VYPR

rpm package

almalinux/bpftool

pkg:rpm/almalinux/bpftool

Vulnerabilities (950)

  • CVE-2026-46331Jun 16, 2026
    affected < 4.18.0-553.136.1.el8_10fixed 4.18.0-553.136.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account

  • CVE-2026-46243HigJun 1, 2026
    affected < 4.18.0-553.129.1.el8_10fixed 4.18.0-553.129.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating in

  • CVE-2026-46181HigMay 28, 2026
    affected < 4.18.0-553.132.1.el8_10fixed 4.18.0-553.132.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() Sashiko points out the radix_tree itself is RCU safe, but nothing ever frees the mlx4_srq struct with RCU, and it isn't even accessed within the RCU critical se

  • CVE-2026-46152HigMay 28, 2026
    affected < 4.18.0-553.134.1.el8_10fixed 4.18.0-553.134.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rx_result ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but its per-invocation rx_result is declared static. Concurrent callers then share on

  • CVE-2026-46145HigMay 28, 2026
    affected < 4.18.0-553.136.1.el8_10fixed 4.18.0-553.136.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rx_hash_key_len Sashiko points out that rx_hash_key_len comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the mem

  • CVE-2026-46135CriMay 28, 2026
    affected < 4.18.0-553.136.1.el8_10fixed 4.18.0-553.136.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmet_tcp_handle_icreq() updates queue->state after sending an Initialization Connection Response (ICResp), but it does so without serializing again

  • CVE-2026-46125HigMay 28, 2026
    affected < 4.18.0-553.134.1.el8_10fixed 4.18.0-553.134.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: remove station if connection prep fails If connection preparation fails for MLO connections, then the interface is completely reset to non-MLD. In this case, we must not keep the station since i

  • CVE-2026-46090HigMay 27, 2026
    affected < 4.18.0-553.136.1.el8_10fixed 4.18.0-553.136.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa6

  • CVE-2026-46056HigMay 27, 2026
    affected < 4.18.0-553.134.1.el8_10fixed 4.18.0-553.134.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in hci_user_passkey_notify_evt() and hci_keypress_notify_evt(), otherwise the connec

  • CVE-2026-46054HigMay 27, 2026
    affected < 4.18.0-553.137.1.el8_10fixed 4.18.0-553.137.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() and mprotect() access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file (the "user" file) and the

  • CVE-2026-45852HigMay 27, 2026
    affected < 4.18.0-553.132.1.el8_10fixed 4.18.0-553.132.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxe_srq_from_init In rxe_srq_from_init(), the queue pointer 'q' is assigned to 'srq->rq.queue' before copying the SRQ number to user space. If copy_to_user() fails, the function cal

  • CVE-2026-46300HigMay 23, 2026
    affected < 4.18.0-553.125.1.el8_10fixed 4.18.0-553.125.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally

  • CVE-2026-46333HigMay 15, 2026
    affected < 4.18.0-553.125.1.el8_10fixed 4.18.0-553.125.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it can core dump or not - and makes no sense when y

  • CVE-2026-43329HigMay 8, 2026
    affected < 4.18.0-553.134.1.el8_10fixed 4.18.0-553.134.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: * ethernet mangling (4 payload actions, 2 for each ethernet address) * SN

  • CVE-2026-43284HigMay 8, 2026
    affected < 4.18.0-553.124.1.el8_10fixed 4.18.0-553.124.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths th

  • CVE-2026-43279HigMay 6, 2026
    affected < 4.18.0-553.136.1.el8_10fixed 4.18.0-553.136.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB writes at silencing At silencing the playback URB packets in the implicit fb mode before the actual playback, we blindly assume that the received packets fit with the b

  • CVE-2026-43190HigMay 6, 2026
    affected < 4.18.0-553.126.1.el8_10fixed 4.18.0-553.126.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_tcpmss: check remaining length before reading optlen Quoting reporter: In net/netfilter/xt_tcpmss.c (lines 53-68), the TCP option parser reads op[i+1] directly without validating the remaining

  • CVE-2026-43163MedMay 6, 2026
    affected < 4.18.0-553.126.1.el8_10fixed 4.18.0-553.126.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: md/bitmap: fix GPF in write_page caused by resize race A General Protection Fault occurs in write_page() during array resize: RIP: 0010:write_page+0x22b/0x3c0 [md_mod] This is a use-after-free race between bit

  • CVE-2026-43158HigMay 6, 2026
    affected < 4.18.0-553.126.1.el8_10fixed 4.18.0-553.126.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: xfs: fix freemap adjustments when adding xattrs to leaf blocks xfs/592 and xfs/794 both trip this assertion in the leaf block freemap adjustment code after ~20 minutes of running on my test VMs: ASSERT(ichdr-

  • CVE-2026-43125CriMay 6, 2026
    affected < 4.18.0-553.132.1.el8_10fixed 4.18.0-553.132.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlm_search_rsb_tree The len parameter in dlm_dump_rsb_name() is not validated and comes from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can cause out-of-bounds write in dlm

Page 1 of 48