VYPR

rpm package

almalinux/bpftool

pkg:rpm/almalinux/bpftool

Vulnerabilities (953)

  • CVE-2023-1582MedApr 5, 2023
    affected < 4.18.0-477.10.1.el8_8fixed 4.18.0-477.10.1.el8_8

    A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.

  • CVE-2023-1838HigApr 5, 2023
    affected < 4.18.0-513.18.1.el8_9fixed 4.18.0-513.18.1.el8_9

    A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.

  • CVE-2023-28464HigMar 31, 2023
    affected < 7.3.0-427.13.1.el9_4fixed 7.3.0-427.13.1.el9_4

    hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.

  • CVE-2022-4744HigMar 30, 2023
    affected < 5.14.0-162.22.2.el9_1fixed 5.14.0-162.22.2.el9_1

    A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the

  • CVE-2023-1637MedMar 27, 2023
    affected < 7.0.0-284.30.1.el9_2fixed 7.0.0-284.30.1.el9_2

    A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unaut

  • CVE-2023-0179HigMar 27, 2023
    affected < 5.14.0-162.18.1.el9_1fixed 5.14.0-162.18.1.el9_1

    A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

  • CVE-2023-1079MedMar 27, 2023
    affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9

    A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct

  • CVE-2023-1075LowMar 27, 2023
    affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9

    A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.

  • CVE-2023-1074MedMar 27, 2023
    affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9

    A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.

  • CVE-2023-1073MedMar 27, 2023
    affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9

    A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.

  • CVE-2023-28866MedMar 27, 2023
    affected < 7.3.0-427.13.1.el9_4fixed 7.3.0-427.13.1.el9_4

    In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.

  • CVE-2023-1252HigMar 23, 2023
    affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9

    A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a254403760

  • CVE-2023-0590MedMar 23, 2023
    affected < 7.0.0-284.11.1.el9_2fixed 7.0.0-284.11.1.el9_2

    A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.

  • CVE-2023-28772MedMar 23, 2023
    affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9

    An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.

  • CVE-2023-0386HigKEVMar 22, 2023
    affected < 4.18.0-425.19.2.el8_7fixed 4.18.0-425.19.2.el8_7

    A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a loca

  • CVE-2023-1281HigMar 22, 2023
    affected < 4.18.0-477.21.1.el8_8fixed 4.18.0-477.21.1.el8_8

    Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A l

  • CVE-2023-28466HigMar 16, 2023
    affected < 7.0.0-284.18.1.el9_2fixed 7.0.0-284.18.1.el9_2

    do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

  • CVE-2022-3707MedMar 6, 2023
    affected < 7.0.0-284.11.1.el9_2fixed 7.0.0-284.11.1.el9_2

    A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.

  • CVE-2023-1118HigMar 2, 2023
    affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9

    A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

  • CVE-2023-0461HigFeb 28, 2023
    affected < 7.0.0-284.11.1.el9_2fixed 7.0.0-284.11.1.el9_2

    There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege

Page 40 of 48