rpm package
almalinux/kernel-abi-stablelists
pkg:rpm/almalinux/kernel-abi-stablelists
Vulnerabilities (1,264)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38498 | Med | 5.5 | < 6.12.0-55.33.1.el10_0 | 6.12.0-55.33.1.el10_0 | Jul 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w | |
| CVE-2025-38477 | Med | 4.7 | < 4.18.0-553.72.1.el8_10 | 4.18.0-553.72.1.el8_10 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, q | |
| CVE-2025-38471 | Hig | 7.8 | < 5.14.0-570.35.1.el9_6 | 5.14.0-570.35.1.el9_6 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if | |
| CVE-2025-38470 | Med | 5.5 | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on a net device, the 8021q module will automatically add or remove VLAN 0 when the | |
| CVE-2025-38468 | Med | 5.5 | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree htb_lookup_leaf has a BUG_ON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default | |
| CVE-2025-38472 | — | < 6.12.0-55.30.1.el10_0 | 6.12.0-55.30.1.el10_0 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry A crash in conntrack was reported while trying to unlink the conntrack entry from the hash bucket list: [exception RIP: __nf_ct_delet | ||
| CVE-2025-38464 | — | < 6.12.0-55.30.1.el10_0 | 6.12.0-55.30.1.el10_0 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in tipc_conn_close() during netns dismantle. [0] tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls tipc_conn_ | ||
| CVE-2025-38463 | — | < 6.12.0-55.33.1.el10_0 | 6.12.0-55.33.1.el10_0 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: tcp: Correct signedness in skb remaining space calculation Syzkaller reported a bug [1] where sk->sk_forward_alloc can overflow. When we send data, if an skb exists at the tail of the write queue, the kernel w | ||
| CVE-2025-38461 | — | < 6.12.0-55.30.1.el10_0 | 6.12.0-55.30.1.el10_0 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_* TOCTOU Transport assignment may race with module unload. Protect new_transport from becoming a stale pointer. This also takes care of an insecure call in vsock_use_local_transport(); add | ||
| CVE-2025-38459 | — | < 4.18.0-553.100.1.el8_10 | 4.18.0-553.100.1.el8_10 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clip_push(). syzbot reported the splat below. [0] This happens if we call ioctl(ATMARP_MKIP) more than once. During the first call, clip_mkip() sets clip_push() to vc | ||
| CVE-2025-38453 | — | < 6.12.0-124.31.1.el10_1 | 6.12.0-124.31.1.el10_1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU syzbot reports that defer/local task_work adding via msg_ring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 | ||
| CVE-2025-38449 | — | < 6.12.0-55.31.1.el10_0 | 6.12.0-55.31.1.el10_0 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/gem: Acquire references on GEM handles for framebuffers A GEM handle can be released while the GEM buffer object is attached to a DRM framebuffer. This leads to the release of the dma-buf backing the buffer | ||
| CVE-2025-38441 | — | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_flow_pppoe_proto() Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit | ||
| CVE-2025-38417 | — | < 5.14.0-570.37.1.el9_6 | 5.14.0-570.37.1.el9_6 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario Add simple eswitch mode checker in attaching VF procedure and allocate required port representor memory structures only in switchdev mode. The reset flows tri | ||
| CVE-2025-38415 | — | < 4.18.0-553.100.1.el8_10 | 4.18.0-553.100.1.el8_10 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, is | ||
| CVE-2025-38412 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content. | ||
| CVE-2025-38400 | Med | 5.5 | < 5.14.0-687.5.1.el9_8 | 5.14.0-687.5.1.el9_8 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a warning below [1] following a fault injection in nfs_fs_proc_net_init(). [0] When nfs_fs_proc_net_init() fails, /proc/net/rp | |
| CVE-2025-38405 | — | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128 slab or more precisely bio->bi_integrity. Since commit bf4c89fc8797 ("block: do | ||
| CVE-2025-38403 | — | < 5.14.0-611.30.1.el9_7 | 5.14.0-611.30.1.el9_7 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left i | ||
| CVE-2025-38396 | — | < 6.12.0-55.37.1.el10_0 | 6.12.0-55.37.1.el10_0 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create anonymous inodes with proper security context. This replaces the c |
- affected < 6.12.0-55.33.1.el10_0fixed 6.12.0-55.33.1.el10_0
In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w
- affected < 4.18.0-553.72.1.el8_10fixed 4.18.0-553.72.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, q
- affected < 5.14.0-570.35.1.el9_6fixed 5.14.0-570.35.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if
- affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on a net device, the 8021q module will automatically add or remove VLAN 0 when the
- affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree htb_lookup_leaf has a BUG_ON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default
- CVE-2025-38472Jul 28, 2025affected < 6.12.0-55.30.1.el10_0fixed 6.12.0-55.30.1.el10_0
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry A crash in conntrack was reported while trying to unlink the conntrack entry from the hash bucket list: [exception RIP: __nf_ct_delet
- CVE-2025-38464Jul 25, 2025affected < 6.12.0-55.30.1.el10_0fixed 6.12.0-55.30.1.el10_0
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in tipc_conn_close() during netns dismantle. [0] tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls tipc_conn_
- CVE-2025-38463Jul 25, 2025affected < 6.12.0-55.33.1.el10_0fixed 6.12.0-55.33.1.el10_0
In the Linux kernel, the following vulnerability has been resolved: tcp: Correct signedness in skb remaining space calculation Syzkaller reported a bug [1] where sk->sk_forward_alloc can overflow. When we send data, if an skb exists at the tail of the write queue, the kernel w
- CVE-2025-38461Jul 25, 2025affected < 6.12.0-55.30.1.el10_0fixed 6.12.0-55.30.1.el10_0
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_* TOCTOU Transport assignment may race with module unload. Protect new_transport from becoming a stale pointer. This also takes care of an insecure call in vsock_use_local_transport(); add
- CVE-2025-38459Jul 25, 2025affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clip_push(). syzbot reported the splat below. [0] This happens if we call ioctl(ATMARP_MKIP) more than once. During the first call, clip_mkip() sets clip_push() to vc
- CVE-2025-38453Jul 25, 2025affected < 6.12.0-124.31.1.el10_1fixed 6.12.0-124.31.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU syzbot reports that defer/local task_work adding via msg_ring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354
- CVE-2025-38449Jul 25, 2025affected < 6.12.0-55.31.1.el10_0fixed 6.12.0-55.31.1.el10_0
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Acquire references on GEM handles for framebuffers A GEM handle can be released while the GEM buffer object is attached to a DRM framebuffer. This leads to the release of the dma-buf backing the buffer
- CVE-2025-38441Jul 25, 2025affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_flow_pppoe_proto() Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit
- CVE-2025-38417Jul 25, 2025affected < 5.14.0-570.37.1.el9_6fixed 5.14.0-570.37.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario Add simple eswitch mode checker in attaching VF procedure and allocate required port representor memory structures only in switchdev mode. The reset flows tri
- CVE-2025-38415Jul 25, 2025affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, is
- CVE-2025-38412Jul 25, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content.
- affected < 5.14.0-687.5.1.el9_8fixed 5.14.0-687.5.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a warning below [1] following a fault injection in nfs_fs_proc_net_init(). [0] When nfs_fs_proc_net_init() fails, /proc/net/rp
- CVE-2025-38405Jul 25, 2025affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128 slab or more precisely bio->bi_integrity. Since commit bf4c89fc8797 ("block: do
- CVE-2025-38403Jul 25, 2025affected < 5.14.0-611.30.1.el9_7fixed 5.14.0-611.30.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left i
- CVE-2025-38396Jul 25, 2025affected < 6.12.0-55.37.1.el10_0fixed 6.12.0-55.37.1.el10_0
In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create anonymous inodes with proper security context. This replaces the c
Page 12 of 64