rpm package

almalinux/bpftool

pkg:rpm/almalinux/bpftool

Vulnerabilities (901)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-68724	—	< 4.18.0-553.123.1.el8_10	4.18.0-553.123.1.el8_10	Dec 24, 2025	In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_k
CVE-2025-68349	—	< 4.18.0-553.104.1.el8_10	4.18.0-553.104.1.el8_10	Dec 24, 2025	In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs
CVE-2025-68301	—	< 4.18.0-553.94.1.el8_10	4.18.0-553.94.1.el8_10	Dec 16, 2025	In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAX_SKB_FRAGS (17) fragments when handling large multi-descriptor packets. This causes an out-of-b
CVE-2025-68285	—	< 4.18.0-553.92.1.el8_10	4.18.0-553.92.1.el8_10	Dec 16, 2025	In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both
CVE-2022-50673	—	< 4.18.0-553.104.1.el8_10	4.18.0-553.104.1.el8_10	Dec 9, 2025	In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_orphan_cleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0 Read o
CVE-2023-53762	—	< 4.18.0-553.105.1.el8_10	4.18.0-553.105.1.el8_10	Dec 8, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync Use-after-free can occur in hci_disconnect_all_sync if a connection is deleted by concurrent processing of a controller event. To prevent this the code n
CVE-2025-40322	—	< 4.18.0-553.100.1.el8_10	4.18.0-553.100.1.el8_10	Dec 8, 2025	In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bit_putcs* bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and
CVE-2025-40304	—	< 4.18.0-553.105.1.el8_10	4.18.0-553.105.1.el8_10	Dec 8, 2025	In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is of
CVE-2025-40277	—	< 4.18.0-553.97.1.el8_10	4.18.0-553.97.1.el8_10	Dec 6, 2025	In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE This data originates from userspace and is used in buffer offset calculations which could potentially overflow causing an out-of-bounds acc
CVE-2025-40271	—	< 4.18.0-553.100.1.el8_10	4.18.0-553.100.1.el8_10	Dec 6, 2025	In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EM
CVE-2025-40269	—	< 4.18.0-553.104.1.el8_10	4.18.0-553.104.1.el8_10	Dec 6, 2025	In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is transferred over USB URB packet buffers, and each packet size is determined dynamically. The packet siz
CVE-2025-40258	—	< 4.18.0-553.100.1.el8_10	4.18.0-553.100.1.el8_10	Dec 4, 2025	In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is that mptcp_schedule_work() schedules a work, then gets a refcount on sk->sk_refcnt i
CVE-2025-40252	—	< 4.18.0-553.123.1.el8_10	4.18.0-553.123.1.el8_10	Dec 4, 2025	In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate over 'cqe->len_list[]' using only a zero-length terminator a
CVE-2025-40248	—	< 4.18.0-553.97.1.el8_10	4.18.0-553.97.1.el8_10	Dec 4, 2025	In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock
CVE-2025-40240	—	< 4.18.0-553.92.1.el8_10	4.18.0-553.92.1.el8_10	Dec 4, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk->skb can only be NULL if chunk->head_skb is not. Che
CVE-2025-40170	—	< 4.18.0-553.104.1.el8_10	4.18.0-553.104.1.el8_10	Nov 12, 2025	In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(), and ip_dst_mtu_maybe_for
CVE-2025-40168	—	< 4.18.0-553.105.1.el8_10	4.18.0-553.105.1.el8_10	Nov 12, 2025	In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk
CVE-2025-40158	—	< 4.18.0-553.104.1.el8_10	4.18.0-553.104.1.el8_10	Nov 12, 2025	In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2().
CVE-2025-40154	—	< 4.18.0-553.97.1.el8_10	4.18.0-553.97.1.el8_10	Nov 12, 2025	In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxect
CVE-2025-40135	—	< 4.18.0-553.104.1.el8_10	4.18.0-553.104.1.el8_10	Nov 12, 2025	In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_xmit() Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF.

CVE-2025-68724Dec 24, 2025
affected < 4.18.0-553.123.1.el8_10fixed 4.18.0-553.123.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_k
CVE-2025-68349Dec 24, 2025
affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs
CVE-2025-68301Dec 16, 2025
affected < 4.18.0-553.94.1.el8_10fixed 4.18.0-553.94.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAX_SKB_FRAGS (17) fragments when handling large multi-descriptor packets. This causes an out-of-b
CVE-2025-68285Dec 16, 2025
affected < 4.18.0-553.92.1.el8_10fixed 4.18.0-553.92.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both
CVE-2022-50673Dec 9, 2025
affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_orphan_cleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0 Read o
CVE-2023-53762Dec 8, 2025
affected < 4.18.0-553.105.1.el8_10fixed 4.18.0-553.105.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync Use-after-free can occur in hci_disconnect_all_sync if a connection is deleted by concurrent processing of a controller event. To prevent this the code n
CVE-2025-40322Dec 8, 2025
affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bit_putcs* bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and
CVE-2025-40304Dec 8, 2025
affected < 4.18.0-553.105.1.el8_10fixed 4.18.0-553.105.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is of
CVE-2025-40277Dec 6, 2025
affected < 4.18.0-553.97.1.el8_10fixed 4.18.0-553.97.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE This data originates from userspace and is used in buffer offset calculations which could potentially overflow causing an out-of-bounds acc
CVE-2025-40271Dec 6, 2025
affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EM
CVE-2025-40269Dec 6, 2025
affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is transferred over USB URB packet buffers, and each packet size is determined dynamically. The packet siz
CVE-2025-40258Dec 4, 2025
affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is that mptcp_schedule_work() schedules a work, then gets a refcount on sk->sk_refcnt i
CVE-2025-40252Dec 4, 2025
affected < 4.18.0-553.123.1.el8_10fixed 4.18.0-553.123.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate over 'cqe->len_list[]' using only a zero-length terminator a
CVE-2025-40248Dec 4, 2025
affected < 4.18.0-553.97.1.el8_10fixed 4.18.0-553.97.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock
CVE-2025-40240Dec 4, 2025
affected < 4.18.0-553.92.1.el8_10fixed 4.18.0-553.92.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk->skb can only be NULL if chunk->head_skb is not. Che
CVE-2025-40170Nov 12, 2025
affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(), and ip_dst_mtu_maybe_for
CVE-2025-40168Nov 12, 2025
affected < 4.18.0-553.105.1.el8_10fixed 4.18.0-553.105.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk
CVE-2025-40158Nov 12, 2025
affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2().
CVE-2025-40154Nov 12, 2025
affected < 4.18.0-553.97.1.el8_10fixed 4.18.0-553.97.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxect
CVE-2025-40135Nov 12, 2025
affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_xmit() Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF.

Page 2 of 46