rpm package

almalinux/kernel-cross-headers

pkg:rpm/almalinux/kernel-cross-headers

Vulnerabilities (1,148)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-3773	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Feb 16, 2022	A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
CVE-2022-0617	—	< 4.18.0-425.3.1.el8	4.18.0-425.3.1.el8	Feb 16, 2022	A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.
CVE-2022-24448	—	< 4.18.0-425.3.1.el8	4.18.0-425.3.1.el8	Feb 4, 2022	An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns
CVE-2022-0286	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Jan 31, 2022	A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.
CVE-2021-4083	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Jan 18, 2022	A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalat
CVE-2021-45485	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Dec 25, 2021	In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
CVE-2021-45486	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Dec 25, 2021	In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
CVE-2021-44733	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Dec 22, 2021	A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
CVE-2021-43975	—	< 4.18.0-513.5.1.el8_9	4.18.0-513.5.1.el8_9	Nov 17, 2021	In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
CVE-2021-43976	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Nov 17, 2021	In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
CVE-2021-43389	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Nov 4, 2021	An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
CVE-2020-27820	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Nov 2, 2021	A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).
CVE-2021-43056	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Oct 28, 2021	An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.
CVE-2021-0941	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Oct 25, 2021	In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAn
CVE-2021-42739	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Oct 20, 2021	The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
CVE-2021-41864	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Oct 1, 2021	prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
CVE-2021-21781	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Aug 18, 2021	An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An
CVE-2021-37159	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Jul 21, 2021	hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
CVE-2021-3612	—	< 4.18.0-372.9.1.el8	4.18.0-372.9.1.el8	Jul 9, 2021	An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highe
CVE-2020-26555	—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	May 24, 2021	Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

CVE-2021-3773Feb 16, 2022
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
CVE-2022-0617Feb 16, 2022
affected < 4.18.0-425.3.1.el8fixed 4.18.0-425.3.1.el8
A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.
CVE-2022-24448Feb 4, 2022
affected < 4.18.0-425.3.1.el8fixed 4.18.0-425.3.1.el8
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns
CVE-2022-0286Jan 31, 2022
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.
CVE-2021-4083Jan 18, 2022
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalat
CVE-2021-45485Dec 25, 2021
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
CVE-2021-45486Dec 25, 2021
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
CVE-2021-44733Dec 22, 2021
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
CVE-2021-43975Nov 17, 2021
affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
CVE-2021-43976Nov 17, 2021
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
CVE-2021-43389Nov 4, 2021
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
CVE-2020-27820Nov 2, 2021
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).
CVE-2021-43056Oct 28, 2021
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.
CVE-2021-0941Oct 25, 2021
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAn
CVE-2021-42739Oct 20, 2021
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
CVE-2021-41864Oct 1, 2021
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
CVE-2021-21781Aug 18, 2021
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An
CVE-2021-37159Jul 21, 2021
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
CVE-2021-3612Jul 9, 2021
affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highe
CVE-2020-26555May 24, 2021
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

Page 57 of 58