VYPR

rpm package

almalinux/bpftool

pkg:rpm/almalinux/bpftool

Vulnerabilities (901)

  • CVE-2022-50020Jun 18, 2025
    affected < 4.18.0-553.66.1.el8_10fixed 4.18.0-553.66.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ext4: avoid resizing to a partial cluster size This patch avoids an attempt to resize the filesystem to an unaligned cluster boundary. An online resize to a size that is not integral to cluster size results in

  • CVE-2022-49985Jun 18, 2025
    affected < 4.18.0-553.74.1.el8_10fixed 4.18.0-553.74.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnum_range on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-

  • CVE-2022-49977Jun 18, 2025
    affected < 4.18.0-553.64.1.el8_10fixed 4.18.0-553.64.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead ftrace_startup does not remove ops from ftrace_ops_list when ftrace_startup_enable fails: register_ftrace_function ftrace_star

  • CVE-2025-38079HigJun 18, 2025
    affected < 4.18.0-553.66.1.el8_10fixed 4.18.0-553.66.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_relea

  • CVE-2025-38052Jun 18, 2025
    affected < 4.18.0-553.66.1.el8_10fixed 4.18.0-553.66.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG:

  • CVE-2025-38051Jun 18, 2025
    affected < 4.18.0-553.94.1.el8_10fixed 4.18.0-553.94.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free in cifs_fill_dirent There is a race condition in the readdir concurrency process, which may access the rsp buffer after it has been released, triggering the following KASAN warni

  • CVE-2025-38024Jun 18, 2025
    affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120 print_address_description mm/kasan/

  • CVE-2025-38022Jun 18, 2025
    affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description

  • CVE-2025-37914May 20, 2025
    affected < 4.18.0-553.70.1.el8_10fixed 4.18.0-553.70.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant

  • CVE-2025-37890May 16, 2025
    affected < 4.18.0-553.66.1.el8_10fixed 4.18.0-553.66.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfs

  • CVE-2023-53125May 2, 2025
    affected < 4.18.0-553.75.1.el8_10fixed 4.18.0-553.75.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network

  • CVE-2025-37797May 2, 2025
    affected < 4.18.0-553.77.1.el8_10fixed 4.18.0-553.77.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc

  • CVE-2022-49846May 1, 2025
    affected < 4.18.0-553.60.1.el8_10fixed 4.18.0-553.60.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ======================================================

  • CVE-2022-49788May 1, 2025
    affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN

  • CVE-2025-37738May 1, 2025
    affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ext4: ignore xattrs past end Once inside 'ext4_xattr_inode_dec_ref_all' we should ignore xattrs entries past the 'end' entry. This fixes the following KASAN reported issue: ===================================

  • CVE-2025-23150May 1, 2025
    affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in do_split Syzkaller detected a use-after-free issue in ext4_insert_dentry that was caused by out-of-bounds access due to incorrect splitting in do_split. BUG: KASAN: use-after-free

  • CVE-2021-47670Apr 17, 2025
    affected < 4.18.0-553.69.1.el8_10fixed 4.18.0-553.69.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni().

  • CVE-2025-22026MedApr 16, 2025
    affected < 4.18.0-553.77.1.el8_10fixed 4.18.0-553.77.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svc_proc_register() Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it trie

  • CVE-2025-22097Apr 16, 2025
    affected < 4.18.0-553.70.1.el8_10fixed 4.18.0-553.70.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config pointer and it might double free it.

  • CVE-2025-22058Apr 16, 2025
    affected < 4.18.0-553.71.1.el8_10fixed 4.18.0-553.71.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasional

Page 6 of 46