rpm package
almalinux/kernel-debug-core
pkg:rpm/almalinux/kernel-debug-core
Vulnerabilities (1,256)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-49357 | — | < 5.14.0-611.5.1.el9_7 | 5.14.0-611.5.1.el9_7 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: efi: Do not import certificates from UEFI Secure Boot for T2 Macs On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables at early boot to load UEFI Secure Boot certificates, a page fault occ | ||
| CVE-2022-49353 | — | < 5.14.0-611.5.1.el9_7 | 5.14.0-611.5.1.el9_7 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: powerpc/papr_scm: don't requests stats with '0' sized stats buffer Sachin reported [1] that on a POWER-10 lpar he is seeing a kernel panic being reported with vPMEM when papr_scm probe is being called. The pani | ||
| CVE-2022-49269 | — | < 5.14.0-611.5.1.el9_7 | 5.14.0-611.5.1.el9_7 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: isotp: sanitize CAN ID checks in isotp_bind() Syzbot created an environment that lead to a state machine status that can not be reached with a compliant CAN ID address configuration. The provided address i | ||
| CVE-2022-49136 | — | < 4.18.0-553.60.1.el8_10 | 4.18.0-553.60.1.el8_10 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has been set as that means hci_unregister_dev has been called so it will like | ||
| CVE-2022-49111 | — | < 4.18.0-553.60.1.el8_10 | 4.18.0-553.60.1.el8_10 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hci_send_acl This fixes the following trace caused by receiving HCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without first checking if conn->type is in fact AMP | ||
| CVE-2022-49058 | — | < 4.18.0-553.62.1.el8_10 | 4.18.0-553.62.1.el8_10 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused be | ||
| CVE-2025-21702 | Hig | 7.8 | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Feb 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one | |
| CVE-2025-21696 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Feb 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm: clear uffd-wp PTE/PMD state on mremap() When mremap()ing a memory region previously registered with userfaultfd as write-protected but without UFFD_FEATURE_EVENT_REMAP, an inconsistency in flag clearing lea | ||
| CVE-2025-21693 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Feb 10, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the current CPU at the beginning of the operation is retrieved and use | ||
| CVE-2025-21691 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Feb 10, 2025 | In the Linux kernel, the following vulnerability has been resolved: cachestat: fix page cache statistics permission checking When the 'cachestat()' system call was added in commit cf264e1329fb ("cachestat: implement cachestat syscall"), it was meant to be a much more convenient | ||
| CVE-2025-21680 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Jan 31, 2025 | In the Linux kernel, the following vulnerability has been resolved: pktgen: Avoid out-of-bounds access in get_imix_entries Passing a sufficient amount of imix entries leads to invalid access to the pkt_dev->imix_entries array because of the incorrect boundary check. UBSAN: arr | ||
| CVE-2025-21672 | — | < 5.14.0-611.5.1.el9_7 | 5.14.0-611.5.1.el9_7 | Jan 31, 2025 | In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace[1]. This is because if argc is less than 0 and the function returns directly, the held inode lock is not | ||
| CVE-2025-21671 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Jan 31, 2025 | In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which will potentially cause zram_meta_free to access the table if user reset an f | ||
| CVE-2024-57942 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Jan 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfs: Fix ceph copy to cache on write-begin At the end of netfs_unlock_read_folio() in which folios are marked appropriately for copying to the cache (either with by being marked dirty and having their private | ||
| CVE-2024-57941 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Jan 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled (e.g. due to a DIO write on that file), future copying to the cache for that fi | ||
| CVE-2025-21655 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Jan 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directl | ||
| CVE-2025-21648 | Med | 5.5 | < 5.14.0-611.5.1.el9_7 | 5.14.0-611.5.1.el9_7 | Jan 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing has | |
| CVE-2025-21647 | Hig | 7.1 | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Jan 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters | |
| CVE-2025-21652 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Jan 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlan_get_iflink(). syzbot presented an use-after-free report [0] regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If t | ||
| CVE-2025-21631 | — | < 5.14.0-611.5.1.el9_7 | 5.14.0-611.5.1.el9_7 | Jan 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr |
- CVE-2022-49357Feb 26, 2025affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: efi: Do not import certificates from UEFI Secure Boot for T2 Macs On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables at early boot to load UEFI Secure Boot certificates, a page fault occ
- CVE-2022-49353Feb 26, 2025affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: powerpc/papr_scm: don't requests stats with '0' sized stats buffer Sachin reported [1] that on a POWER-10 lpar he is seeing a kernel panic being reported with vPMEM when papr_scm probe is being called. The pani
- CVE-2022-49269Feb 26, 2025affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: can: isotp: sanitize CAN ID checks in isotp_bind() Syzbot created an environment that lead to a state machine status that can not be reached with a compliant CAN ID address configuration. The provided address i
- CVE-2022-49136Feb 26, 2025affected < 4.18.0-553.60.1.el8_10fixed 4.18.0-553.60.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set hci_cmd_sync_queue shall return an error if HCI_UNREGISTER flag has been set as that means hci_unregister_dev has been called so it will like
- CVE-2022-49111Feb 26, 2025affected < 4.18.0-553.60.1.el8_10fixed 4.18.0-553.60.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hci_send_acl This fixes the following trace caused by receiving HCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without first checking if conn->type is in fact AMP
- CVE-2022-49058Feb 26, 2025affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused be
- affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one
- CVE-2025-21696Feb 12, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: mm: clear uffd-wp PTE/PMD state on mremap() When mremap()ing a memory region previously registered with userfaultfd as write-protected but without UFFD_FEATURE_EVENT_REMAP, an inconsistency in flag clearing lea
- CVE-2025-21693Feb 10, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the current CPU at the beginning of the operation is retrieved and use
- CVE-2025-21691Feb 10, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: cachestat: fix page cache statistics permission checking When the 'cachestat()' system call was added in commit cf264e1329fb ("cachestat: implement cachestat syscall"), it was meant to be a much more convenient
- CVE-2025-21680Jan 31, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: pktgen: Avoid out-of-bounds access in get_imix_entries Passing a sufficient amount of imix entries leads to invalid access to the pkt_dev->imix_entries array because of the incorrect boundary check. UBSAN: arr
- CVE-2025-21672Jan 31, 2025affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace[1]. This is because if argc is less than 0 and the function returns directly, the held inode lock is not
- CVE-2025-21671Jan 31, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which will potentially cause zram_meta_free to access the table if user reset an f
- CVE-2024-57942Jan 21, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix ceph copy to cache on write-begin At the end of netfs_unlock_read_folio() in which folios are marked appropriately for copying to the cache (either with by being marked dirty and having their private
- CVE-2024-57941Jan 21, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled (e.g. due to a DIO write on that file), future copying to the cache for that fi
- CVE-2025-21655Jan 20, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directl
- affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing has
- affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters
- CVE-2025-21652Jan 19, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlan_get_iflink(). syzbot presented an use-after-free report [0] regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If t
- CVE-2025-21631Jan 19, 2025affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr
Page 23 of 63