rpm package
almalinux/bpftool
pkg:rpm/almalinux/bpftool
Vulnerabilities (953)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-21785 | — | < 4.18.0-553.46.1.el8_10 | 4.18.0-553.46.1.el8_10 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array The loop that detects/populates cache information already has a bounds check on the array size but does not account for cache levels with separate | ||
| CVE-2025-21759 | — | < 4.18.0-553.69.1.el8_10 | 4.18.0-553.69.1.el8_10 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6_send() igmp6_send() can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note | ||
| CVE-2025-21727 | Hig | 7.8 | < 4.18.0-553.69.1.el8_10 | 4.18.0-553.69.1.el8_10 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: padata: fix UAF in padata_reorder A bug was found when run ltp test: BUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0 Read of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206 CPU: | |
| CVE-2024-57979 | Hig | 7.8 | < 4.18.0-553.44.1.el8_10 | 4.18.0-553.44.1.el8_10 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sys_exit() from gpsd when rebooting: pps pps1: removed ------------[ cut here ]------------ kob | |
| CVE-2024-58002 | — | < 4.18.0-553.62.1.el8_10 | 4.18.0-553.62.1.el8_10 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. That pointer will be used when the device is done. Which could be any | ||
| CVE-2024-57980 | — | < 4.18.0-553.62.1.el8_10 | 4.18.0-553.62.1.el8_10 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kf | ||
| CVE-2022-49395 | — | < 4.18.0-553.56.1.el8_10 | 4.18.0-553.56.1.el8_10 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number of longs, not bytes. ================================================================== BUG: KASA | ||
| CVE-2022-49136 | — | < 4.18.0-553.60.1.el8_10 | 4.18.0-553.60.1.el8_10 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has been set as that means hci_unregister_dev has been called so it will like | ||
| CVE-2022-49111 | — | < 4.18.0-553.60.1.el8_10 | 4.18.0-553.60.1.el8_10 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hci_send_acl This fixes the following trace caused by receiving HCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without first checking if conn->type is in fact AMP | ||
| CVE-2022-49058 | — | < 4.18.0-553.62.1.el8_10 | 4.18.0-553.62.1.el8_10 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused be | ||
| CVE-2024-57807 | — | < 4.18.0-553.44.1.el8_10 | 4.18.0-553.44.1.el8_10 | Jan 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 CPU1 ---- ---- lock(&instance->reset | ||
| CVE-2024-53197 | — | KEV | < 4.18.0-553.44.1.el8_10 | 4.18.0-553.44.1.el8_10 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating | |
| CVE-2022-21505 | — | < 7.0.0-284.11.1.el9_2 | 7.0.0-284.11.1.el9_2 | Dec 24, 2024 | In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this | ||
| CVE-2024-53150 | — | KEV | < 4.18.0-553.50.1.el8_10 | 4.18.0-553.50.1.el8_10 | Dec 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provid | |
| CVE-2024-53241 | — | < 4.18.0-553.50.1.el8_10 | 4.18.0-553.50.1.el8_10 | Dec 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparati | ||
| CVE-2024-2201 | Med | 4.7 | < 7.3.0-427.42.1.el9_4 | 7.3.0-427.42.1.el9_4 | Dec 19, 2024 | A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. | |
| CVE-2024-53141 | — | < 4.18.0-553.52.1.el8_10 | 4.18.0-553.52.1.el8_10 | Dec 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check f | ||
| CVE-2024-53122 | — | < 7.4.0-503.21.1.el9_5 | 7.4.0-503.21.1.el9_5 | Dec 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing rec | ||
| CVE-2024-53113 | — | < 7.4.0-503.31.1.el9_5 | 7.4.0-503.31.1.el9_5 | Dec 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is migrated between cpusets. When c | ||
| CVE-2024-53104 | — | KEV | < 7.4.0-503.23.2.el9_5 | 7.4.0-503.23.2.el9_5 | Dec 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the fra |
- CVE-2025-21785Feb 27, 2025affected < 4.18.0-553.46.1.el8_10fixed 4.18.0-553.46.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array The loop that detects/populates cache information already has a bounds check on the array size but does not account for cache levels with separate
- CVE-2025-21759Feb 27, 2025affected < 4.18.0-553.69.1.el8_10fixed 4.18.0-553.69.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6_send() igmp6_send() can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note
- affected < 4.18.0-553.69.1.el8_10fixed 4.18.0-553.69.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: padata: fix UAF in padata_reorder A bug was found when run ltp test: BUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0 Read of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206 CPU:
- affected < 4.18.0-553.44.1.el8_10fixed 4.18.0-553.44.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sys_exit() from gpsd when rebooting: pps pps1: removed ------------[ cut here ]------------ kob
- CVE-2024-58002Feb 27, 2025affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. That pointer will be used when the device is done. Which could be any
- CVE-2024-57980Feb 27, 2025affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kf
- CVE-2022-49395Feb 26, 2025affected < 4.18.0-553.56.1.el8_10fixed 4.18.0-553.56.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number of longs, not bytes. ================================================================== BUG: KASA
- CVE-2022-49136Feb 26, 2025affected < 4.18.0-553.60.1.el8_10fixed 4.18.0-553.60.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has been set as that means hci_unregister_dev has been called so it will like
- CVE-2022-49111Feb 26, 2025affected < 4.18.0-553.60.1.el8_10fixed 4.18.0-553.60.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hci_send_acl This fixes the following trace caused by receiving HCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without first checking if conn->type is in fact AMP
- CVE-2022-49058Feb 26, 2025affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused be
- CVE-2024-57807Jan 11, 2025affected < 4.18.0-553.44.1.el8_10fixed 4.18.0-553.44.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 CPU1 ---- ---- lock(&instance->reset
- affected < 4.18.0-553.44.1.el8_10fixed 4.18.0-553.44.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating
- CVE-2022-21505Dec 24, 2024affected < 7.0.0-284.11.1.el9_2fixed 7.0.0-284.11.1.el9_2
In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this
- affected < 4.18.0-553.50.1.el8_10fixed 4.18.0-553.50.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provid
- CVE-2024-53241Dec 24, 2024affected < 4.18.0-553.50.1.el8_10fixed 4.18.0-553.50.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparati
- affected < 7.3.0-427.42.1.el9_4fixed 7.3.0-427.42.1.el9_4
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
- CVE-2024-53141Dec 6, 2024affected < 4.18.0-553.52.1.el8_10fixed 4.18.0-553.52.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check f
- CVE-2024-53122Dec 2, 2024affected < 7.4.0-503.21.1.el9_5fixed 7.4.0-503.21.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing rec
- CVE-2024-53113Dec 2, 2024affected < 7.4.0-503.31.1.el9_5fixed 7.4.0-503.31.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is migrated between cpusets. When c
- affected < 7.4.0-503.23.2.el9_5fixed 7.4.0-503.23.2.el9_5
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the fra
Page 10 of 48