rpm package
almalinux/bpftool
pkg:rpm/almalinux/bpftool
Vulnerabilities (901)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-39193 | — | < 7.3.0-427.13.1.el9_4 | 7.3.0-427.13.1.el9_4 | Oct 9, 2023 | A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | ||
| CVE-2023-39189 | — | < 7.3.0-427.13.1.el9_4 | 7.3.0-427.13.1.el9_4 | Oct 9, 2023 | A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or inform | ||
| CVE-2023-42754 | — | < 7.3.0-427.13.1.el9_4 | 7.3.0-427.13.1.el9_4 | Oct 5, 2023 | A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with C | ||
| CVE-2023-4732 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Oct 3, 2023 | A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x. | ||
| CVE-2023-42756 | — | < 7.3.0-427.13.1.el9_4 | 7.3.0-427.13.1.el9_4 | Sep 28, 2023 | A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. | ||
| CVE-2023-42753 | — | < 4.18.0-513.11.1.el8_9 | 4.18.0-513.11.1.el8_9 | Sep 25, 2023 | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This iss | ||
| CVE-2023-2163 | — | < 4.18.0-513.9.1.el8_9 | 4.18.0-513.9.1.el8_9 | Sep 20, 2023 | Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. | ||
| CVE-2023-4155 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Sep 13, 2023 | A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the | ||
| CVE-2023-4921 | — | < 4.18.0-513.18.1.el8_9 | 4.18.0-513.18.1.el8_9 | Sep 12, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrec | ||
| CVE-2023-4623 | — | < 4.18.0-513.18.1.el8_9 | 4.18.0-513.18.1.el8_9 | Sep 6, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curv | ||
| CVE-2023-4622 | — | < 4.18.0-513.11.1.el8_9 | 4.18.0-513.11.1.el8_9 | Sep 6, 2023 | A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where uni | ||
| CVE-2023-4208 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Sep 6, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This cau | ||
| CVE-2023-4207 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Sep 6, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This cause | ||
| CVE-2023-4206 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Sep 6, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. Thi | ||
| CVE-2023-40283 | — | < 4.18.0-513.18.1.el8_9 | 4.18.0-513.18.1.el8_9 | Aug 14, 2023 | An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. | ||
| CVE-2022-40982 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Aug 11, 2023 | Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2023-25775 | — | < 7.3.0-427.13.1.el9_4 | 7.3.0-427.13.1.el9_4 | Aug 11, 2023 | Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||
| CVE-2023-20569 | — | < 4.18.0-513.11.1.el8_9 | 4.18.0-513.11.1.el8_9 | Aug 8, 2023 | A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | ||
| CVE-2023-4147 | — | < 7.0.0-284.30.1.el9_2 | 7.0.0-284.30.1.el9_2 | Aug 7, 2023 | A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. | ||
| CVE-2023-4132 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Aug 3, 2023 | A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. |
- CVE-2023-39193Oct 9, 2023affected < 7.3.0-427.13.1.el9_4fixed 7.3.0-427.13.1.el9_4
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
- CVE-2023-39189Oct 9, 2023affected < 7.3.0-427.13.1.el9_4fixed 7.3.0-427.13.1.el9_4
A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or inform
- CVE-2023-42754Oct 5, 2023affected < 7.3.0-427.13.1.el9_4fixed 7.3.0-427.13.1.el9_4
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with C
- CVE-2023-4732Oct 3, 2023affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.
- CVE-2023-42756Sep 28, 2023affected < 7.3.0-427.13.1.el9_4fixed 7.3.0-427.13.1.el9_4
A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.
- CVE-2023-42753Sep 25, 2023affected < 4.18.0-513.11.1.el8_9fixed 4.18.0-513.11.1.el8_9
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This iss
- CVE-2023-2163Sep 20, 2023affected < 4.18.0-513.9.1.el8_9fixed 4.18.0-513.9.1.el8_9
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.
- CVE-2023-4155Sep 13, 2023affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the
- CVE-2023-4921Sep 12, 2023affected < 4.18.0-513.18.1.el8_9fixed 4.18.0-513.18.1.el8_9
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrec
- CVE-2023-4623Sep 6, 2023affected < 4.18.0-513.18.1.el8_9fixed 4.18.0-513.18.1.el8_9
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curv
- CVE-2023-4622Sep 6, 2023affected < 4.18.0-513.11.1.el8_9fixed 4.18.0-513.11.1.el8_9
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where uni
- CVE-2023-4208Sep 6, 2023affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This cau
- CVE-2023-4207Sep 6, 2023affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This cause
- CVE-2023-4206Sep 6, 2023affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. Thi
- CVE-2023-40283Aug 14, 2023affected < 4.18.0-513.18.1.el8_9fixed 4.18.0-513.18.1.el8_9
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.
- CVE-2022-40982Aug 11, 2023affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-25775Aug 11, 2023affected < 7.3.0-427.13.1.el9_4fixed 7.3.0-427.13.1.el9_4
Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
- CVE-2023-20569Aug 8, 2023affected < 4.18.0-513.11.1.el8_9fixed 4.18.0-513.11.1.el8_9
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
- CVE-2023-4147Aug 7, 2023affected < 7.0.0-284.30.1.el9_2fixed 7.0.0-284.30.1.el9_2
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
- CVE-2023-4132Aug 3, 2023affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.
Page 34 of 46