rpm package
almalinux/bpftool
pkg:rpm/almalinux/bpftool
Vulnerabilities (953)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-50124 | — | < 7.4.0-503.19.1.el9_5 | 7.4.0-503.19.1.el9_5 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list. | ||
| CVE-2024-50115 | — | < 7.4.0-503.19.1.el9_5 | 7.4.0-503.19.1.el9_5 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforc | ||
| CVE-2024-50110 | — | < 4.18.0-553.32.1.el8_10 | 4.18.0-553.32.1.el8_10 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram | ||
| CVE-2024-50099 | — | < 4.18.0-553.32.1.el8_10 | 4.18.0-553.32.1.el8_10 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Remove broken LDR (literal) uprobe support The simulate_ldr_literal() and simulate_ldrsw_literal() functions are unsafe to use for uprobes. Both functions were originally written for use with kpr | ||
| CVE-2024-50082 | — | < 4.18.0-553.32.1.el8_10 | 4.18.0-553.32.1.el8_10 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race We're seeing crashes from rq_qos_wake_function that look like this: BUG: unable to handle page fault for address: ffffafe180a40084 #PF: su | ||
| CVE-2022-49011 | — | < 4.18.0-553.52.1.el8_10 | 4.18.0-553.52.1.el8_10 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decremen | ||
| CVE-2024-49949 | Med | 5.5 | < 7.4.0-503.16.1.el9_5 | 7.4.0-503.16.1.el9_5 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdisc_pkt_len_init() with UFO After commit 7c6d2ecbda83 ("net: be more gentle about silly gso requests coming from user") virtio_net_hdr_to_skb() had sanity check to detect mal | |
| CVE-2024-49888 | — | < 7.4.0-503.19.1.el9_5 | 7.4.0-503.19.1.el9_5 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a sdiv overflow issue Zac Ecob reported a problem where a bpf program may cause kernel crash due to the following error: Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI The failure is due to the | ||
| CVE-2024-47675 | — | < 7.4.0-503.19.1.el9_5 | 7.4.0-503.19.1.el9_5 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() If bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the error_free label and frees the array of bpf_uprobe's without calling bpf_uprobe_un | ||
| CVE-2024-47668 | — | < 4.18.0-553.27.1.el8_10 | 4.18.0-553.27.1.el8_10 | Oct 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll sti | ||
| CVE-2024-46858 | — | < 4.18.0-553.30.1.el8_10 | 4.18.0-553.30.1.el8_10 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action | ||
| CVE-2024-46826 | — | < 4.18.0-553.27.1.el8_10 | 4.18.0-553.27.1.el8_10 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequ | ||
| CVE-2024-46824 | — | < 7.4.0-503.14.1.el9_5 | 7.4.0-503.14.1.el9_5 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommufd: Require drivers to supply the cache_invalidate_user ops If drivers don't do this then iommufd will oops invalidation ioctls with something like: Unable to handle kernel NULL pointer dereference at v | ||
| CVE-2024-46713 | — | < 7.4.0-503.21.1.el9_5 | 7.4.0-503.21.1.el9_5 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment th | ||
| CVE-2024-46697 | — | < 7.4.0-503.19.1.el9_5 | 7.4.0-503.19.1.el9_5 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4_fattr_args.context is zeroed out If nfsd4_encode_fattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk o | ||
| CVE-2024-46695 | — | < 7.4.0-503.16.1.el9_5 | 7.4.0-503.16.1.el9_5 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inode_setsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exporte | ||
| CVE-2024-45018 | Med | 5.5 | < 7.4.0-503.16.1.el9_5 | 7.4.0-503.16.1.el9_5 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload. | |
| CVE-2024-45020 | — | < 7.4.0-503.19.1.el9_5 | 7.4.0-503.19.1.el9_5 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a kernel verifier crash in stacksafe() Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksaf | ||
| CVE-2024-44990 | Med | 5.5 | < 4.18.0-553.27.1.el8_10 | 4.18.0-553.27.1.el8_10 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer. | |
| CVE-2024-44989 | Med | 5.5 | < 4.18.0-553.27.1.el8_10 | 4.18.0-553.27.1.el8_10 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set |
- CVE-2024-50124Nov 5, 2024affected < 7.4.0-503.19.1.el9_5fixed 7.4.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list.
- CVE-2024-50115Nov 5, 2024affected < 7.4.0-503.19.1.el9_5fixed 7.4.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforc
- CVE-2024-50110Nov 5, 2024affected < 4.18.0-553.32.1.el8_10fixed 4.18.0-553.32.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram
- CVE-2024-50099Nov 5, 2024affected < 4.18.0-553.32.1.el8_10fixed 4.18.0-553.32.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Remove broken LDR (literal) uprobe support The simulate_ldr_literal() and simulate_ldrsw_literal() functions are unsafe to use for uprobes. Both functions were originally written for use with kpr
- CVE-2024-50082Oct 29, 2024affected < 4.18.0-553.32.1.el8_10fixed 4.18.0-553.32.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race We're seeing crashes from rq_qos_wake_function that look like this: BUG: unable to handle page fault for address: ffffafe180a40084 #PF: su
- CVE-2022-49011Oct 21, 2024affected < 4.18.0-553.52.1.el8_10fixed 4.18.0-553.52.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decremen
- affected < 7.4.0-503.16.1.el9_5fixed 7.4.0-503.16.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdisc_pkt_len_init() with UFO After commit 7c6d2ecbda83 ("net: be more gentle about silly gso requests coming from user") virtio_net_hdr_to_skb() had sanity check to detect mal
- CVE-2024-49888Oct 21, 2024affected < 7.4.0-503.19.1.el9_5fixed 7.4.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a sdiv overflow issue Zac Ecob reported a problem where a bpf program may cause kernel crash due to the following error: Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI The failure is due to the
- CVE-2024-47675Oct 21, 2024affected < 7.4.0-503.19.1.el9_5fixed 7.4.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() If bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the error_free label and frees the array of bpf_uprobe's without calling bpf_uprobe_un
- CVE-2024-47668Oct 9, 2024affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll sti
- CVE-2024-46858Sep 27, 2024affected < 4.18.0-553.30.1.el8_10fixed 4.18.0-553.30.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action
- CVE-2024-46826Sep 27, 2024affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequ
- CVE-2024-46824Sep 27, 2024affected < 7.4.0-503.14.1.el9_5fixed 7.4.0-503.14.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: iommufd: Require drivers to supply the cache_invalidate_user ops If drivers don't do this then iommufd will oops invalidation ioctls with something like: Unable to handle kernel NULL pointer dereference at v
- CVE-2024-46713Sep 13, 2024affected < 7.4.0-503.21.1.el9_5fixed 7.4.0-503.21.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment th
- CVE-2024-46697Sep 13, 2024affected < 7.4.0-503.19.1.el9_5fixed 7.4.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4_fattr_args.context is zeroed out If nfsd4_encode_fattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk o
- CVE-2024-46695Sep 13, 2024affected < 7.4.0-503.16.1.el9_5fixed 7.4.0-503.16.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inode_setsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exporte
- affected < 7.4.0-503.16.1.el9_5fixed 7.4.0-503.16.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload.
- CVE-2024-45020Sep 11, 2024affected < 7.4.0-503.19.1.el9_5fixed 7.4.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a kernel verifier crash in stacksafe() Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksaf
- affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer.
- affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set
Page 12 of 48