almalinux/kernel-abi-stablelists

Vulnerabilities (1,161)

• CVE-2025-38463Jul 25, 2025
  affected < 6.12.0-55.33.1.el10_0fixed 6.12.0-55.33.1.el10_0

  In the Linux kernel, the following vulnerability has been resolved: tcp: Correct signedness in skb remaining space calculation Syzkaller reported a bug [1] where sk->sk_forward_alloc can overflow. When we send data, if an skb exists at the tail of the write queue, the kernel w

• CVE-2025-38461Jul 25, 2025
  affected < 6.12.0-55.30.1.el10_0fixed 6.12.0-55.30.1.el10_0

  In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_* TOCTOU Transport assignment may race with module unload. Protect new_transport from becoming a stale pointer. This also takes care of an insecure call in vsock_use_local_transport(); add

• CVE-2025-38459Jul 25, 2025
  affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10

  In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clip_push(). syzbot reported the splat below. [0] This happens if we call ioctl(ATMARP_MKIP) more than once. During the first call, clip_mkip() sets clip_push() to vc

• CVE-2025-38453Jul 25, 2025
  affected < 6.12.0-124.31.1.el10_1fixed 6.12.0-124.31.1.el10_1

  In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU syzbot reports that defer/local task_work adding via msg_ring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354

• CVE-2025-38449Jul 25, 2025
  affected < 6.12.0-55.31.1.el10_0fixed 6.12.0-55.31.1.el10_0

  In the Linux kernel, the following vulnerability has been resolved: drm/gem: Acquire references on GEM handles for framebuffers A GEM handle can be released while the GEM buffer object is attached to a DRM framebuffer. This leads to the release of the dma-buf backing the buffer

• CVE-2025-38417Jul 25, 2025
  affected < 5.14.0-570.37.1.el9_6fixed 5.14.0-570.37.1.el9_6

  In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario Add simple eswitch mode checker in attaching VF procedure and allocate required port representor memory structures only in switchdev mode. The reset flows tri

• CVE-2025-38415Jul 25, 2025
  affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10

  In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, is

• CVE-2025-38412Jul 25, 2025
  affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1

  In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content.

• CVE-2025-38403Jul 25, 2025
  affected < 5.14.0-611.30.1.el9_7fixed 5.14.0-611.30.1.el9_7

  In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left i

• CVE-2025-38396Jul 25, 2025
  affected < 6.12.0-55.37.1.el10_0fixed 6.12.0-55.37.1.el10_0

  In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create anonymous inodes with proper security context. This replaces the c

• CVE-2025-38392Jul 25, 2025
  affected < 5.14.0-570.41.1.el9_6fixed 5.14.0-570.41.1.el9_6

  In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated on module load: [ 324.701677] BUG: sleeping function called from invalid context at ker

• CVE-2025-38383Jul 25, 2025
  affected < 6.12.0-124.29.1.el10_1fixed 6.12.0-124.29.1.el10_1

  In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix data race in show_numa_info() The following data-race was found in show_numa_info(): ================================================================== BUG: KCSAN: data-race in vmalloc_info_sho

• CVE-2025-38369Jul 25, 2025
  affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1

  In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic wh

• CVE-2025-38352KEVJul 22, 2025
  affected < 4.18.0-553.74.1.el8_10fixed 4.18.0-553.74.1.el8_10

  In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be

• CVE-2025-38351Jul 19, 2025
  affected < 5.14.0-570.51.1.el9_6fixed 5.14.0-570.51.1.el9_6

  In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX allow

• CVE-2025-38350HigJul 19, 2025
  affected < 5.14.0-570.39.1.el9_6fixed 5.14.0-570.39.1.el9_6

  In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thu

• CVE-2025-38349Jul 18, 2025
  affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7

  In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is decrementing the ep refcount and then doing a mutex_unlock(&ep->mtx); afterwards. That's very wro

• CVE-2025-38332Jul 10, 2025
  affected < 4.18.0-553.72.1.el8_10fixed 4.18.0-553.72.1.el8_10

  In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway

• CVE-2025-38292Jul 10, 2025
  affected < 5.14.0-570.33.2.el9_6fixed 5.14.0-570.33.2.el9_6

  In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid access to memory In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean is_continuation is part of rxcb. Currently, after freeing the skb, the rxcb->is_continuation acce

• CVE-2025-38264Jul 9, 2025
  affected < 6.12.0-55.25.1.el10_0fixed 6.12.0-55.25.1.el10_0

  In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing.