rpm package
almalinux/kernel-cross-headers
pkg:rpm/almalinux/kernel-cross-headers
Vulnerabilities (1,148)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-4157 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Mar 25, 2022 | An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileg | ||
| CVE-2021-4203 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Mar 25, 2022 | A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. | ||
| CVE-2021-4197 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Mar 23, 2022 | An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cg | ||
| CVE-2022-0854 | — | < 4.18.0-425.3.1.el8 | 4.18.0-425.3.1.el8 | Mar 23, 2022 | A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. | ||
| CVE-2022-27666 | — | < 5.14.0-70.17.1.el9_0 | 5.14.0-70.17.1.el9_0 | Mar 23, 2022 | A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. | ||
| CVE-2022-1011 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Mar 18, 2022 | A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. | ||
| CVE-2022-23960 | — | < 4.18.0-425.3.1.el8 | 4.18.0-425.3.1.el8 | Mar 12, 2022 | Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow th | ||
| CVE-2022-0002 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Mar 11, 2022 | Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||
| CVE-2021-26341 | — | < 5.14.0-284.11.1.el9_2 | 5.14.0-284.11.1.el9_2 | Mar 11, 2022 | Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. | ||
| CVE-2021-26401 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Mar 11, 2022 | LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. | ||
| CVE-2022-0001 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Mar 11, 2022 | Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||
| CVE-2021-3744 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Mar 4, 2022 | A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. | ||
| CVE-2021-3743 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Mar 4, 2022 | An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat | ||
| CVE-2021-3640 | — | < 4.18.0-425.3.1.el8 | 4.18.0-425.3.1.el8 | Mar 3, 2022 | A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable fau | ||
| CVE-2021-4002 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Mar 3, 2022 | A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized acces | ||
| CVE-2021-3772 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Mar 2, 2022 | A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. | ||
| CVE-2020-36516 | — | < 4.18.0-425.3.1.el8 | 4.18.0-425.3.1.el8 | Feb 26, 2022 | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. | ||
| CVE-2021-20322 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Feb 18, 2022 | A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomizat | ||
| CVE-2022-25265 | — | < 4.18.0-477.10.1.el8_8 | 4.18.0-477.10.1.el8_8 | Feb 16, 2022 | In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file. | ||
| CVE-2021-3752 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Feb 16, 2022 | A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vuln |
- CVE-2021-4157Mar 25, 2022affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileg
- CVE-2021-4203Mar 25, 2022affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
- CVE-2021-4197Mar 23, 2022affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cg
- CVE-2022-0854Mar 23, 2022affected < 4.18.0-425.3.1.el8fixed 4.18.0-425.3.1.el8
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
- CVE-2022-27666Mar 23, 2022affected < 5.14.0-70.17.1.el9_0fixed 5.14.0-70.17.1.el9_0
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
- CVE-2022-1011Mar 18, 2022affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
- CVE-2022-23960Mar 12, 2022affected < 4.18.0-425.3.1.el8fixed 4.18.0-425.3.1.el8
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow th
- CVE-2022-0002Mar 11, 2022affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- CVE-2021-26341Mar 11, 2022affected < 5.14.0-284.11.1.el9_2fixed 5.14.0-284.11.1.el9_2
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
- CVE-2021-26401Mar 11, 2022affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
- CVE-2022-0001Mar 11, 2022affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- CVE-2021-3744Mar 4, 2022affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
- CVE-2021-3743Mar 4, 2022affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat
- CVE-2021-3640Mar 3, 2022affected < 4.18.0-425.3.1.el8fixed 4.18.0-425.3.1.el8
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable fau
- CVE-2021-4002Mar 3, 2022affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized acces
- CVE-2021-3772Mar 2, 2022affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
- CVE-2020-36516Feb 26, 2022affected < 4.18.0-425.3.1.el8fixed 4.18.0-425.3.1.el8
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
- CVE-2021-20322Feb 18, 2022affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomizat
- CVE-2022-25265Feb 16, 2022affected < 4.18.0-477.10.1.el8_8fixed 4.18.0-477.10.1.el8_8
In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.
- CVE-2021-3752Feb 16, 2022affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vuln
Page 56 of 58