VYPR

rpm package

almalinux/bpftool

pkg:rpm/almalinux/bpftool

Vulnerabilities (901)

  • CVE-2024-39276Jun 25, 2024
    affected < 4.18.0-553.16.1.el8_10fixed 4.18.0-553.16.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Syzbot reports a warning as follows: ============================================ WARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mb_cach

  • CVE-2024-38663Jun 24, 2024
    affected < 7.3.0-427.26.1.el9_4fixed 7.3.0-427.26.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"), each iostat instance is added to blkcg percpu list, so blkcg_reset_stats() can't re

  • CVE-2024-37356MedJun 21, 2024
    affected < 7.3.0-427.31.1.el9_4fixed 7.3.0-427.31.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). In dctcp_update_alpha(), we use a module parameter dctcp_shift_g as follows: alpha -= min_not_zero(alpha, alpha >> dctcp_shift_g); ... delivered_ce <

  • CVE-2024-36489MedJun 21, 2024
    affected < 7.3.0-427.31.1.el9_4fixed 7.3.0-427.31.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}. CPU0

  • CVE-2024-36270MedJun 21, 2024
    affected < 7.3.0-427.26.1.el9_4fixed 7.3.0-427.26.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr

  • CVE-2024-33621MedJun 21, 2024
    affected < 4.18.0-553.16.1.el8_10fixed 4.18.0-553.16.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will hit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING

  • CVE-2024-36244Jun 21, 2024
    affected < 7.3.0-427.42.1.el9_4fixed 7.3.0-427.42.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits

  • CVE-2023-52884Jun 21, 2024
    affected < 7.3.0-427.37.1.el9_4fixed 7.3.0-427.37.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: Input: cyapa - add missing input core locking to suspend/resume functions Grab input->mutex during suspend/resume functions like it is done in other input drivers. This fixes the following warning during system

  • CVE-2022-48760Jun 20, 2024
    affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usb_kill_urb() to return. It turns out the issue is not unlinking the UR

  • CVE-2022-48754Jun 20, 2024
    affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: phylib: fix potential use-after-free Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phy_device_reset(phydev) after the put_device() call in phy_detach(). The comment before the put

  • CVE-2022-48743Jun 20, 2024
    affected < 7.3.0-427.28.1.el9_4fixed 7.3.0-427.28.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fix skb data length underflow There will be BUG_ON() triggered in include/linux/skbuff.h leading to intermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the

  • CVE-2024-38619MedJun 20, 2024
    affected < 7.3.0-427.35.1.el9_4fixed 7.3.0-427.35.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and a

  • CVE-2021-47609Jun 19, 2024
    affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tr

  • CVE-2021-47606Jun 19, 2024
    affected < 7.3.0-427.31.1.el9_4fixed 7.3.0-427.31.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: net: netlink: af_netlink: Prevent empty skb by adding a check on len. Adding a check on len parameter to avoid empty skb. This prevents a division error in netem_enqueue function which is caused when skb->len=0

  • CVE-2021-47596Jun 19, 2024
    affected < 7.3.0-427.26.1.el9_4fixed 7.3.0-427.26.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance, and then uninstall acceletion engine device. The netdevice is freed in client ins

  • CVE-2021-47582Jun 19, 2024
    affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait_urb(), which contains an uninterruptible wait with a user-specified timeout valu

  • CVE-2021-47579Jun 19, 2024
    affected < 4.18.0-553.16.1.el8_10fixed 4.18.0-553.16.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovl_create_real() Syzbot triggered the following warning in ovl_workdir_create() -> ovl_create_real(): if (!err && WARN_ON(!newdentry->d_inode)) { The reason is that the cgroup2 filesyste

  • CVE-2024-38615MedJun 19, 2024
    affected < 7.3.0-427.37.1.el9_4fixed 7.3.0-427.37.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit() callback is optional The exit() callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn't pre

  • CVE-2024-38596MedJun 19, 2024
    affected < 4.18.0-553.16.1.el8_10fixed 4.18.0-553.16.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdo

  • CVE-2024-38579MedJun 19, 2024
    affected < 7.3.0-427.33.1.el9_4fixed 7.3.0-427.33.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2_dump_omd() value of ptr is increased by ciph_key_len instead of hash_iv_len which could lead to going beyond the buffer boundaries. Fix this bug by changing ciph_key

Page 16 of 46