VYPR

rpm package

almalinux/kernel-abi-whitelists

pkg:rpm/almalinux/kernel-abi-whitelists

Vulnerabilities (8)

  • CVE-2021-27365Mar 7, 2021
    affected < 4.18.0-240.22.1.el8_3fixed 4.18.0-240.22.1.el8_3

    An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up t

  • CVE-2021-27364Mar 7, 2021
    affected < 4.18.0-240.22.1.el8_3fixed 4.18.0-240.22.1.el8_3

    An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.

  • CVE-2021-27363Mar 7, 2021
    affected < 4.18.0-240.22.1.el8_3fixed 4.18.0-240.22.1.el8_3

    An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via t

  • CVE-2021-26708Feb 5, 2021
    affected < 4.18.0-240.22.1.el8_3fixed 4.18.0-240.22.1.el8_3

    A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-tr

  • CVE-2021-3347Jan 29, 2021
    affected < 4.18.0-240.22.1.el8_3fixed 4.18.0-240.22.1.el8_3

    An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.

  • CVE-2020-28374Jan 13, 2021
    affected < 4.18.0-240.22.1.el8_3fixed 4.18.0-240.22.1.el8_3

    In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack c

  • CVE-2020-0466Dec 14, 2020
    affected < 4.18.0-240.22.1.el8_3fixed 4.18.0-240.22.1.el8_3

    In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion

  • CVE-2020-27152Nov 6, 2020
    affected < 4.18.0-240.22.1.el8_3fixed 4.18.0-240.22.1.el8_3

    An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9.