rpm package
almalinux/bpftool
pkg:rpm/almalinux/bpftool
Vulnerabilities (953)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-39757 | Hig | 7.1 | < 4.18.0-553.80.1.el8_10 | 4.18.0-553.80.1.el8_10 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer s | |
| CVE-2025-39730 | — | < 4.18.0-553.78.1.el8_10 | 4.18.0-553.78.1.el8_10 | Sep 7, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle. | ||
| CVE-2025-39718 | Med | 5.5 | < 4.18.0-553.84.1.el8_10 | 4.18.0-553.84.1.el8_10 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_ | |
| CVE-2025-39697 | Med | 4.7 | < 4.18.0-553.85.1.el8_10 | 4.18.0-553.85.1.el8_10 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succ | |
| CVE-2025-38724 | Hig | 7.8 | < 4.18.0-553.87.1.el8_10 | 4.18.0-553.87.1.el8_10 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM c | |
| CVE-2025-38718 | — | < 4.18.0-553.77.1.el8_10 | 4.18.0-553.77.1.el8_10 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti | ||
| CVE-2025-38556 | — | < 4.18.0-553.76.1.el8_10 | 4.18.0-553.76.1.el8_10 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. | ||
| CVE-2025-38527 | — | < 4.18.0-553.78.1.el8_10 | 4.18.0-553.78.1.el8_10 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leading to a use-after-free of the cinode structure when unmounting: cifs_oplock_break() _cifsFileIn | ||
| CVE-2025-38498 | Med | 5.5 | < 4.18.0-553.76.1.el8_10 | 4.18.0-553.76.1.el8_10 | Jul 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w | |
| CVE-2025-38477 | Med | 4.7 | < 4.18.0-553.72.1.el8_10 | 4.18.0-553.72.1.el8_10 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, q | |
| CVE-2025-38464 | — | < 4.18.0-553.72.1.el8_10 | 4.18.0-553.72.1.el8_10 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in tipc_conn_close() during netns dismantle. [0] tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls tipc_conn_ | ||
| CVE-2025-38461 | — | < 4.18.0-553.76.1.el8_10 | 4.18.0-553.76.1.el8_10 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_* TOCTOU Transport assignment may race with module unload. Protect new_transport from becoming a stale pointer. This also takes care of an insecure call in vsock_use_local_transport(); add | ||
| CVE-2025-38459 | — | < 4.18.0-553.100.1.el8_10 | 4.18.0-553.100.1.el8_10 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clip_push(). syzbot reported the splat below. [0] This happens if we call ioctl(ATMARP_MKIP) more than once. During the first call, clip_mkip() sets clip_push() to vc | ||
| CVE-2025-38449 | — | < 4.18.0-553.75.1.el8_10 | 4.18.0-553.75.1.el8_10 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/gem: Acquire references on GEM handles for framebuffers A GEM handle can be released while the GEM buffer object is attached to a DRM framebuffer. This leads to the release of the dma-buf backing the buffer | ||
| CVE-2025-38415 | — | < 4.18.0-553.100.1.el8_10 | 4.18.0-553.100.1.el8_10 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, is | ||
| CVE-2025-38403 | — | < 4.18.0-553.104.1.el8_10 | 4.18.0-553.104.1.el8_10 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left i | ||
| CVE-2025-38392 | — | < 4.18.0-553.75.1.el8_10 | 4.18.0-553.75.1.el8_10 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated on module load: [ 324.701677] BUG: sleeping function called from invalid context at ker | ||
| CVE-2025-38352 | — | KEV | < 4.18.0-553.74.1.el8_10 | 4.18.0-553.74.1.el8_10 | Jul 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be | |
| CVE-2025-38350 | Hig | 7.8 | < 4.18.0-553.75.1.el8_10 | 4.18.0-553.75.1.el8_10 | Jul 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thu | |
| CVE-2025-38332 | — | < 4.18.0-553.72.1.el8_10 | 4.18.0-553.72.1.el8_10 | Jul 10, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway |
- affected < 4.18.0-553.80.1.el8_10fixed 4.18.0-553.80.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer s
- CVE-2025-39730Sep 7, 2025affected < 4.18.0-553.78.1.el8_10fixed 4.18.0-553.78.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle.
- affected < 4.18.0-553.84.1.el8_10fixed 4.18.0-553.84.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_
- affected < 4.18.0-553.85.1.el8_10fixed 4.18.0-553.85.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succ
- affected < 4.18.0-553.87.1.el8_10fixed 4.18.0-553.87.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM c
- CVE-2025-38718Sep 4, 2025affected < 4.18.0-553.77.1.el8_10fixed 4.18.0-553.77.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti
- CVE-2025-38556Aug 19, 2025affected < 4.18.0-553.76.1.el8_10fixed 4.18.0-553.76.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity.
- CVE-2025-38527Aug 16, 2025affected < 4.18.0-553.78.1.el8_10fixed 4.18.0-553.78.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leading to a use-after-free of the cinode structure when unmounting: cifs_oplock_break() _cifsFileIn
- affected < 4.18.0-553.76.1.el8_10fixed 4.18.0-553.76.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w
- affected < 4.18.0-553.72.1.el8_10fixed 4.18.0-553.72.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, q
- CVE-2025-38464Jul 25, 2025affected < 4.18.0-553.72.1.el8_10fixed 4.18.0-553.72.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in tipc_conn_close() during netns dismantle. [0] tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls tipc_conn_
- CVE-2025-38461Jul 25, 2025affected < 4.18.0-553.76.1.el8_10fixed 4.18.0-553.76.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_* TOCTOU Transport assignment may race with module unload. Protect new_transport from becoming a stale pointer. This also takes care of an insecure call in vsock_use_local_transport(); add
- CVE-2025-38459Jul 25, 2025affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clip_push(). syzbot reported the splat below. [0] This happens if we call ioctl(ATMARP_MKIP) more than once. During the first call, clip_mkip() sets clip_push() to vc
- CVE-2025-38449Jul 25, 2025affected < 4.18.0-553.75.1.el8_10fixed 4.18.0-553.75.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Acquire references on GEM handles for framebuffers A GEM handle can be released while the GEM buffer object is attached to a DRM framebuffer. This leads to the release of the dma-buf backing the buffer
- CVE-2025-38415Jul 25, 2025affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, is
- CVE-2025-38403Jul 25, 2025affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left i
- CVE-2025-38392Jul 25, 2025affected < 4.18.0-553.75.1.el8_10fixed 4.18.0-553.75.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated on module load: [ 324.701677] BUG: sleeping function called from invalid context at ker
- affected < 4.18.0-553.74.1.el8_10fixed 4.18.0-553.74.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be
- affected < 4.18.0-553.75.1.el8_10fixed 4.18.0-553.75.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thu
- CVE-2025-38332Jul 10, 2025affected < 4.18.0-553.72.1.el8_10fixed 4.18.0-553.72.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway
Page 7 of 48