022-29581 — kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c CVE-2022-29900 — hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions CVE-2022-29901 — hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions CVE-2022-36946 — kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c CVE-2022-39190 — kernel: nf_tables disallow binding to already bound chain CVE-2022-42432 — kernel: netfilter: nfnetlink_osf: uninitialized variable information disclosure vulnerability CVE-2022-48735 — kernel: ALSA: hda: Fix UAF of leds class devs at unbinding CVE-2022-48738 — kernel: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() CVE-2022-48765 — kernel: KVM: LAPIC: Also cancel preemption timer during SET_LAPIC CVE-2022-48786 — kernel: vsock: remove vsock from connected table when connect is interrupted by a signal CVE-2022-48866 — kernel: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts CVE-2022-48905 — kernel: ibmvnic: free reset-work-item when flushing CVE-2022-48912 — kernel: netfilter: fix use-after-free in __nf_register_net_hook() CVE-2022-48918 — kernel: iwlwifi: mvm: check debugfs_dir ptr before use CVE-2022-48921 — kernel: sched/fair: Fix fault in reweight_entity CVE-2022-48936 — kernel: gso: do not skip outer ip header in case of ipip and net_failover CVE-2022-48943 — kernel: KVM: x86/mmu: make apf token non-zero to fix bug CVE-2022-49057 — kernel: block: null_blk: end timed out poll request CVE-2022-49060 — kernel: net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() CVE-2022-49066 — kernel: veth: Ensure eth header is in skb's linear part CVE-2022-49086 — kernel: net: openvswitch: fix leak of nested actions CVE-2022-49090 — kernel: arch/arm64: Fix topology initialization for core scheduling CVE-2022-49093 — kernel: skbuff: fix coalescing for page_pool fragment recycling CVE-2022-49098 — kernel: Drivers: hv: vmbus: Fix potential crash on module unload CVE-2022-49107 — kernel: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error CVE-2022-49109 — kernel: ceph: fix inode reference leakage in ceph_get_snapdir() CVE-2022-49122 — kernel: dm ioctl: prevent potential spectre v1 gadget CVE-2022-49123 — kernel: ath11k: Fix frames flush failure caused by deadlock CVE-2022-49129 — kernel: mt76: mt7921: fix crash when startup fails. CVE-2022-49130 — kernel: ath11k: mhi: use mhi_sync_power_up() CVE-2022-49142 — kernel: net: preserve skb_end_offset() in skb_unclone_keeptruesize() CVE-2022-49145 — kernel: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data CVE-2022-49147 — kernel: block: Fix the maximum minor value is blk_alloc_ext_minor() CVE-2022-49152 — kernel: XArray: Fix xas_create_range() when multi-order entry present CVE-2022-49153 — kernel: wireguard: socket: free skb in send6 when ipv6 is disabled CVE-2022-49156 — kernel: scsi: qla2xxx: Fix scheduling while atomic CVE-2022-49158 — kernel: scsi: qla2xxx: Fix warning message due to adisc being flushed CVE-2022-49160 — kernel: scsi: qla2xxx: Fix crash during module load unload test CVE-2022-49175 — kernel: PM: core: keep irq flags in device_pm_check_callbacks() CVE-2022-49179 — kernel: block, bfq: don't move oom_bfqq CVE-2022-49180 — kernel: LSM: general protection fault in legacy_parse_param CVE-2022-49188 — kernel: remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region CVE-2022-49199 — kernel: RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() CVE-2022-49215 — kernel: xsk: Fix race at socket teardown CVE-2022-49227 — kernel: igc: avoid kernel warning when changing RX ring parameters CVE-2022-49228 — kernel: bpf: Fix a btf decl_tag bug when tagging a function CVE-2022-49229 — kernel: ptp: unregister virtual clocks when unregistering physical clock. CVE-2022-49235 — kernel: ath9k_htc: fix uninit value bugs CVE-2022-49238 — kernel: ath11k: free peer for station when disconnect from AP for QCA6390/WCN6855 CVE-2022-49247 — kernel: media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED CVE-2022-49253 — kernel: media: usb: go7007: s2250-board: fix leak in probe() CVE-2022-49259 — kernel: block: don't delete queue kobject before its children CVE-2022-49263 — kernel: brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path CVE-2022-49264 — kernel: exec: Force single empty string when argv is empty CVE-2022-49265 — kernel: PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() CVE-2022-49268 — kernel: ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM CVE-2022-49270 — kernel: dm: fix use-after-free in dm_cleanup_zoned_dev() CVE-2022-49272 — kernel: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock CVE-2022-49281 — kernel: cifs: fix handlecache and multiuser CVE-2022-49288 — kernel: ALSA: pcm: Fix races among concurrent prealloc proc writes CVE-2022-49290 — kernel: mac80211: fix potential double free on mesh join CVE-2022-49291 — kernel: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls CVE-2022-49292 — kernel: ALSA: oss: Fix PCM OSS buffer allocation overflow CVE-2022-49297 — kernel: nbd: fix io hung while disconnecting device CVE-2022-49306 — kernel: usb: dwc3: host: Stop setting the ACPI companion CVE-2022-49325 — kernel: tcp: add accessors to read/set tp->snd_cwnd CVE-2022-49330 — kernel: tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd CVE-2022-49332 — kernel: scsi: lpfc: Address NULL pointer dereference after starget_to_rport() CVE-2022-49334 — kernel: mm/huge_memory: Fix xarray node memory leak CVE-2022-49340 — kernel: ip_gre: test csum_start instead of transport header CVE-2022-49343 — kernel: ext4: avoid cycles in directory h-tree CVE-2022-49347 — kernel: ext4: fix bug_on in ext4_writepages CVE-2022-49348 — kernel: ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state CVE-2022-49349 — kernel: ext4: fix use-after-free in ext4_rename_dir_prepare CVE-2022-49374 — kernel: tipc: check attribute length for bearer name CVE-2022-49378 — kernel: sfc: fix considering that all channels have TX queues CVE-2022-49389 — kernel: usb: usbip: fix a refcount leak in stub_probe() CVE-2022-49394 — kernel: blk-iolatency: Fix inflight count imbalances and IO hangs on offline CVE-2022-49398 — kernel: usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback CVE-2022-49404 — kernel: RDMA/hfi1: Fix potential integer multiplication overflow errors CVE-2022-49408 — kernel: ext4: fix memory leak in parse_apply_sb_mount_options() CVE-2022-49409 — kernel: ext4: fix bug_on in __es_tree_search CVE-2022-49411 — kernel: bfq: Make sure bfqg for which we are queueing requests is online CVE-2022-49412 — kernel: bfq: Avoid merging queues with different parents CVE-2022-49413 — kernel: bfq: Update cgroup information before merging bio CVE-2022-49418 — kernel: NFSv4: Fix free of uninitialized nfs4_label on referral lookup. CVE-2022-49426 — kernel: iommu/arm-smmu-v3-sva: Fix mm use-after-free CVE-2022-49433 — kernel: RDMA/hfi1: Prevent use of lock before it is initialized CVE-2022-49440 — kernel: powerpc/rtas: Keep MSR[RI] set when calling RTAS CVE-2022-49451 — kernel: firmware: arm_scmi: Fix list protocols enumeration in the base protocol CVE-2022-49465 — kernel: blk-throttle: Set BIO_THROTTLED when bio has been throttled CVE-2022-49504 — kernel: scsi: lpfc: Inhibit aborts if external loopback plug is inserted CVE-2022-49515 — kernel: ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t CVE-2022-49531 — kernel: loop: implement ->free_disk CVE-2022-49534 — kernel: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT CVE-2022-49536 — kernel: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock CVE-2022-49537 — kernel: scsi: lpfc: Fix call trace observed during I/O with CMF enabled CVE-2022-49538 — kernel: ALSA: jack: Access input_dev under mutex CVE-2022-49543 — kernel: ath11k: fix the warning of dev_wake in mhi_pm_disable_transition() CVE-2022-49545 — kernel: ALSA: usb-audio: Cancel pending work at closing a MIDI substream CVE-2022-49557 — kernel: x86/fpu: KVM: Set the base guest FPU uABI size to sizeof(struct kvm_xsave) CVE-2022-49559 — kernel: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 CVE-2022-49561 — kernel: netfilter: conntrack: re-fetch conntrack after insertion CVE-2022-49584 — kernel: ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero CVE-2022-49605 — kernel: igc: Reinstate IGC_REMOVED logic and implement it properly CVE-2022-49606 — kernel: RDMA/irdma: Fix sleep from invalid context BUG CVE-2022-49615 — kernel: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error CVE-2022-49625 — kernel: sfc: fix kernel panic when creating VF CVE-2022-49626 — kernel: sfc: fix use after free when disabling sriov CVE-2022-49663 — kernel: tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() CVE-2022-49664 — kernel: tipc: move bc link creation back to tipc_node_create CVE-2022-49669 — kernel: mptcp: fix race on unaccepted mptcp sockets CVE-2022-49671 — kernel: RDMA/cm: Fix memory leak in ib_cm_insert_listen CVE-2022-49673 — kernel: dm raid: fix KASAN warning in raid5_add_disks CVE-2022-49691 — kernel: erspan: do not assume transport header is always set CVE-2022-49695 — kernel: igb: fix a use-after-free issue in igb_clean_tx_ring CVE-2022-49697 — kernel: bpf: Fix request_sock leak in sk lookup helpers CVE-2022-49698 — kernel: netfilter: use get_random_u32 instead of prandom CVE-2022-49707 — kernel: ext4: add reserved GDT blocks check CVE-2022-49708 — kernel: ext4: fix bug_on ext4_mb_use_inode_pa CVE-2022-49710 — kernel: dm mirror log: round up region bitmap size to BITS_PER_LONG CVE-2022-49732 — kernel: sock: redo the psock vs ULP protection check CVE-2022-50000 — kernel: netfilter: flowtable: fix stuck flows on cleanup due to pending work CVE-2022-50001 — kernel: netfilter: nft_tproxy: restrict to prerouting hook CVE-2022-50027 — kernel: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE CVE-2022-50030 — kernel: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input CVE-2022-50048 — kernel: netfilter: nf_tables: possible module reference underflow in error path CVE-2022-50084 — kernel: dm raid: fix address sanitizer warning in raid_status CVE-2022-50085 — kernel: dm raid: fix address sanitizer warning in raid_resume CVE-2022-50092 — kernel: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback CVE-2022-50095 — kernel: posix-cpu-timers: Cleanup CPU timers before freeing them during exec CVE-2022-50115 — kernel: ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes CVE-2022-50178 — kernel: wifi: rtw89: 8852a: rfk: fix div 0 exception CVE-2022-50179 — kernel: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb CVE-2022-50187 — kernel: ath11k: fix netdev open race CVE-2022-50212 — kernel: netfilter: nf_tables: do not allow CHAIN_ID to refer to another table CVE-2022-50213 — kernel: netfilter: nf_tables: do not allow SET_ID to refer to another table CVE-2022-50506 — kernel: drbd: only clone bio if we have a backing device CVE-2022-50536 — kernel: bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data CVE-2023-1095 — kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head CVE-2023-2008 — kernel: udmabuf: improper validation of array index leading to local privilege escalation CVE-2023-4387 — kernel: vmxnet3: use-after-free in vmxnet3_rq_alloc_rx_buf() CVE-2023-28410 — hw: Intel: Improper restriction in memory buffer in graphics drivers cause escalation of privilege CVE-2023-53181 — kernel: dma-buf/dma-resv: Stop leaking on krealloc() failure CVE-2023-53660 — kernel: bpf, cpumap: Handle skb as well when clean up ptr_ring

🔗 References (59)