rpm package
almalinux/kernel-cross-headers
pkg:rpm/almalinux/kernel-cross-headers
Vulnerabilities (1,148)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-29154 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Apr 8, 2021 | BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. | ||
| CVE-2021-30002 | — | < 4.18.0-425.3.1.el8 | 4.18.0-425.3.1.el8 | Apr 2, 2021 | An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. | ||
| CVE-2020-4788 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Nov 20, 2020 | IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | ||
| CVE-2020-28915 | — | < 4.18.0-372.13.1.el8_6 | 4.18.0-372.13.1.el8_6 | Nov 18, 2020 | A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | ||
| CVE-2020-0404 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Sep 17, 2020 | In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Produ | ||
| CVE-2020-13974 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Jun 9, 2020 | An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in | ||
| CVE-2018-13405 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Jul 6, 2018 | The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no | ||
| CVE-2017-5715 | — | < 4.18.0-372.9.1.el8 | 4.18.0-372.9.1.el8 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. |
- CVE-2021-29154Apr 8, 2021affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
- CVE-2021-30002Apr 2, 2021affected < 4.18.0-425.3.1.el8fixed 4.18.0-425.3.1.el8
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
- CVE-2020-4788Nov 20, 2020affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
- CVE-2020-28915Nov 18, 2020affected < 4.18.0-372.13.1.el8_6fixed 4.18.0-372.13.1.el8_6
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.
- CVE-2020-0404Sep 17, 2020affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Produ
- CVE-2020-13974Jun 9, 2020affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in
- CVE-2018-13405Jul 6, 2018affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no
- CVE-2017-5715Jan 4, 2018affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Page 58 of 58