rpm package
almalinux/bpftool
pkg:rpm/almalinux/bpftool
Vulnerabilities (901)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-47310 | — | < 4.18.0-553.8.1.el8_10 | 4.18.0-553.8.1.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlan_remove_one priv is netdev private data and it cannot be used after free_netdev() call. Using priv after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the | ||
| CVE-2021-47289 | — | < 4.18.0-553.22.1.el8_10 | 4.18.0-553.22.1.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ("ACPI: utils: Fix reference counting in for_each_acpi_dev_match()") started doing "acpi_dev_put()" on a pointer that was possibly NULL. That fails misera | ||
| CVE-2021-47287 | — | < 4.18.0-553.22.1.el8_10 | 4.18.0-553.22.1.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: driver core: auxiliary bus: Fix memory leak when driver_register() fail If driver_register() returns with error we need to free the memory allocated for auxdrv->driver.name before returning from __auxiliary_dri | ||
| CVE-2024-36005 | Med | 5.5 | < 7.3.0-427.31.1.el9_4 | 7.3.0-427.31.1.el9_4 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: honor table dormant flag from netdev release event path Check for table dormant flag otherwise netdev release event path tries to unregister an already unregistered hook. [524854.857999] | |
| CVE-2024-36004 | Med | 5.5 | < 4.18.0-553.8.1.el8_10 | 4.18.0-553.8.1.el8_10 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in check_flush_dependency is being trigg | |
| CVE-2024-35969 | Med | 5.5 | < 7.3.0-427.31.1.el9_4 | 7.3.0-427.31.1.el9_4 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Although ipv6_get_ifaddr walks inet6_addr_lst under the RCU lock, it still means hlist_for_each_entry_rcu can return an item that got removed f | |
| CVE-2024-35962 | Med | 5.5 | < 7.3.0-427.33.1.el9_4 | 7.3.0-427.33.1.el9_4 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls. In all functi | |
| CVE-2024-35960 | Cri | 9.1 | < 4.18.0-553.8.1.el8_10 | 4.18.0-553.8.1.el8_10 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle t | |
| CVE-2024-35958 | Med | 5.5 | < 4.18.0-553.8.1.el8_10 | 4.18.0-553.8.1.el8_10 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descriptor free behavior ENA has two types of TX queues: - queues which only process TX packets arriving from the network stack - queues which only process TX packets forwarded to it by | |
| CVE-2024-36003 | — | < 7.3.0-427.33.1.el9_4 | 7.3.0-427.33.1.el9_4 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: ice: fix LAG and VF lock dependency in ice_reset_vf() 9f74a3dfcf83 ("ice: Fix VF Reset paths when interface in a failed over aggregate"), the ice driver has acquired the LAG mutex in ice_reset_vf(). The commit | ||
| CVE-2024-36000 | — | < 7.3.0-427.35.1.el9_4 | 7.3.0-427.35.1.el9_4 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&huge | ||
| CVE-2024-35989 | — | < 4.18.0-553.22.1.el8_10 | 4.18.0-553.22.1.el8_10 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CP | ||
| CVE-2024-35959 | — | < 4.18.0-553.8.1.el8_10 | 4.18.0-553.8.1.el8_10 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix mlx5e_priv_init() cleanup flow When mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup which calls mlx5e_selq_apply() that assures that the `priv->state_lock` is held using lockde | ||
| CVE-2024-35944 | Med | 5.5 | < 4.18.0-553.22.1.el8_10 | 4.18.0-553.22.1.el8_10 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg" at drivers/misc/ | |
| CVE-2024-35947 | — | < 4.18.0-553.16.1.el8_10 | 4.18.0-553.16.1.el8_10 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead. | ||
| CVE-2024-35939 | — | < 4.18.0-553.27.1.el8_10 | 4.18.0-553.27.1.el8_10 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: dma-direct: Leak pages on dma_set_decrypted() failure On TDX it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the result | ||
| CVE-2024-35937 | — | < 7.3.0-427.31.1.el9_4 | 7.3.0-427.31.1.el9_4 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make | ||
| CVE-2024-35899 | Med | 6.1 | < 7.3.0-427.31.1.el9_4 | 7.3.0-427.31.1.el9_4 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: flush pending destroy work before exit_net release Similar to 2c9f0293280e ("netfilter: nf_tables: flush pending destroy work before netlink notifier") to address a race between exit_net a | |
| CVE-2024-35898 | Med | 5.5 | < 7.3.0-427.33.1.el9_4 | 7.3.0-427.33.1.el9_4 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can concurrent with __nft_flowtable_type_get() within nf_tables_newf | |
| CVE-2024-35897 | Med | 5.5 | < 7.3.0-427.33.1.el9_4 | 7.3.0-427.33.1.el9_4 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both |
- CVE-2021-47310May 21, 2024affected < 4.18.0-553.8.1.el8_10fixed 4.18.0-553.8.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlan_remove_one priv is netdev private data and it cannot be used after free_netdev() call. Using priv after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of the
- CVE-2021-47289May 21, 2024affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ("ACPI: utils: Fix reference counting in for_each_acpi_dev_match()") started doing "acpi_dev_put()" on a pointer that was possibly NULL. That fails misera
- CVE-2021-47287May 21, 2024affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: driver core: auxiliary bus: Fix memory leak when driver_register() fail If driver_register() returns with error we need to free the memory allocated for auxdrv->driver.name before returning from __auxiliary_dri
- affected < 7.3.0-427.31.1.el9_4fixed 7.3.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: honor table dormant flag from netdev release event path Check for table dormant flag otherwise netdev release event path tries to unregister an already unregistered hook. [524854.857999]
- affected < 4.18.0-553.8.1.el8_10fixed 4.18.0-553.8.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in check_flush_dependency is being trigg
- affected < 7.3.0-427.31.1.el9_4fixed 7.3.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Although ipv6_get_ifaddr walks inet6_addr_lst under the RCU lock, it still means hlist_for_each_entry_rcu can return an item that got removed f
- affected < 7.3.0-427.33.1.el9_4fixed 7.3.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls. In all functi
- affected < 4.18.0-553.8.1.el8_10fixed 4.18.0-553.8.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle t
- affected < 4.18.0-553.8.1.el8_10fixed 4.18.0-553.8.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descriptor free behavior ENA has two types of TX queues: - queues which only process TX packets arriving from the network stack - queues which only process TX packets forwarded to it by
- CVE-2024-36003May 20, 2024affected < 7.3.0-427.33.1.el9_4fixed 7.3.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: ice: fix LAG and VF lock dependency in ice_reset_vf() 9f74a3dfcf83 ("ice: Fix VF Reset paths when interface in a failed over aggregate"), the ice driver has acquired the LAG mutex in ice_reset_vf(). The commit
- CVE-2024-36000May 20, 2024affected < 7.3.0-427.35.1.el9_4fixed 7.3.0-427.35.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&huge
- CVE-2024-35989May 20, 2024affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CP
- CVE-2024-35959May 20, 2024affected < 4.18.0-553.8.1.el8_10fixed 4.18.0-553.8.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix mlx5e_priv_init() cleanup flow When mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup which calls mlx5e_selq_apply() that assures that the `priv->state_lock` is held using lockde
- affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg" at drivers/misc/
- CVE-2024-35947May 19, 2024affected < 4.18.0-553.16.1.el8_10fixed 4.18.0-553.16.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead.
- CVE-2024-35939May 19, 2024affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: dma-direct: Leak pages on dma_set_decrypted() failure On TDX it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the result
- CVE-2024-35937May 19, 2024affected < 7.3.0-427.31.1.el9_4fixed 7.3.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make
- affected < 7.3.0-427.31.1.el9_4fixed 7.3.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: flush pending destroy work before exit_net release Similar to 2c9f0293280e ("netfilter: nf_tables: flush pending destroy work before netlink notifier") to address a race between exit_net a
- affected < 7.3.0-427.33.1.el9_4fixed 7.3.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can concurrent with __nft_flowtable_type_get() within nf_tables_newf
- affected < 7.3.0-427.33.1.el9_4fixed 7.3.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both
Page 21 of 46