Search Results (18660 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-49601 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. While reading sysctl_tcp_fwmark_accept, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49600 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_ip_autobind_reuse. While reading sysctl_ip_autobind_reuse, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49599 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_l3mdev_accept. While reading sysctl_tcp_l3mdev_accept, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
CVE-2022-49597 1 Linux 1 Linux Kernel 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_base_mss. While reading sysctl_tcp_base_mss, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
CVE-2022-49594 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor. While reading sysctl_tcp_mtu_probe_floor, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49588 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_migrate_req. While reading sysctl_tcp_migrate_req, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
CVE-2022-49587 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_notsent_lowat. While reading sysctl_tcp_notsent_lowat, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49580 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. While reading sysctl_fib_multipath_use_neigh, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49579 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctl_fib_multipath_hash_policy. While reading sysctl_fib_multipath_hash_policy, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
CVE-2022-49578 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_prot_sock. sysctl_ip_prot_sock is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing.
CVE-2022-49577 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: udp: Fix a data-race around sysctl_udp_l3mdev_accept. While reading sysctl_udp_l3mdev_accept, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49576 1 Linux 1 Linux Kernel 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. While reading sysctl_fib_multipath_hash_fields, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
CVE-2022-49575 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts. While reading sysctl_tcp_thin_linear_timeouts, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49574 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_recovery. While reading sysctl_tcp_recovery, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
CVE-2022-49573 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_early_retrans. While reading sysctl_tcp_early_retrans, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
CVE-2022-49572 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. While reading sysctl_tcp_slow_start_after_idle, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
CVE-2022-49571 1 Linux 1 Linux Kernel 2025-10-01 4.7 Medium
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_max_reordering. While reading sysctl_tcp_max_reordering, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
CVE-2022-49570 1 Linux 1 Linux Kernel 2025-10-01 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: gpio: gpio-xilinx: Fix integer overflow Current implementation is not able to configure more than 32 pins due to incorrect data type. So type casting with unsigned long to avoid it.
CVE-2022-49569 1 Linux 1 Linux Kernel 2025-10-01 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers In case a IRQ based transfer times out the bcm2835_spi_handle_err() function is called. Since commit 1513ceee70f2 ("spi: bcm2835: Drop dma_pending flag") the TX and RX DMA transfers are unconditionally canceled, leading to NULL pointer derefs if ctlr->dma_tx or ctlr->dma_rx are not set. Fix the NULL pointer deref by checking that ctlr->dma_tx and ctlr->dma_rx are valid pointers before accessing them.
CVE-2022-49568 1 Linux 1 Linux Kernel 2025-10-01 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops->destroy A KVM device cleanup happens in either of two callbacks: 1) destroy() which is called when the VM is being destroyed; 2) release() which is called when a device fd is closed. Most KVM devices use 1) but Book3s's interrupt controller KVM devices (XICS, XIVE, XIVE-native) use 2) as they need to close and reopen during the machine execution. The error handling in kvm_ioctl_create_device() assumes destroy() is always defined which leads to NULL dereference as discovered by Syzkaller. This adds a checks for destroy!=NULL and adds a missing release(). This is not changing kvm_destroy_devices() as devices with defined release() should have been removed from the KVM devices list by then.