rpm package
almalinux/kernel-debug-core
pkg:rpm/almalinux/kernel-debug-core
Vulnerabilities (1,153)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-22056 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix geneve_opt type confusion addition When handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the parsing logic should place every geneve_opt structure one by one compactly. Hence | ||
| CVE-2025-22055 | — | < 5.14.0-570.21.1.el9_6 | 5.14.0-570.21.1.el9_6 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: fix geneve_opt length integer overflow struct geneve_opt uses 5 bit length for each single option, which means every vary size option should be smaller than 128 bytes. However, all current related Netlink | ||
| CVE-2023-53034 | — | < 6.12.0-124.38.1.el10_1 | 6.12.0-124.38.1.el10_1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and size. This would make xlate_pos negative. [ 23.734156] switcht | ||
| CVE-2025-22020 | — | < 5.14.0-570.32.1.el9_6 | 5.14.0-570.32.1.el9_6 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rt | ||
| CVE-2025-22004 | — | < 5.14.0-570.25.1.el9_6 | 5.14.0-570.25.1.el9_6 | Apr 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free. | ||
| CVE-2025-21999 | — | < 5.14.0-570.22.1.el9_6 | 5.14.0-570.22.1.el9_6 | Apr 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc | ||
| CVE-2025-21997 | — | < 5.14.0-570.21.1.el9_6 | 5.14.0-570.21.1.el9_6 | Apr 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem() Since the i and pool->chunk_size variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different | ||
| CVE-2025-21993 | — | < 5.14.0-570.16.1.el9_6 | 5.14.0-570.16.1.el9_6 | Apr 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 pref | ||
| CVE-2025-21991 | — | < 5.14.0-570.26.1.el9_6 | 5.14.0-570.26.1.el9_6 | Apr 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the | ||
| CVE-2025-21979 | Hig | 7.8 | < 5.14.0-570.22.1.el9_6 | 5.14.0-570.22.1.el9_6 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel wiphy_work before freeing wiphy A wiphy_work can be queued from the moment the wiphy is allocated and initialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the rdev::wiphy_work is | |
| CVE-2025-21976 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: fbdev: hyperv_fb: Allow graceful removal of framebuffer When a Hyper-V framebuffer device is unbind, hyperv_fb driver tries to release the framebuffer forcefully. If this framebuffer is in use it produce the fo | ||
| CVE-2025-21969 | — | < 5.14.0-570.22.1.el9_6 | 5.14.0-570.22.1.el9_6 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive data work queue references the released l2cap_conn when sending to the upper laye | ||
| CVE-2025-21966 | — | < 5.14.0-570.17.1.el9_6 | 5.14.0-570.17.1.el9_6 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature Fix memory corruption due to incorrect parameter being passed to bio_init | ||
| CVE-2025-21964 | — | < 5.14.0-570.18.1.el9_6 | 5.14.0-570.18.1.el9_6 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from s | ||
| CVE-2025-21963 | — | < 5.14.0-570.22.1.el9_6 | 5.14.0-570.22.1.el9_6 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from s | ||
| CVE-2025-21962 | — | < 5.14.0-570.32.1.el9_6 | 5.14.0-570.32.1.el9_6 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option User-provided mount parameter closetimeo of type u32 is intended to have an upper limit, but before it is validated, the value is converted fr | ||
| CVE-2025-21961 | — | < 5.14.0-570.22.1.el9_6 | 5.14.0-570.22.1.el9_6 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix truesize for mb-xdp-pass case When mb-xdp is set and return is XDP_PASS, packet is converted from xdp_buff to sk_buff with xdp_update_skb_shared_info() in bnxt_xdp_build_skb(). bnxt_xdp_build_skb | ||
| CVE-2025-21929 | — | < 5.14.0-570.32.1.el9_6 | 5.14.0-570.32.1.el9_6 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the `rmmod` operation for the `intel_ishtp_hid` driver, a use-after-free issue can occur in the hid_ishtp_cl_remove() function. The f | ||
| CVE-2025-21928 | — | < 5.14.0-570.32.1.el9_6 | 5.14.0-570.32.1.el9_6 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freein | ||
| CVE-2025-21927 | — | < 5.14.0-570.16.1.el9_6 | 5.14.0-570.16.1.el9_6 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn't check the validity of the header length. When header digests are enabled, a target might send a packet with an invali |
- CVE-2025-22056Apr 16, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix geneve_opt type confusion addition When handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the parsing logic should place every geneve_opt structure one by one compactly. Hence
- CVE-2025-22055Apr 16, 2025affected < 5.14.0-570.21.1.el9_6fixed 5.14.0-570.21.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: net: fix geneve_opt length integer overflow struct geneve_opt uses 5 bit length for each single option, which means every vary size option should be smaller than 128 bytes. However, all current related Netlink
- CVE-2023-53034Apr 16, 2025affected < 6.12.0-124.38.1.el10_1fixed 6.12.0-124.38.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and size. This would make xlate_pos negative. [ 23.734156] switcht
- CVE-2025-22020Apr 16, 2025affected < 5.14.0-570.32.1.el9_6fixed 5.14.0-570.32.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rt
- CVE-2025-22004Apr 3, 2025affected < 5.14.0-570.25.1.el9_6fixed 5.14.0-570.25.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free.
- CVE-2025-21999Apr 3, 2025affected < 5.14.0-570.22.1.el9_6fixed 5.14.0-570.22.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc
- CVE-2025-21997Apr 3, 2025affected < 5.14.0-570.21.1.el9_6fixed 5.14.0-570.21.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem() Since the i and pool->chunk_size variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different
- CVE-2025-21993Apr 2, 2025affected < 5.14.0-570.16.1.el9_6fixed 5.14.0-570.16.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 pref
- CVE-2025-21991Apr 2, 2025affected < 5.14.0-570.26.1.el9_6fixed 5.14.0-570.26.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the
- affected < 5.14.0-570.22.1.el9_6fixed 5.14.0-570.22.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel wiphy_work before freeing wiphy A wiphy_work can be queued from the moment the wiphy is allocated and initialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the rdev::wiphy_work is
- CVE-2025-21976Apr 1, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: fbdev: hyperv_fb: Allow graceful removal of framebuffer When a Hyper-V framebuffer device is unbind, hyperv_fb driver tries to release the framebuffer forcefully. If this framebuffer is in use it produce the fo
- CVE-2025-21969Apr 1, 2025affected < 5.14.0-570.22.1.el9_6fixed 5.14.0-570.22.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive data work queue references the released l2cap_conn when sending to the upper laye
- CVE-2025-21966Apr 1, 2025affected < 5.14.0-570.17.1.el9_6fixed 5.14.0-570.17.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature Fix memory corruption due to incorrect parameter being passed to bio_init
- CVE-2025-21964Apr 1, 2025affected < 5.14.0-570.18.1.el9_6fixed 5.14.0-570.18.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from s
- CVE-2025-21963Apr 1, 2025affected < 5.14.0-570.22.1.el9_6fixed 5.14.0-570.22.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from s
- CVE-2025-21962Apr 1, 2025affected < 5.14.0-570.32.1.el9_6fixed 5.14.0-570.32.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option User-provided mount parameter closetimeo of type u32 is intended to have an upper limit, but before it is validated, the value is converted fr
- CVE-2025-21961Apr 1, 2025affected < 5.14.0-570.22.1.el9_6fixed 5.14.0-570.22.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix truesize for mb-xdp-pass case When mb-xdp is set and return is XDP_PASS, packet is converted from xdp_buff to sk_buff with xdp_update_skb_shared_info() in bnxt_xdp_build_skb(). bnxt_xdp_build_skb
- CVE-2025-21929Apr 1, 2025affected < 5.14.0-570.32.1.el9_6fixed 5.14.0-570.32.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the `rmmod` operation for the `intel_ishtp_hid` driver, a use-after-free issue can occur in the hid_ishtp_cl_remove() function. The f
- CVE-2025-21928Apr 1, 2025affected < 5.14.0-570.32.1.el9_6fixed 5.14.0-570.32.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freein
- CVE-2025-21927Apr 1, 2025affected < 5.14.0-570.16.1.el9_6fixed 5.14.0-570.16.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn't check the validity of the header length. When header digests are enabled, a target might send a packet with an invali
Page 12 of 58