rpm package
almalinux/bpftool
pkg:rpm/almalinux/bpftool
Vulnerabilities (901)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-53305 | — | < 4.18.0-553.79.1.el8_10 | 4.18.0-553.79.1.el8_10 | Sep 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free Fix potential use-after-free in l2cap_le_command_rej. | ||
| CVE-2025-39825 | Med | 4.7 | < 4.18.0-553.87.1.el8_10 | 4.18.0-553.87.1.el8_10 | Sep 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix race with concurrent opens in rename(2) Besides sending the rename request to the server, the rename process also involves closing any deferred close, waiting for outstanding I/O to complete as | |
| CVE-2025-39817 | Hig | 7.1 | < 4.18.0-553.81.1.el8_10 | 4.18.0-553.81.1.el8_10 | Sep 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasan_check_range+0xe8/0x190 | |
| CVE-2023-53297 | — | < 4.18.0-553.81.1.el8_10 | 4.18.0-553.81.1.el8_10 | Sep 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp conn->chan_lock isn't acquired before l2cap_get_chan_by_scid, if l2cap_get_chan_by_scid returns NULL, then 'bad unlock balance' is triggered. | ||
| CVE-2023-53257 | — | < 4.18.0-553.82.1.el8_10 | 4.18.0-553.82.1.el8_10 | Sep 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check S1G action frame size Before checking the action code, check that it even exists in the frame. | ||
| CVE-2023-53226 | — | < 4.18.0-553.82.1.el8_10 | 4.18.0-553.82.1.el8_10 | Sep 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix OOB and integer underflow when rx packets Make sure mwifiex_process_mgmt_packet, mwifiex_process_sta_rx_packet and mwifiex_process_uap_rx_packet, mwifiex_uap_queue_bridged_pkt and mwifiex_pro | ||
| CVE-2023-53178 | — | < 4.18.0-553.83.1.el8_10 | 4.18.0-553.83.1.el8_10 | Sep 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm: fix zswap writeback race condition The zswap writeback mechanism can cause a race condition resulting in memory corruption, where a swapped out page gets swapped in with data that was written to a different | ||
| CVE-2025-40300 | Med | 5.5 | < 4.18.0-553.83.1.el8_10 | 4.18.0-553.83.1.el8_10 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already | |
| CVE-2025-39760 | Hig | 7.1 | < 4.18.0-553.100.1.el8_10 | 4.18.0-553.100.1.el8_10 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type before length, enabling a potentially odd read outside of the buffer size. Fix this | |
| CVE-2025-39757 | Hig | 7.1 | < 4.18.0-553.80.1.el8_10 | 4.18.0-553.80.1.el8_10 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer s | |
| CVE-2025-39730 | — | < 4.18.0-553.78.1.el8_10 | 4.18.0-553.78.1.el8_10 | Sep 7, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle. | ||
| CVE-2025-39718 | Med | 5.5 | < 4.18.0-553.84.1.el8_10 | 4.18.0-553.84.1.el8_10 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_ | |
| CVE-2025-39697 | Med | 4.7 | < 4.18.0-553.85.1.el8_10 | 4.18.0-553.85.1.el8_10 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succ | |
| CVE-2025-38724 | Hig | 7.8 | < 4.18.0-553.87.1.el8_10 | 4.18.0-553.87.1.el8_10 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM c | |
| CVE-2025-38718 | — | < 4.18.0-553.77.1.el8_10 | 4.18.0-553.77.1.el8_10 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti | ||
| CVE-2025-38556 | — | < 4.18.0-553.76.1.el8_10 | 4.18.0-553.76.1.el8_10 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. | ||
| CVE-2025-38527 | — | < 4.18.0-553.78.1.el8_10 | 4.18.0-553.78.1.el8_10 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leading to a use-after-free of the cinode structure when unmounting: cifs_oplock_break() _cifsFileIn | ||
| CVE-2025-38498 | Med | 5.5 | < 4.18.0-553.76.1.el8_10 | 4.18.0-553.76.1.el8_10 | Jul 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w | |
| CVE-2025-38477 | Med | 4.7 | < 4.18.0-553.72.1.el8_10 | 4.18.0-553.72.1.el8_10 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, q | |
| CVE-2025-38464 | — | < 4.18.0-553.72.1.el8_10 | 4.18.0-553.72.1.el8_10 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in tipc_conn_close() during netns dismantle. [0] tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls tipc_conn_ |
- CVE-2023-53305Sep 16, 2025affected < 4.18.0-553.79.1.el8_10fixed 4.18.0-553.79.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free Fix potential use-after-free in l2cap_le_command_rej.
- affected < 4.18.0-553.87.1.el8_10fixed 4.18.0-553.87.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix race with concurrent opens in rename(2) Besides sending the rename request to the server, the rename process also involves closing any deferred close, waiting for outstanding I/O to complete as
- affected < 4.18.0-553.81.1.el8_10fixed 4.18.0-553.81.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasan_check_range+0xe8/0x190
- CVE-2023-53297Sep 16, 2025affected < 4.18.0-553.81.1.el8_10fixed 4.18.0-553.81.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp conn->chan_lock isn't acquired before l2cap_get_chan_by_scid, if l2cap_get_chan_by_scid returns NULL, then 'bad unlock balance' is triggered.
- CVE-2023-53257Sep 15, 2025affected < 4.18.0-553.82.1.el8_10fixed 4.18.0-553.82.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check S1G action frame size Before checking the action code, check that it even exists in the frame.
- CVE-2023-53226Sep 15, 2025affected < 4.18.0-553.82.1.el8_10fixed 4.18.0-553.82.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix OOB and integer underflow when rx packets Make sure mwifiex_process_mgmt_packet, mwifiex_process_sta_rx_packet and mwifiex_process_uap_rx_packet, mwifiex_uap_queue_bridged_pkt and mwifiex_pro
- CVE-2023-53178Sep 15, 2025affected < 4.18.0-553.83.1.el8_10fixed 4.18.0-553.83.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: mm: fix zswap writeback race condition The zswap writeback mechanism can cause a race condition resulting in memory corruption, where a swapped out page gets swapped in with data that was written to a different
- affected < 4.18.0-553.83.1.el8_10fixed 4.18.0-553.83.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already
- affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type before length, enabling a potentially odd read outside of the buffer size. Fix this
- affected < 4.18.0-553.80.1.el8_10fixed 4.18.0-553.80.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer s
- CVE-2025-39730Sep 7, 2025affected < 4.18.0-553.78.1.el8_10fixed 4.18.0-553.78.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle.
- affected < 4.18.0-553.84.1.el8_10fixed 4.18.0-553.84.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_
- affected < 4.18.0-553.85.1.el8_10fixed 4.18.0-553.85.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succ
- affected < 4.18.0-553.87.1.el8_10fixed 4.18.0-553.87.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM c
- CVE-2025-38718Sep 4, 2025affected < 4.18.0-553.77.1.el8_10fixed 4.18.0-553.77.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti
- CVE-2025-38556Aug 19, 2025affected < 4.18.0-553.76.1.el8_10fixed 4.18.0-553.76.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity.
- CVE-2025-38527Aug 16, 2025affected < 4.18.0-553.78.1.el8_10fixed 4.18.0-553.78.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leading to a use-after-free of the cinode structure when unmounting: cifs_oplock_break() _cifsFileIn
- affected < 4.18.0-553.76.1.el8_10fixed 4.18.0-553.76.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w
- affected < 4.18.0-553.72.1.el8_10fixed 4.18.0-553.72.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, q
- CVE-2025-38464Jul 25, 2025affected < 4.18.0-553.72.1.el8_10fixed 4.18.0-553.72.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in tipc_conn_close() during netns dismantle. [0] tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls tipc_conn_
Page 4 of 46