VYPR

rpm package

almalinux/bpftool

pkg:rpm/almalinux/bpftool

Vulnerabilities (953)

  • CVE-2026-31419HigApr 13, 2026
    affected < 4.18.0-553.136.1.el8_10fixed 4.18.0-553.136.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free in bond_xmit_broadcast() bond_xmit_broadcast() reuses the original skb for the last slave (determined by bond_is_last_slave()) and clones it for others. Concurrent slave enslave

  • CVE-2026-31408HigApr 6, 2026
    affected < 4.18.0-553.126.1.el8_10fixed 4.18.0-553.126.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold sco_recv_frame() reads conn->sk under sco_conn_lock() but immediately releases the lock without holding a reference to the socket.

  • CVE-2026-31402CriApr 3, 2026
    affected < 4.18.0-553.123.1.el8_10fixed 4.18.0-553.123.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer (rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses. This size was calculated bas

  • CVE-2026-23455CriApr 3, 2026
    affected < 4.18.0-553.126.1.el8_10fixed 4.18.0-553.126.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() In DecodeQ931(), the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip the protocol discriminator by

  • CVE-2026-23401MedApr 1, 2026
    affected < 4.18.0-553.123.1.el8_10fixed 4.18.0-553.123.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so *after* dropping/zapping the existing SPTE (if it's shadow-present). While commit a54aa

  • CVE-2026-23392HigMar 25, 2026
    affected < 4.18.0-553.132.1.el8_10fixed 4.18.0-553.132.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flowtable after rcu grace period on error Call synchronize_rcu() after unregistering the hooks from error path, since a hook that already refers to this flowtable can be already re

  • CVE-2026-23270HigMar 18, 2026
    affected < 4.18.0-553.126.1.el8_10fixed 4.18.0-553.126.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier [1]: "Since the blamed commit below, classify can return TC_ACT_CONSUMED while the current skb being held b

  • CVE-2026-23243HigMar 18, 2026
    affected < 4.18.0-553.126.1.el8_10fixed 4.18.0-553.126.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD header sizes. With a mismatched user MAD header size and RMPP header length, data_len

  • CVE-2025-71238Mar 4, 2026
    affected < 4.18.0-553.117.1.el8_10fixed 4.18.0-553.117.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access

  • CVE-2026-23231HigMar 4, 2026
    affected < 4.18.0-553.117.1.el8_10fixed 4.18.0-553.117.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() nf_tables_addchain() publishes the chain to table->chains via list_add_tail_rcu() (in nft_chain_add()) before registering hooks. If nf_tables_reg

  • CVE-2026-23216Feb 18, 2026
    affected < 4.18.0-553.139.1.el8_10fixed 4.18.0-553.139.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked

  • CVE-2026-23209HigFeb 14, 2026
    affected < 4.18.0-553.115.1.el8_10fixed 4.18.0-553.115.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip l

  • CVE-2026-23204HigFeb 14, 2026
    affected < 4.18.0-553.115.1.el8_10fixed 4.18.0-553.115.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro f

  • CVE-2026-23193HigFeb 14, 2026
    affected < 4.18.0-553.117.1.el8_10fixed 4.18.0-553.117.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the connecti

  • CVE-2026-23191HigFeb 14, 2026
    affected < 4.18.0-553.120.1.el8_10fixed 4.18.0-553.120.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop

  • CVE-2026-23074HigFeb 4, 2026
    affected < 4.18.0-553.107.1.el8_10fixed 4.18.0-553.107.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will desc

  • CVE-2026-23097Feb 4, 2026
    affected < 4.18.0-553.109.1.el8_10fixed 4.18.0-553.109.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Holds folio_lock, then tries to acquire i_mmap_rwsem(read lock). 2) Task (5754): Hol

  • CVE-2026-23001HigJan 25, 2026
    affected < 4.18.0-553.111.1.el8_10fixed 4.18.0-553.111.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace

  • CVE-2026-22998HigJan 25, 2026
    affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec Commit efa56305908b ("nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length") added ttag bounds checking and data_offset va

  • CVE-2026-22990HigJan 23, 2026
    affected < 4.18.0-553.132.1.el8_10fixed 4.18.0-553.132.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. In

Page 3 of 48