rpm package

almalinux/kernel-64k-modules-extra

pkg:rpm/almalinux/kernel-64k-modules-extra

Vulnerabilities (729)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-39982		—	< 6.12.0-124.20.1.el10_1	6.12.0-124.20.1.el10_1	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connection still pending is command submission (conn->state == BT_OPEN) maybe freed, al
CVE-2025-39981		—	< 5.14.0-611.11.1.el9_7	5.14.0-611.11.1.el9_7	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is intr
CVE-2025-39979		—	< 6.12.0-124.20.1.el10_1	6.12.0-124.20.1.el10_1	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace [1] caused by releasing an HWS action of a local flow counter in mlx5_cmd_hws_delete_fte(), where the HWS action refcount and mutex were not init
CVE-2025-39971		—	< 6.12.0-124.16.1.el10_1	6.12.0-124.16.1.el10_1	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg().
CVE-2025-39966		—	< 5.14.0-611.16.1.el9_7	5.14.0-611.16.1.el9_7	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, it puts the file on a work queue and it will be released eventually. This is normally f
CVE-2025-39955		—	< 6.12.0-124.13.1.el10_1	6.12.0-124.13.1.el10_1	Oct 9, 2025	In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Ope
CVE-2025-39933		—	< 5.14.0-611.24.1.el9_7	5.14.0-611.24.1.el9_7	Oct 4, 2025	In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes.
CVE-2023-53494		—	< 5.14.0-570.60.1.el9_6	5.14.0-570.60.1.el9_6	Oct 1, 2025	In the Linux kernel, the following vulnerability has been resolved: crypto: xts - Handle EBUSY correctly As it is xts only handles the special return value of EINPROGRESS, which means that in all other cases it will free data related to the request. However, as the caller of x
CVE-2025-39925		—	< 6.12.0-124.20.1.el10_1	6.12.0-124.20.1.el10_1	Oct 1, 2025	In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UNREGISTER notification handler syzbot is reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have NETDEV_UNREG
CVE-2025-39918		—	< 6.12.0-124.16.1.el10_1	6.12.0-124.16.1.el10_1	Oct 1, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix linked list corruption Never leave scheduled wcid entries on the temporary on-stack list
CVE-2025-39905		—	< 6.12.0-124.27.1.el10_1	6.12.0-124.27.1.el10_1	Oct 1, 2025	In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Currently phylink_resolve() protects itself against concurrent phylink_bringup_phy() or phylink_disconnect_phy() calls which mod
CVE-2025-39883		—	< 6.12.0-124.16.1.el10_1	6.12.0-124.16.1.el10_1	Sep 23, 2025	In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory When I did memory failure tests, below panic occurs: page dumped because: VM_BUG_ON_PAGE(PagePoisoned(page)) kernel BUG at include
CVE-2025-39864	Hig	7.8	< 5.14.0-611.11.1.el9_7	5.14.0-611.11.1.el9_7	Sep 19, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix use-after-free in cmp_bss() Following bss_free() quirk introduced in commit 776b3580178f ("cfg80211: track hidden SSID networks properly"), adjust cfg80211_update_known_bss() to free the las
CVE-2025-39849	Hig	7.8	< 5.14.0-570.55.1.el9_6	5.14.0-570.55.1.el9_6	Sep 19, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.
CVE-2025-39843	Med	5.5	< 5.14.0-611.9.1.el9_7	5.14.0-611.9.1.el9_7	Sep 19, 2025	In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in set_track_prepare set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when
CVE-2025-39841	Hig	7.8	< 5.14.0-570.55.1.el9_6	5.14.0-570.55.1.el9_6	Sep 19, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only t
CVE-2025-39840		—	< 5.14.0-611.20.1.el9_7	5.14.0-611.20.1.el9_7	Sep 19, 2025	In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can o
CVE-2023-53373		—	< 5.14.0-570.52.1.el9_6	5.14.0-570.52.1.el9_6	Sep 18, 2025	In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller
CVE-2022-50367		—	< 5.14.0-570.60.1.el9_6	5.14.0-570.60.1.el9_6	Sep 17, 2025	In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode(
CVE-2025-39817	Hig	7.1	< 5.14.0-570.55.1.el9_6	5.14.0-570.55.1.el9_6	Sep 16, 2025	In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasan_check_range+0xe8/0x190

CVE-2025-39982Oct 15, 2025
affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connection still pending is command submission (conn->state == BT_OPEN) maybe freed, al
CVE-2025-39981Oct 15, 2025
affected < 5.14.0-611.11.1.el9_7fixed 5.14.0-611.11.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is intr
CVE-2025-39979Oct 15, 2025
affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace [1] caused by releasing an HWS action of a local flow counter in mlx5_cmd_hws_delete_fte(), where the HWS action refcount and mutex were not init
CVE-2025-39971Oct 15, 2025
affected < 6.12.0-124.16.1.el10_1fixed 6.12.0-124.16.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg().
CVE-2025-39966Oct 15, 2025
affected < 5.14.0-611.16.1.el9_7fixed 5.14.0-611.16.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, it puts the file on a work queue and it will be released eventually. This is normally f
CVE-2025-39955Oct 9, 2025
affected < 6.12.0-124.13.1.el10_1fixed 6.12.0-124.13.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Ope
CVE-2025-39933Oct 4, 2025
affected < 5.14.0-611.24.1.el9_7fixed 5.14.0-611.24.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes.
CVE-2023-53494Oct 1, 2025
affected < 5.14.0-570.60.1.el9_6fixed 5.14.0-570.60.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: crypto: xts - Handle EBUSY correctly As it is xts only handles the special return value of EINPROGRESS, which means that in all other cases it will free data related to the request. However, as the caller of x
CVE-2025-39925Oct 1, 2025
affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UNREGISTER notification handler syzbot is reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have NETDEV_UNREG
CVE-2025-39918Oct 1, 2025
affected < 6.12.0-124.16.1.el10_1fixed 6.12.0-124.16.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix linked list corruption Never leave scheduled wcid entries on the temporary on-stack list
CVE-2025-39905Oct 1, 2025
affected < 6.12.0-124.27.1.el10_1fixed 6.12.0-124.27.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Currently phylink_resolve() protects itself against concurrent phylink_bringup_phy() or phylink_disconnect_phy() calls which mod
CVE-2025-39883Sep 23, 2025
affected < 6.12.0-124.16.1.el10_1fixed 6.12.0-124.16.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory When I did memory failure tests, below panic occurs: page dumped because: VM_BUG_ON_PAGE(PagePoisoned(page)) kernel BUG at include
CVE-2025-39864HigSep 19, 2025
affected < 5.14.0-611.11.1.el9_7fixed 5.14.0-611.11.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix use-after-free in cmp_bss() Following bss_free() quirk introduced in commit 776b3580178f ("cfg80211: track hidden SSID networks properly"), adjust cfg80211_update_known_bss() to free the las
CVE-2025-39849HigSep 19, 2025
affected < 5.14.0-570.55.1.el9_6fixed 5.14.0-570.55.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.
CVE-2025-39843MedSep 19, 2025
affected < 5.14.0-611.9.1.el9_7fixed 5.14.0-611.9.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in set_track_prepare set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when
CVE-2025-39841HigSep 19, 2025
affected < 5.14.0-570.55.1.el9_6fixed 5.14.0-570.55.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only t
CVE-2025-39840Sep 19, 2025
affected < 5.14.0-611.20.1.el9_7fixed 5.14.0-611.20.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can o
CVE-2023-53373Sep 18, 2025
affected < 5.14.0-570.52.1.el9_6fixed 5.14.0-570.52.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller
CVE-2022-50367Sep 17, 2025
affected < 5.14.0-570.60.1.el9_6fixed 5.14.0-570.60.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode(
CVE-2025-39817HigSep 16, 2025
affected < 5.14.0-570.55.1.el9_6fixed 5.14.0-570.55.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasan_check_range+0xe8/0x190

Page 4 of 37