rpm package

almalinux/kernel-abi-stablelists

pkg:rpm/almalinux/kernel-abi-stablelists

Vulnerabilities (1,161)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-38250		—	< 4.18.0-553.70.1.el8_10	4.18.0-553.70.1.el8_10	Jul 9, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor while its device was being use
CVE-2025-38248		—	< 4.18.0-553.107.1.el8_10	4.18.0-553.107.1.el8_10	Jul 9, 2025	In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a multicast router resides. The list is consulted during forwarding to ensure multicas
CVE-2024-36357	Med	5.6	< 5.14.0-570.62.1.el9_6	5.14.0-570.62.1.el9_6	Jul 8, 2025	A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
CVE-2024-36350	Med	5.6	< 5.14.0-570.62.1.el9_6	5.14.0-570.62.1.el9_6	Jul 8, 2025	A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
CVE-2025-38220		—	< 6.12.0-55.30.1.el10_0	6.12.0-55.30.1.el10_0	Jul 4, 2025	In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data journaling regular files fstest generic/388 occasionally reproduces a crash that looks as follows: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Tra
CVE-2025-38211		—	< 6.12.0-55.30.1.el10_0	6.12.0-55.30.1.el10_0	Jul 4, 2025	In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") simplified cm_id resource management by freeing cm_id once all ref
CVE-2025-38206		—	< 5.14.0-611.35.1.el9_7	5.14.0-611.35.1.el9_7	Jul 4, 2025	In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : fre
CVE-2025-38200		—	< 4.18.0-553.71.1.el8_10	4.18.0-553.71.1.el8_10	Jul 4, 2025	In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer unde
CVE-2025-38180		—	< 4.18.0-553.115.1.el8_10	4.18.0-553.115.1.el8_10	Jul 4, 2025	In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF.
CVE-2025-38124	Med	5.5	< 5.14.0-570.35.1.el9_6	5.14.0-570.35.1.el9_6	Jul 3, 2025	In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 ("net: gso: fix udp gso fraglist segmentation after pull from frag_list") detected invalid geometry in frag_list skbs and redirects the
CVE-2025-38172		—	< 6.12.0-124.38.1.el10_1	6.12.0-124.38.1.el10_1	Jul 3, 2025	In the Linux kernel, the following vulnerability has been resolved: erofs: avoid using multiple devices with different type For multiple devices, both primary and extra devices should be the same type. `erofs_init_device` has already guaranteed that if the primary is a file-bac
CVE-2025-38159		—	< 4.18.0-553.69.1.el8_10	4.18.0-553.69.1.el8_10	Jul 3, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], &para[1])', which reads 5 bytes:
CVE-2025-38141		—	< 5.14.0-611.26.1.el9_7	5.14.0-611.26.1.el9_7	Jul 3, 2025	In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that md->zone_revalidate_map will change while calling this function. Only read it on
CVE-2025-38129		—	< 5.14.0-611.35.1.el9_7	5.14.0-611.35.1.el9_7	Jul 3, 2025	In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of
CVE-2025-38116		—	< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Jul 3, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix uaf in ath12k_core_init() When the execution of ath12k_core_hw_group_assign() or ath12k_core_hw_group_create() fails, the registered notifier chain is not unregistered properly. Its memory is
CVE-2025-38110		—	< 6.12.0-55.24.1.el10_0	6.12.0-55.24.1.el10_0	Jul 3, 2025	In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via C45 (clause 45) mdiobus, t
CVE-2025-38109		—	< 5.14.0-611.47.1.el9_7	5.14.0-611.47.1.el9_7	Jul 3, 2025	In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix ECVF vports unload on shutdown flow Fix shutdown flow UAF when a virtual function is created on the embedded chip (ECVF) of a BlueField device. In such case the vport acl ingress table is not prop
CVE-2025-38106		—	< 5.14.0-611.38.1.el9_7	5.14.0-611.38.1.el9_7	Jul 3, 2025	In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60 Read of size 8 at addr ffff88810de2d2c8 by task a.out/304 CPU:
CVE-2025-38089		—	< 5.14.0-570.28.1.el9_6	5.14.0-570.28.1.el9_6	Jun 30, 2025	In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC rep
CVE-2025-38088		—	< 6.12.0-55.24.1.el10_0	6.12.0-55.24.1.el10_0	Jun 30, 2025	In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap memtrace mmap issue has an out of bounds issue. This patch fixes the by checking that the requested mapping region size should stay within the

CVE-2025-38250Jul 9, 2025
affected < 4.18.0-553.70.1.el8_10fixed 4.18.0-553.70.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor while its device was being use
CVE-2025-38248Jul 9, 2025
affected < 4.18.0-553.107.1.el8_10fixed 4.18.0-553.107.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a multicast router resides. The list is consulted during forwarding to ensure multicas
CVE-2024-36357MedJul 8, 2025
affected < 5.14.0-570.62.1.el9_6fixed 5.14.0-570.62.1.el9_6
A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
CVE-2024-36350MedJul 8, 2025
affected < 5.14.0-570.62.1.el9_6fixed 5.14.0-570.62.1.el9_6
A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
CVE-2025-38220Jul 4, 2025
affected < 6.12.0-55.30.1.el10_0fixed 6.12.0-55.30.1.el10_0
In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data journaling regular files fstest generic/388 occasionally reproduces a crash that looks as follows: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Tra
CVE-2025-38211Jul 4, 2025
affected < 6.12.0-55.30.1.el10_0fixed 6.12.0-55.30.1.el10_0
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") simplified cm_id resource management by freeing cm_id once all ref
CVE-2025-38206Jul 4, 2025
affected < 5.14.0-611.35.1.el9_7fixed 5.14.0-611.35.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : fre
CVE-2025-38200Jul 4, 2025
affected < 4.18.0-553.71.1.el8_10fixed 4.18.0-553.71.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer unde
CVE-2025-38180Jul 4, 2025
affected < 4.18.0-553.115.1.el8_10fixed 4.18.0-553.115.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF.
CVE-2025-38124MedJul 3, 2025
affected < 5.14.0-570.35.1.el9_6fixed 5.14.0-570.35.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 ("net: gso: fix udp gso fraglist segmentation after pull from frag_list") detected invalid geometry in frag_list skbs and redirects the
CVE-2025-38172Jul 3, 2025
affected < 6.12.0-124.38.1.el10_1fixed 6.12.0-124.38.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: erofs: avoid using multiple devices with different type For multiple devices, both primary and extra devices should be the same type. `erofs_init_device` has already guaranteed that if the primary is a file-bac
CVE-2025-38159Jul 3, 2025
affected < 4.18.0-553.69.1.el8_10fixed 4.18.0-553.69.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], &para[1])', which reads 5 bytes:
CVE-2025-38141Jul 3, 2025
affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that md->zone_revalidate_map will change while calling this function. Only read it on
CVE-2025-38129Jul 3, 2025
affected < 5.14.0-611.35.1.el9_7fixed 5.14.0-611.35.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of
CVE-2025-38116Jul 3, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix uaf in ath12k_core_init() When the execution of ath12k_core_hw_group_assign() or ath12k_core_hw_group_create() fails, the registered notifier chain is not unregistered properly. Its memory is
CVE-2025-38110Jul 3, 2025
affected < 6.12.0-55.24.1.el10_0fixed 6.12.0-55.24.1.el10_0
In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via C45 (clause 45) mdiobus, t
CVE-2025-38109Jul 3, 2025
affected < 5.14.0-611.47.1.el9_7fixed 5.14.0-611.47.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix ECVF vports unload on shutdown flow Fix shutdown flow UAF when a virtual function is created on the embedded chip (ECVF) of a BlueField device. In such case the vport acl ingress table is not prop
CVE-2025-38106Jul 3, 2025
affected < 5.14.0-611.38.1.el9_7fixed 5.14.0-611.38.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60 Read of size 8 at addr ffff88810de2d2c8 by task a.out/304 CPU:
CVE-2025-38089Jun 30, 2025
affected < 5.14.0-570.28.1.el9_6fixed 5.14.0-570.28.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC rep
CVE-2025-38088Jun 30, 2025
affected < 6.12.0-55.24.1.el10_0fixed 6.12.0-55.24.1.el10_0
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap memtrace mmap issue has an out of bounds issue. This patch fixes the by checking that the requested mapping region size should stay within the

Page 9 of 59