rpm package
almalinux/kernel-abi-stablelists
pkg:rpm/almalinux/kernel-abi-stablelists
Vulnerabilities (1,161)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-44733 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Dec 22, 2021 | A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. | ||
| CVE-2021-43975 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Nov 17, 2021 | In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. | ||
| CVE-2021-43976 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Nov 17, 2021 | In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). | ||
| CVE-2021-43389 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Nov 4, 2021 | An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. | ||
| CVE-2020-27820 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Nov 2, 2021 | A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver). | ||
| CVE-2021-43056 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Oct 28, 2021 | An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. | ||
| CVE-2021-0941 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Oct 25, 2021 | In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAn | ||
| CVE-2021-42739 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Oct 20, 2021 | The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. | ||
| CVE-2021-41864 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Oct 1, 2021 | prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. | ||
| CVE-2021-21781 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Aug 18, 2021 | An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An | ||
| CVE-2021-37159 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Jul 21, 2021 | hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. | ||
| CVE-2021-3612 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Jul 9, 2021 | An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highe | ||
| CVE-2020-26555 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | May 24, 2021 | Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. | ||
| CVE-2021-29154 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Apr 8, 2021 | BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. | ||
| CVE-2021-30002 | — | < 4.18.0-425.3.1.el8 | 4.18.0-425.3.1.el8 | Apr 2, 2021 | An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. | ||
| CVE-2020-4788 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Nov 20, 2020 | IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | ||
| CVE-2020-28915 | — | < 4.18.0-372.13.1.el8_6 | 4.18.0-372.13.1.el8_6 | Nov 18, 2020 | A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | ||
| CVE-2020-0404 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Sep 17, 2020 | In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Produ | ||
| CVE-2020-13974 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Jun 9, 2020 | An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in | ||
| CVE-2018-13405 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Jul 6, 2018 | The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no |
- CVE-2021-44733Dec 22, 2021affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
- CVE-2021-43975Nov 17, 2021affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
- CVE-2021-43976Nov 17, 2021affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
- CVE-2021-43389Nov 4, 2021affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
- CVE-2020-27820Nov 2, 2021affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).
- CVE-2021-43056Oct 28, 2021affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.
- CVE-2021-0941Oct 25, 2021affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAn
- CVE-2021-42739Oct 20, 2021affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
- CVE-2021-41864Oct 1, 2021affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
- CVE-2021-21781Aug 18, 2021affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An
- CVE-2021-37159Jul 21, 2021affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
- CVE-2021-3612Jul 9, 2021affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highe
- CVE-2020-26555May 24, 2021affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
- CVE-2021-29154Apr 8, 2021affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
- CVE-2021-30002Apr 2, 2021affected < 4.18.0-425.3.1.el8fixed 4.18.0-425.3.1.el8
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
- CVE-2020-4788Nov 20, 2020affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
- CVE-2020-28915Nov 18, 2020affected < 4.18.0-372.13.1.el8_6fixed 4.18.0-372.13.1.el8_6
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.
- CVE-2020-0404Sep 17, 2020affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Produ
- CVE-2020-13974Jun 9, 2020affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in
- CVE-2018-13405Jul 6, 2018affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no
Page 58 of 59