rpm package
almalinux/bpftool
pkg:rpm/almalinux/bpftool
Vulnerabilities (953)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-37890 | — | < 4.18.0-553.66.1.el8_10 | 4.18.0-553.66.1.el8_10 | May 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfs | ||
| CVE-2023-53125 | — | < 4.18.0-553.75.1.el8_10 | 4.18.0-553.75.1.el8_10 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network | ||
| CVE-2025-37797 | — | < 4.18.0-553.77.1.el8_10 | 4.18.0-553.77.1.el8_10 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc | ||
| CVE-2022-49846 | — | < 4.18.0-553.60.1.el8_10 | 4.18.0-553.60.1.el8_10 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ====================================================== | ||
| CVE-2022-49788 | — | < 4.18.0-553.62.1.el8_10 | 4.18.0-553.62.1.el8_10 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN | ||
| CVE-2025-37738 | — | < 4.18.0-553.62.1.el8_10 | 4.18.0-553.62.1.el8_10 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: ignore xattrs past end Once inside 'ext4_xattr_inode_dec_ref_all' we should ignore xattrs entries past the 'end' entry. This fixes the following KASAN reported issue: =================================== | ||
| CVE-2025-23150 | — | < 4.18.0-553.62.1.el8_10 | 4.18.0-553.62.1.el8_10 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in do_split Syzkaller detected a use-after-free issue in ext4_insert_dentry that was caused by out-of-bounds access due to incorrect splitting in do_split. BUG: KASAN: use-after-free | ||
| CVE-2021-47670 | — | < 4.18.0-553.69.1.el8_10 | 4.18.0-553.69.1.el8_10 | Apr 17, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni(). | ||
| CVE-2025-22026 | Med | 5.5 | < 4.18.0-553.77.1.el8_10 | 4.18.0-553.77.1.el8_10 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svc_proc_register() Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it trie | |
| CVE-2025-22097 | — | < 4.18.0-553.70.1.el8_10 | 4.18.0-553.70.1.el8_10 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config pointer and it might double free it. | ||
| CVE-2025-22058 | — | < 4.18.0-553.71.1.el8_10 | 4.18.0-553.71.1.el8_10 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasional | ||
| CVE-2025-22020 | — | < 4.18.0-553.66.1.el8_10 | 4.18.0-553.66.1.el8_10 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rt | ||
| CVE-2025-22004 | — | < 4.18.0-553.62.1.el8_10 | 4.18.0-553.62.1.el8_10 | Apr 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free. | ||
| CVE-2025-21991 | — | < 4.18.0-553.62.1.el8_10 | 4.18.0-553.62.1.el8_10 | Apr 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the | ||
| CVE-2025-21928 | — | < 4.18.0-553.66.1.el8_10 | 4.18.0-553.66.1.el8_10 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freein | ||
| CVE-2025-21919 | — | < 4.18.0-553.64.1.el8_10 | 4.18.0-553.64.1.el8_10 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. This 'prev' pointer can originate from struct rq's leaf_cfs_rq_list, ma | ||
| CVE-2025-21905 | — | < 4.18.0-553.64.1.el8_10 | 4.18.0-553.64.1.el8_10 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the | ||
| CVE-2025-21858 | Hig | 7.8 | < 4.18.0-553.132.1.el8_10 | 4.18.0-553.132.1.el8_10 | Mar 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in geneve_find_dev(). syzkaller reported a use-after-free in geneve_find_dev() [0] without repro. geneve_configure() links struct geneve_dev.next to net_generic(net, geneve_net_id)-> | |
| CVE-2025-21764 | Hig | 7.8 | < 4.18.0-553.58.1.el8_10 | 4.18.0-553.58.1.el8_10 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: ndisc: use RCU protection in ndisc_alloc_skb() ndisc_alloc_skb() can be called without RTNL or RCU being held. Add RCU protection to avoid possible UAF. | |
| CVE-2025-21756 | Hig | 7.8 | < 4.18.0-553.53.1.el8_10 | 4.18.0-553.53.1.el8_10 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect(). Prevents socket un |
- CVE-2025-37890May 16, 2025affected < 4.18.0-553.66.1.el8_10fixed 4.18.0-553.66.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfs
- CVE-2023-53125May 2, 2025affected < 4.18.0-553.75.1.el8_10fixed 4.18.0-553.75.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network
- CVE-2025-37797May 2, 2025affected < 4.18.0-553.77.1.el8_10fixed 4.18.0-553.77.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc
- CVE-2022-49846May 1, 2025affected < 4.18.0-553.60.1.el8_10fixed 4.18.0-553.60.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ======================================================
- CVE-2022-49788May 1, 2025affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN
- CVE-2025-37738May 1, 2025affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ext4: ignore xattrs past end Once inside 'ext4_xattr_inode_dec_ref_all' we should ignore xattrs entries past the 'end' entry. This fixes the following KASAN reported issue: ===================================
- CVE-2025-23150May 1, 2025affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in do_split Syzkaller detected a use-after-free issue in ext4_insert_dentry that was caused by out-of-bounds access due to incorrect splitting in do_split. BUG: KASAN: use-after-free
- CVE-2021-47670Apr 17, 2025affected < 4.18.0-553.69.1.el8_10fixed 4.18.0-553.69.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni().
- affected < 4.18.0-553.77.1.el8_10fixed 4.18.0-553.77.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svc_proc_register() Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it trie
- CVE-2025-22097Apr 16, 2025affected < 4.18.0-553.70.1.el8_10fixed 4.18.0-553.70.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config pointer and it might double free it.
- CVE-2025-22058Apr 16, 2025affected < 4.18.0-553.71.1.el8_10fixed 4.18.0-553.71.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasional
- CVE-2025-22020Apr 16, 2025affected < 4.18.0-553.66.1.el8_10fixed 4.18.0-553.66.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rt
- CVE-2025-22004Apr 3, 2025affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free.
- CVE-2025-21991Apr 2, 2025affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the
- CVE-2025-21928Apr 1, 2025affected < 4.18.0-553.66.1.el8_10fixed 4.18.0-553.66.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freein
- CVE-2025-21919Apr 1, 2025affected < 4.18.0-553.64.1.el8_10fixed 4.18.0-553.64.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. This 'prev' pointer can originate from struct rq's leaf_cfs_rq_list, ma
- CVE-2025-21905Apr 1, 2025affected < 4.18.0-553.64.1.el8_10fixed 4.18.0-553.64.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the
- affected < 4.18.0-553.132.1.el8_10fixed 4.18.0-553.132.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in geneve_find_dev(). syzkaller reported a use-after-free in geneve_find_dev() [0] without repro. geneve_configure() links struct geneve_dev.next to net_generic(net, geneve_net_id)->
- affected < 4.18.0-553.58.1.el8_10fixed 4.18.0-553.58.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ndisc: use RCU protection in ndisc_alloc_skb() ndisc_alloc_skb() can be called without RTNL or RCU being held. Add RCU protection to avoid possible UAF.
- affected < 4.18.0-553.53.1.el8_10fixed 4.18.0-553.53.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect(). Prevents socket un
Page 9 of 48