VYPR

rpm package

almalinux/bpftool

pkg:rpm/almalinux/bpftool

Vulnerabilities (953)

  • CVE-2025-21785Feb 27, 2025
    affected < 4.18.0-553.46.1.el8_10fixed 4.18.0-553.46.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array The loop that detects/populates cache information already has a bounds check on the array size but does not account for cache levels with separate

  • CVE-2025-21759Feb 27, 2025
    affected < 4.18.0-553.69.1.el8_10fixed 4.18.0-553.69.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6_send() igmp6_send() can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note

  • CVE-2025-21727HigFeb 27, 2025
    affected < 4.18.0-553.69.1.el8_10fixed 4.18.0-553.69.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: padata: fix UAF in padata_reorder A bug was found when run ltp test: BUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0 Read of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206 CPU:

  • CVE-2024-57979HigFeb 27, 2025
    affected < 4.18.0-553.44.1.el8_10fixed 4.18.0-553.44.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sys_exit() from gpsd when rebooting: pps pps1: removed ------------[ cut here ]------------ kob

  • CVE-2024-58002Feb 27, 2025
    affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. That pointer will be used when the device is done. Which could be any

  • CVE-2024-57980Feb 27, 2025
    affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kf

  • CVE-2022-49395Feb 26, 2025
    affected < 4.18.0-553.56.1.el8_10fixed 4.18.0-553.56.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number of longs, not bytes. ================================================================== BUG: KASA

  • CVE-2022-49136Feb 26, 2025
    affected < 4.18.0-553.60.1.el8_10fixed 4.18.0-553.60.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has been set as that means hci_unregister_dev has been called so it will like

  • CVE-2022-49111Feb 26, 2025
    affected < 4.18.0-553.60.1.el8_10fixed 4.18.0-553.60.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hci_send_acl This fixes the following trace caused by receiving HCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without first checking if conn->type is in fact AMP

  • CVE-2022-49058Feb 26, 2025
    affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused be

  • CVE-2024-57807Jan 11, 2025
    affected < 4.18.0-553.44.1.el8_10fixed 4.18.0-553.44.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 CPU1 ---- ---- lock(&instance->reset

  • CVE-2024-53197KEVDec 27, 2024
    affected < 4.18.0-553.44.1.el8_10fixed 4.18.0-553.44.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating

  • CVE-2022-21505Dec 24, 2024
    affected < 7.0.0-284.11.1.el9_2fixed 7.0.0-284.11.1.el9_2

    In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this

  • CVE-2024-53150KEVDec 24, 2024
    affected < 4.18.0-553.50.1.el8_10fixed 4.18.0-553.50.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provid

  • CVE-2024-53241Dec 24, 2024
    affected < 4.18.0-553.50.1.el8_10fixed 4.18.0-553.50.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparati

  • CVE-2024-2201MedDec 19, 2024
    affected < 7.3.0-427.42.1.el9_4fixed 7.3.0-427.42.1.el9_4

    A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.

  • CVE-2024-53141Dec 6, 2024
    affected < 4.18.0-553.52.1.el8_10fixed 4.18.0-553.52.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check f

  • CVE-2024-53122Dec 2, 2024
    affected < 7.4.0-503.21.1.el9_5fixed 7.4.0-503.21.1.el9_5

    In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing rec

  • CVE-2024-53113Dec 2, 2024
    affected < 7.4.0-503.31.1.el9_5fixed 7.4.0-503.31.1.el9_5

    In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is migrated between cpusets. When c

  • CVE-2024-53104KEVDec 2, 2024
    affected < 7.4.0-503.23.2.el9_5fixed 7.4.0-503.23.2.el9_5

    In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the fra

Page 10 of 48