U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2022-49619 - In the Linux kernel, the following vulnerability has been resolved: net: sfp: fix memory leak in sfp_probe() sfp_probe() allocates a memory chunk from sfp with sfp_alloc(). When devm_add_action() fails, sfp is not freed, which leads to a memory ... read CVE-2022-49619
    Published: February 26, 2025; 2:01:37 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-49618 - In the Linux kernel, the following vulnerability has been resolved: pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() pdesc could be null but still dereference pdesc->name and it will lead to a null pointer access. So we... read CVE-2022-49618
    Published: February 26, 2025; 2:01:37 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-49615 - In the Linux kernel, the following vulnerability has been resolved: ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error The initial settings will be written before the codec probe function. But, the rt711->component doesn't be as... read CVE-2022-49615
    Published: February 26, 2025; 2:01:36 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-49608 - In the Linux kernel, the following vulnerability has been resolved: pinctrl: ralink: Check for null return of devm_kcalloc Because of the possible failure of the allocation, data->domains might be NULL pointer and will cause the dereference of t... read CVE-2022-49608
    Published: February 26, 2025; 2:01:36 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-49604 - In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_fwd_use_pmtu. While reading sysctl_ip_fwd_use_pmtu, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
    Published: February 26, 2025; 2:01:35 AM -0500

    V3.1: 4.7 MEDIUM

  • CVE-2022-49603 - In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_fwd_update_priority. While reading sysctl_ip_fwd_update_priority, it can be changed concurrently. Thus, we need to add READ_ONCE() to its re... read CVE-2022-49603
    Published: February 26, 2025; 2:01:35 AM -0500

    V3.1: 4.7 MEDIUM

  • CVE-2022-49602 - In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_fwmark_reflect. While reading sysctl_fwmark_reflect, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
    Published: February 26, 2025; 2:01:35 AM -0500

    V3.1: 4.7 MEDIUM

  • CVE-2022-49601 - In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. While reading sysctl_tcp_fwmark_accept, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
    Published: February 26, 2025; 2:01:35 AM -0500

    V3.1: 4.7 MEDIUM

  • CVE-2022-49600 - In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_ip_autobind_reuse. While reading sysctl_ip_autobind_reuse, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
    Published: February 26, 2025; 2:01:35 AM -0500

    V3.1: 4.7 MEDIUM

  • CVE-2022-49632 - In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. While reading sysctl_icmp_errors_use_inbound_ifaddr, it can be changed concurrently. Thus, we need to add RE... read CVE-2022-49632
    Published: February 26, 2025; 2:01:38 AM -0500

    V3.1: 4.7 MEDIUM

  • CVE-2022-49631 - In the Linux kernel, the following vulnerability has been resolved: raw: Fix a data-race around sysctl_raw_l3mdev_accept. While reading sysctl_raw_l3mdev_accept, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
    Published: February 26, 2025; 2:01:38 AM -0500

    V3.1: 4.7 MEDIUM

  • CVE-2022-49630 - In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_ecn_fallback. While reading sysctl_tcp_ecn_fallback, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
    Published: February 26, 2025; 2:01:38 AM -0500

    V3.1: 4.7 MEDIUM

  • CVE-2022-49629 - In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix data-races around nexthop_compat_mode. While reading nexthop_compat_mode, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.
    Published: February 26, 2025; 2:01:38 AM -0500

    V3.1: 4.7 MEDIUM

  • CVE-2022-49627 - In the Linux kernel, the following vulnerability has been resolved: ima: Fix potential memory leak in ima_init_crypto() On failure to allocate the SHA1 tfm, IMA fails to initialize and exits without freeing the ima_algo_array. Add the missing kf... read CVE-2022-49627
    Published: February 26, 2025; 2:01:38 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-49648 - In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Fix memory leak problem This reverts commit 46bbe5c671e06f070428b9be142cc4ee5cedebac. As commit 46bbe5c671e0 ("tracing: fix double free") said, the "double ... read CVE-2022-49648
    Published: February 26, 2025; 2:01:39 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-49643 - In the Linux kernel, the following vulnerability has been resolved: ima: Fix a potential integer overflow in ima_appraise_measurement When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be negative, which may cause the integer... read CVE-2022-49643
    Published: February 26, 2025; 2:01:39 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-49641 - In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec(). A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic p... read CVE-2022-49641
    Published: February 26, 2025; 2:01:39 AM -0500

    V3.1: 4.7 MEDIUM

  • CVE-2022-49640 - In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec_minmax(). A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some ... read CVE-2022-49640
    Published: February 26, 2025; 2:01:39 AM -0500

    V3.1: 4.7 MEDIUM

  • CVE-2022-49639 - In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races.
    Published: February 26, 2025; 2:01:39 AM -0500

    V3.1: 4.7 MEDIUM

  • CVE-2022-49638 - In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl. While reading icmp sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races.
    Published: February 26, 2025; 2:01:39 AM -0500

    V3.1: 4.7 MEDIUM

Created September 20, 2022 , Updated August 27, 2024