RHSA-2023:2951HighCVSS 7.8

Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Published
May 16, 2023
Last Modified
June 29, 2026

🔗 CVE IDs covered (198)

CVE-2022-48883CVE-2022-49513CVE-2022-49583CVE-2021-26341CVE-2022-42703CVE-2022-48701CVE-2022-48884CVE-2022-49545CVE-2022-49942CVE-2022-50136CVE-2022-50308CVE-2022-2196CVE-2022-3619CVE-2022-49471CVE-2022-49577CVE-2022-49592CVE-2022-49962CVE-2022-50007CVE-2022-50093CVE-2022-49959CVE-2022-50052CVE-2022-50189CVE-2023-1095CVE-2022-4129CVE-2022-42720CVE-2022-49416CVE-2022-50185CVE-2023-53549CVE-2022-4662CVE-2022-49339CVE-2022-49519CVE-2022-49936CVE-2022-50001CVE-2022-50172CVE-2022-50698CVE-2022-49642CVE-2022-49966CVE-2022-50113CVE-2022-50135CVE-2022-50221CVE-2022-50773CVE-2023-1582CVE-2022-49371CVE-2022-2663CVE-2022-49732CVE-2022-50149CVE-2023-0461CVE-2022-48695CVE-2022-50022CVE-2022-50487 · pendingCVE-2022-50569CVE-2022-50671CVE-2022-50723CVE-2023-1195CVE-2021-47592CVE-2022-49636CVE-2022-50041CVE-2021-33656CVE-2022-49376CVE-2022-50484CVE-2022-50531CVE-2022-3625CVE-2022-3566CVE-2022-47929CVE-2023-2177CVE-2023-53064CVE-2022-49969CVE-2022-50048CVE-2022-1462CVE-2022-3028CVE-2022-36879CVE-2022-49294CVE-2022-50133CVE-2022-50889CVE-2022-3628CVE-2022-20141CVE-2022-42722CVE-2022-49319CVE-2022-49330CVE-2022-49429CVE-2022-49872CVE-2022-49935CVE-2022-39188CVE-2022-49971CVE-2022-49982CVE-2022-50127CVE-2022-50129CVE-2022-50543CVE-2022-50863CVE-2022-49365CVE-2021-47221CVE-2022-48992CVE-2022-49539CVE-2022-50615CVE-2023-23454CVE-2022-3564CVE-2022-30594CVE-2022-41674CVE-2022-50111CVE-2022-50431CVE-2022-49010CVE-2022-49333CVE-2022-49958CVE-2022-49986CVE-2022-50039CVE-2022-50318CVE-2022-50325CVE-2022-50516CVE-2022-48696CVE-2022-49114CVE-2022-49663CVE-2022-49964CVE-2022-49983CVE-2022-50100CVE-2022-50408CVE-2022-50563CVE-2022-3522 · pendingCVE-2022-50000CVE-2022-50068CVE-2022-50138CVE-2022-50211CVE-2022-50271CVE-2022-50554CVE-2022-50744CVE-2022-49691CVE-2022-49723CVE-2022-50418CVE-2022-50714CVE-2022-50866CVE-2023-53273CVE-2023-53811CVE-2022-1679CVE-2022-49372CVE-2022-49925CVE-2022-49951CVE-2022-50226CVE-2022-50467CVE-2022-50493CVE-2023-22998CVE-2022-3707CVE-2022-39189CVE-2022-50037CVE-2022-50044CVE-2022-50049CVE-2022-50181CVE-2022-3623CVE-2022-49934CVE-2022-50235CVE-2022-50427CVE-2022-50752CVE-2022-42721CVE-2022-49323CVE-2022-49328CVE-2022-49653CVE-2022-50002CVE-2022-50050CVE-2022-50496CVE-2022-50768CVE-2022-3567CVE-2022-49908CVE-2022-50079CVE-2022-50137CVE-2022-50299CVE-2022-50425CVE-2022-50482CVE-2023-0394CVE-2022-50229CVE-2022-50715CVE-2023-53393CVE-2022-49511CVE-2022-50015CVE-2022-50035CVE-2022-50678CVE-2022-50016CVE-2022-1789CVE-2022-43750CVE-2022-49644CVE-2022-49646CVE-2022-50130CVE-2022-50410CVE-2022-25265CVE-2022-50350CVE-2022-50549CVE-2022-50583CVE-2023-53552CVE-2022-49960CVE-2022-49965CVE-2022-50070CVE-2022-50243CVE-2022-50381CVE-2022-50726CVE-2022-49726CVE-2022-3524CVE-2021-33655CVE-2022-3239CVE-2022-41218CVE-2022-50164CVE-2022-50534

📋 Description

CVE-2021-26341 — hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch CVE-2021-33655 — kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory CVE-2021-33656 — kernel: when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds CVE-2021-47221 — kernel: mm/slub: actually fix freelist pointer vs redzoning CVE-2021-47592 — kernel: net: stmmac: fix tc flower deletion for VLAN priority Rx steering CVE-2022-1462 — kernel: possible race condition in drivers/tty/tty_buffers.c CVE-2022-1679 — kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges CVE-2022-1789 — kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva CVE-2022-2196 — kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks CVE-2022-2663 — kernel: netfilter: nf_conntrack_irc message handling issue CVE-2022-3028 — kernel: race condition in xfrm_probe_algs can lead to OOB read/write CVE-2022-3239 — kernel: media: em28xx: initialize refcount before kref_get CVE-2022-3522 — kernel: race condition in hugetlb_no_page() in mm/hugetlb.c CVE-2022-3524 — kernel: memory leak in ipv6_renew_options() CVE-2022-3564 — kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c CVE-2022-3566 — kernel: data races around icsk->icsk_af_ops in do_ipv6_setsockopt CVE-2022-3567 — kernel: data races around sk->sk_prot CVE-2022-3619 — kernel: memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c CVE-2022-3623 — kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry CVE-2022-3625 — kernel: use-after-free after failed devlink reload in devlink_param_get CVE-2022-3628 — kernel: USB-accessible buffer overflow in brcmfmac CVE-2022-3707 — kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed CVE-2022-4129 — kernel: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference CVE-2022-4662 — kernel: Recursive locking violation in usb-storage that can cause the kernel to deadlock CVE-2022-20141 — kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets CVE-2022-25265 — kernel: Executable Space Protection Bypass CVE-2022-30594 — kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option CVE-2022-36879 — kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice CVE-2022-39188 — kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry CVE-2022-39189 — kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning CVE-2022-41218 — kernel: Report vmalloc UAF in dvb-core/dmxdev CVE-2022-41674 — kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans() CVE-2022-42703 — kernel: use-after-free related to leaf anon_vma double reuse CVE-2022-42720 — kernel: use-after-free in bss_ref_get in net/wireless/scan.c CVE-2022-42721 — kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c CVE-2022-42722 — kernel: Denial of service in beacon protection for P2P-device CVE-2022-43750 — kernel: memory corruption in usbmon driver CVE-2022-47929 — kernel: NULL pointer dereference in traffic control subsystem CVE-2022-48695 — kernel: scsi: mpt3sas: Fix use-after-free warning CVE-2022-48696 — kernel: regmap: spi: Reserve space for register address/padding CVE-2022-48701 — kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug CVE-2022-48883 — kernel: net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent CVE-2022-48884 — kernel: net/mlx5: Fix command stats access after free CVE-2022-48992 — kernel: ASoC: soc-pcm: Add NULL check in BE reparenting CVE-2022-49010 — kernel: hwmon: (coretemp) Check for null before removing sysfs attrs CVE-2022-49114 — kernel: scsi: libfc: Fix use after free in fc_exch_abts_resp() CVE-2022-49294 — kernel: drm/amd/display: Check if modulo is 0 before dividing. CVE-2022-49319 — kernel: iommu/arm-smmu-v3: check return value after calling platform_get_resource() CVE-2022-49323 — kernel: iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() CVE-2022-49328 — kernel: mt76: fix use-after-free by removing a non-RCU wcid pointer CVE-2022-49330 — kernel: tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd CVE-2022-49333 — kernel: net/mlx5: E-Switch, pair only capable devices CVE-2022-49339 — kernel: net: ipv6: unexport __init-annotated seg6_hmac_init() CVE-2022-49365 — kernel: drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() CVE-2022-49371 — kernel: driver core: fix deadlock in __device_attach CVE-2022-49372 — kernel: tcp: tcp_rtx_synack() can be called from process context CVE-2022-49376 — kernel: scsi: sd: Fix potential NULL pointer dereference CVE-2022-49416 — kernel: wifi: mac80211: fix use-after-free in chanctx code CVE-2022-49429 — kernel: RDMA/hfi1: Prevent panic when SDMA is disabled CVE-2022-49471 — kernel: rtw89: cfo: check mac_id to avoid out-of-bounds CVE-2022-49511 — kernel: fbdev: defio: fix the pagelist corruption CVE-2022-49513 — kernel: cpufreq: governor: Use kobject release() method to free dbs_data CVE-2022-49519 — kernel: Linux kernel (ath10k): Double free vulnerability during suspend/resume CVE-2022-49539 — kernel: rtw89: ser: fix CAM leaks occurring in L2 reset CVE-2022-49545 — kernel: ALSA: usb-audio: Cancel pending work at closing a MIDI substream CVE-2022-49577 — kernel: udp: Fix a data-race around sysctl_udp_l3mdev_accept. CVE-2022-49583 — kernel: iavf: Fix handling of dummy receive descriptors CVE-2022-49592 — kernel: net: stmmac: fix dma queue left shift overflow issue CVE-2022-49636 — kernel: vlan: fix memory leak in vlan_newlink() CVE-2022-49642 — kernel: net: stmmac: dwc-qos: Disable split header for Tegra194 CVE-2022-49644 — kernel: drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() CVE-2022-49646 — kernel: wifi: mac80211: fix queue selection for mesh/OCB interfaces CVE-2022-49653 — kernel: i2c: piix4: Fix a memory leak in the EFCH MMIO support CVE-2022-49663 — kernel: tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() CVE-2022-49691 — kernel: erspan: do not assume transport header is always set CVE-2022-49723 — kernel: drm/i915/reset: Fix error_state_read ptr + offset use CVE-2022-49726 — kernel: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() CVE-2022-49732 — kernel: sock: redo the psock vs ULP protection check CVE-2022-49872 — kernel: net: gso: fix panic on frag_list with mixed head alloc types CVE-2022-49908 — kernel: Bluetooth: L2CAP: Fix memory leak in vhci_write CVE-2022-49925 — kernel: RDMA/core: Fix null-ptr-deref in ib_core_cleanup() CVE-2022-49934 — kernel: wifi: mac80211: Fix UAF in ieee80211_scan_rx() CVE-2022-49935 — kernel: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49936 — kernel: USB: core: Prevent nested device-reset calls CVE-2022-49942 — kernel: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected CVE-2022-49951 — kernel: firmware_loader: Fix use-after-free during unregister CVE-2022-49958 — kernel: net/sched: fix netdevice reference leaks in attach_default_qdiscs() CVE-2022-49959 — kernel: openvswitch: fix memory leak at failed datapath creation CVE-2022-49960 — kernel: drm/i915: fix null pointer dereference CVE-2022-49962 — kernel: xhci: Fix null pointer dereference in remove if xHC has only one roothub CVE-2022-49964 — kernel: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level CVE-2022-49965 — kernel: drm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics CVE-2022-49966 — kernel: drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid CVE-2022-49969 — kernel: drm/amd/display: clear optc underflow before turn off odm clock CVE-2022-49971 — kernel: drm/amd/pm: Fix a potential gpu_metrics_table memory leak CVE-2022-49982 — kernel: media: pvrusb2: fix memory leak in pvr_probe CVE-2022-49983 — kernel: udmabuf: Set the DMA mask for the udmabuf device (v2) CVE-2022-49986 — kernel: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq CVE-2022-50000 — kernel: netfilter: flowtable: fix stuck flows on cleanup due to pending work CVE-2022-50001 — kernel: netfilter: nft_tproxy: restrict to prerouting hook CVE-2022-50002 — kernel: net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY CVE-2022-50007 — kernel: xfrm: fix refcount leak in __xfrm_policy_check() CVE-2022-50015 — kernel: ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot CVE-2022-50016 — kernel: ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot CVE-2022-50022 — kernel: drivers:md:fix a potential use-after-free bug CVE-2022-50035 — kernel: drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex CVE-2022-50037 — kernel: drm/i915/ttm: don't leak the ccs state CVE-2022-50039 — kernel: stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() CVE-2022-50041 — kernel: ice: Fix call trace with null VSI during VF reset CVE-2022-50044 — kernel: net: qrtr: start MHI channel after endpoit creation CVE-2022-50048 — kernel: netfilter: nf_tables: possible module reference underflow in error path CVE-2022-50049 — kernel: ASoC: DPCM: Don't pick up BE without substream CVE-2022-50050 — kernel: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() CVE-2022-50052 — kernel: ASoC: Intel: avs: Fix potential buffer overflow by snprintf() CVE-2022-50068 — kernel: drm/ttm: Fix dummy res NULL ptr deref bug CVE-2022-50070 — kernel: mptcp: do not queue data on closed subflows CVE-2022-50079 — kernel: drm/amd/display: Check correct bounds for stream encoder instances for DCN303 CVE-2022-50093 — kernel: iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) CVE-2022-50100 — kernel: sched/core: Do not requeue task on CPU excluded from cpus_mask CVE-2022-50111 — kernel: ASoC: mt6359: Fix refcount leak bug CVE-2022-50113 — kernel: ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type() CVE-2022-50127 — kernel: RDMA/rxe: Fix error unwind in rxe_create_qp() CVE-2022-50129 — kernel: RDMA/srpt: Fix a use-after-free CVE-2022-50130 — kernel: staging: fbtft: core: set smem_len before fb_deferred_io_init call CVE-2022-50133 — kernel: usb: xhci_plat_remove: avoid NULL dereference CVE-2022-50135 — kernel: RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup CVE-2022-50136 — kernel: RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event CVE-2022-50137 — kernel: RDMA/irdma: Fix a window for use-after-free CVE-2022-50138 — kernel: RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() CVE-2022-50149 — kernel: driver core: fix potential deadlock in __driver_attach CVE-2022-50164 — kernel: wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue CVE-2022-50172 — kernel: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg CVE-2022-50181 — kernel: virtio-gpu: fix a missing check to avoid NULL dereference CVE-2022-50185 — kernel: drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() CVE-2022-50189 — kernel: tools/power turbostat: Fix file pointer leak CVE-2022-50211 — kernel: md-raid10: fix KASAN warning CVE-2022-50221 — kernel: drm/fb-helper: Fix out-of-bounds access CVE-2022-50226 — kernel: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak CVE-2022-50229 — kernel: ALSA: bcd2000: Fix a UAF bug on the error path of probing CVE-2022-50235 — kernel: NFSD: Protect against send buffer overflow in NFSv2 READDIR CVE-2022-50243 — kernel: sctp: handle the error returned from sctp_auth_asoc_init_active_key CVE-2022-50271 — kernel: Linux kernel: Denial of Service due to memory allocation failure in vhost/vsock CVE-2022-50299 — kernel: md: Replace snprintf with scnprintf CVE-2022-50308 — kernel: ASoC: qcom: Add checks for devm_kcalloc CVE-2022-50318 — kernel: perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() CVE-2022-50325 — kernel: ASoC: Intel: avs: Fix potential RX buffer overflow CVE-2022-50350 — kernel: scsi: target: iscsi: Fix a race condition between login_work and the login thread CVE-2022-50381 — kernel: md: fix a crash in mempool_free CVE-2022-50408 — kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() CVE-2022-50410 — kernel: NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-50418 — kernel: wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() CVE-2022-50425 — kernel: x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly CVE-2022-50427 — kernel: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() CVE-2022-50431 — kernel: ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() CVE-2022-50467 — kernel: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID CVE-2022-50482 — kernel: iommu/vt-d: Clean up si_domain in the init_dmars() error path CVE-2022-50484 — kernel: ALSA: usb-audio: Fix potential memory leaks CVE-2022-50487 — kernel: NFSD: Protect against send buffer overflow in NFSv3 READDIR CVE-2022-50493 — kernel: scsi: qla2xxx: Fix crash when I/O abort times out CVE-2022-50496 — kernel: dm cache: Fix UAF in destroy() CVE-2022-50516 — kernel: fs: dlm: fix invalid derefence of sb_lvbptr CVE-2022-50531 — kernel: Linux kernel (TIPC): Information disclosure via uninitialized memory in tipc_topsrv_kern_subscr CVE-2022-50534 — kernel: dm thin: Use last transaction's pmd->root when commit failed CVE-2022-50543 — kernel: RDMA/rxe: Fix mr->map double free CVE-2022-50549 — kernel: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata CVE-2022-50554 — kernel: blk-mq: avoid double ->queue_rq() because of early timeout CVE-2022-50563 — kernel: dm thin: Fix UAF in run_timer_softirq() CVE-2022-50569 — kernel: xfrm: Update ipcomp_scratches with NULL when freed CVE-2022-50583 — kernel: md/raid0, raid10: Don't set discard sectors for request queue CVE-2022-50615 — kernel: perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() CVE-2022-50671 — kernel: RDMA/rxe: Fix "kernel NULL pointer dereference" error CVE-2022-50678 — kernel: wifi: brcmfmac: fix invalid address access when enabling SCAN log level CVE-2022-50698 — kernel: ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() CVE-2022-50714 — kernel: Linux kernel: Denial of Service in mt7921e driver during module unload CVE-2022-50715 — kernel: md/raid1: stop mdx_raid1 thread when raid1 array run failed CVE-2022-50723 — kernel: Kernel: Denial of Service via memory leak in bnxt_nvm_test() CVE-2022-50726 — kernel: net/mlx5: Fix possible use-after-free in async command interface CVE-2022-50744 — kernel: Linux kernel: Hard lockup in lpfc driver leads to Denial of Service CVE-2022-50752 — kernel: md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() CVE-2022-50768 — kernel: scsi: smartpqi: Correct device removal for multi-actuator devices CVE-2022-50773 — kernel: Linux kernel ALSA mts64 module: Denial of Service via null pointer dereference CVE-2022-50863 — kernel: Kernel: Denial of Service via memory leak in wifi power saving mode CVE-2022-50866 — kernel: ASoC: pxa: fix null-pointer dereference in filter() CVE-2022-50889 — kernel: dm integrity: Fix UAF in dm_integrity_dtr() CVE-2023-0394 — kernel: NULL pointer dereference in rawv6_push_pending_frames CVE-2023-0461 — kernel: net/ulp: use-after-free in listening ULP sockets CVE-2023-1095 — kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head CVE-2023-1195 — kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c CVE-2023-1582 — kernel: Soft lockup occurred during __page_mapcount CVE-2023-2177 — Kernel: NULL pointer dereference problem in sctp_sched_dequeue_common CVE-2023-22998 — kernel: drm/virtio: improper return value check in virtio_gpu_object_shmem_init() CVE-2023-23454 — kernel: slab-out-of-bounds read vulnerabilities in cbq_classify CVE-2023-53064 — kernel: iavf: fix hang on reboot with ice CVE-2023-53273 — kernel: Drivers: vmbus: Check for channel allocation before looking up relids CVE-2023-53393 — kernel: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device CVE-2023-53549 — kernel: netfilter: ipset: Rework long task execution when adding/deleting entries CVE-2023-53552 — kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free CVE-2023-53811 — kernel: RDMA/irdma: Cap MSIX used to online CPUs + 1

🔗 References (54)