rpm package
almalinux/bpftool
pkg:rpm/almalinux/bpftool
Vulnerabilities (953)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40269 | — | < 4.18.0-553.104.1.el8_10 | 4.18.0-553.104.1.el8_10 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is transferred over USB URB packet buffers, and each packet size is determined dynamically. The packet siz | ||
| CVE-2025-40258 | — | < 4.18.0-553.100.1.el8_10 | 4.18.0-553.100.1.el8_10 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is that mptcp_schedule_work() schedules a work, then gets a refcount on sk->sk_refcnt i | ||
| CVE-2025-40252 | — | < 4.18.0-553.123.1.el8_10 | 4.18.0-553.123.1.el8_10 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate over 'cqe->len_list[]' using only a zero-length terminator a | ||
| CVE-2025-40248 | — | < 4.18.0-553.97.1.el8_10 | 4.18.0-553.97.1.el8_10 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock | ||
| CVE-2025-40240 | — | < 4.18.0-553.92.1.el8_10 | 4.18.0-553.92.1.el8_10 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk->skb can only be NULL if chunk->head_skb is not. Che | ||
| CVE-2025-40170 | — | < 4.18.0-553.104.1.el8_10 | 4.18.0-553.104.1.el8_10 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(), and ip_dst_mtu_maybe_for | ||
| CVE-2025-40168 | — | < 4.18.0-553.105.1.el8_10 | 4.18.0-553.105.1.el8_10 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk | ||
| CVE-2025-40158 | — | < 4.18.0-553.104.1.el8_10 | 4.18.0-553.104.1.el8_10 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2(). | ||
| CVE-2025-40154 | — | < 4.18.0-553.97.1.el8_10 | 4.18.0-553.97.1.el8_10 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxect | ||
| CVE-2025-40135 | — | < 4.18.0-553.104.1.el8_10 | 4.18.0-553.104.1.el8_10 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_xmit() Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF. | ||
| CVE-2025-40096 | — | < 4.18.0-553.94.1.el8_10 | 4.18.0-553.94.1.el8_10 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies When adding dependencies with drm_sched_job_add_dependency(), that function consumes the fence reference both on success and failure, | ||
| CVE-2025-40064 | — | < 4.18.0-553.107.1.el8_10 | 4.18.0-553.107.1.el8_10 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in __pnet_find_base_ndev(). syzbot reported use-after-free of net_device in __pnet_find_base_ndev(), which was called during connect(). [0] smc_pnet_find_ism_resource() fetches sk_dst_g | ||
| CVE-2025-39993 | — | < 4.18.0-553.92.1.el8_10 | 4.18.0-553.92.1.el8_10 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline] BUG: KASAN: use-after-free in send_packet+0xa2d/0 | ||
| CVE-2025-39981 | — | < 4.18.0-553.126.1.el8_10 | 4.18.0-553.126.1.el8_10 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is intr | ||
| CVE-2025-39971 | — | < 4.18.0-553.85.1.el8_10 | 4.18.0-553.85.1.el8_10 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg(). | ||
| CVE-2025-39955 | — | < 4.18.0-553.87.1.el8_10 | 4.18.0-553.87.1.el8_10 | Oct 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Ope | ||
| CVE-2023-53673 | Hig | 7.8 | < 4.18.0-553.97.1.el8_10 | 4.18.0-553.97.1.el8_10 | Oct 7, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: call disconnect callback before deleting conn In hci_cs_disconnect, we do hci_conn_del even if disconnection failed. ISO, L2CAP and SCO connections refer to the hci_conn without hci_conn_ | |
| CVE-2022-50543 | — | < 4.18.0-553.89.1.el8_10 | 4.18.0-553.89.1.el8_10 | Oct 7, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix mr->map double free rxe_mr_cleanup() which tries to free mr->map again will be called when rxe_mr_init_user() fails: CPU: 0 PID: 4917 Comm: rdma_flush_serv Kdump: loaded Not tainted 6.1.0-rc1- | ||
| CVE-2023-53552 | — | < 4.18.0-553.94.1.el8_10 | 4.18.0-553.94.1.el8_10 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915_requests may be trapped by userspace inside a sync_file or dmabuf (dma-resv) and held indefinitely across different pro | ||
| CVE-2023-53539 | — | < 4.18.0-553.89.1.el8_10 | 4.18.0-553.89.1.el8_10 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix incomplete state save in rxe_requester If a send packet is dropped by the IP layer in rxe_requester() the call to rxe_xmit_packet() can fail with err == -EAGAIN. To recover, the state of the wqe i |
- CVE-2025-40269Dec 6, 2025affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is transferred over USB URB packet buffers, and each packet size is determined dynamically. The packet siz
- CVE-2025-40258Dec 4, 2025affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is that mptcp_schedule_work() schedules a work, then gets a refcount on sk->sk_refcnt i
- CVE-2025-40252Dec 4, 2025affected < 4.18.0-553.123.1.el8_10fixed 4.18.0-553.123.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate over 'cqe->len_list[]' using only a zero-length terminator a
- CVE-2025-40248Dec 4, 2025affected < 4.18.0-553.97.1.el8_10fixed 4.18.0-553.97.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock
- CVE-2025-40240Dec 4, 2025affected < 4.18.0-553.92.1.el8_10fixed 4.18.0-553.92.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk->skb can only be NULL if chunk->head_skb is not. Che
- CVE-2025-40170Nov 12, 2025affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(), and ip_dst_mtu_maybe_for
- CVE-2025-40168Nov 12, 2025affected < 4.18.0-553.105.1.el8_10fixed 4.18.0-553.105.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk
- CVE-2025-40158Nov 12, 2025affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2().
- CVE-2025-40154Nov 12, 2025affected < 4.18.0-553.97.1.el8_10fixed 4.18.0-553.97.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxect
- CVE-2025-40135Nov 12, 2025affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_xmit() Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF.
- CVE-2025-40096Oct 30, 2025affected < 4.18.0-553.94.1.el8_10fixed 4.18.0-553.94.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies When adding dependencies with drm_sched_job_add_dependency(), that function consumes the fence reference both on success and failure,
- CVE-2025-40064Oct 28, 2025affected < 4.18.0-553.107.1.el8_10fixed 4.18.0-553.107.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in __pnet_find_base_ndev(). syzbot reported use-after-free of net_device in __pnet_find_base_ndev(), which was called during connect(). [0] smc_pnet_find_ism_resource() fetches sk_dst_g
- CVE-2025-39993Oct 15, 2025affected < 4.18.0-553.92.1.el8_10fixed 4.18.0-553.92.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline] BUG: KASAN: use-after-free in send_packet+0xa2d/0
- CVE-2025-39981Oct 15, 2025affected < 4.18.0-553.126.1.el8_10fixed 4.18.0-553.126.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is intr
- CVE-2025-39971Oct 15, 2025affected < 4.18.0-553.85.1.el8_10fixed 4.18.0-553.85.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg().
- CVE-2025-39955Oct 9, 2025affected < 4.18.0-553.87.1.el8_10fixed 4.18.0-553.87.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Ope
- affected < 4.18.0-553.97.1.el8_10fixed 4.18.0-553.97.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: call disconnect callback before deleting conn In hci_cs_disconnect, we do hci_conn_del even if disconnection failed. ISO, L2CAP and SCO connections refer to the hci_conn without hci_conn_
- CVE-2022-50543Oct 7, 2025affected < 4.18.0-553.89.1.el8_10fixed 4.18.0-553.89.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix mr->map double free rxe_mr_cleanup() which tries to free mr->map again will be called when rxe_mr_init_user() fails: CPU: 0 PID: 4917 Comm: rdma_flush_serv Kdump: loaded Not tainted 6.1.0-rc1-
- CVE-2023-53552Oct 4, 2025affected < 4.18.0-553.94.1.el8_10fixed 4.18.0-553.94.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915_requests may be trapped by userspace inside a sync_file or dmabuf (dma-resv) and held indefinitely across different pro
- CVE-2023-53539Oct 4, 2025affected < 4.18.0-553.89.1.el8_10fixed 4.18.0-553.89.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix incomplete state save in rxe_requester If a send packet is dropped by the IP layer in rxe_requester() the call to rxe_xmit_packet() can fail with err == -EAGAIN. To recover, the state of the wqe i
Page 5 of 48