rpm package
almalinux/kernel-debug-modules-core
pkg:rpm/almalinux/kernel-debug-modules-core
Vulnerabilities (831)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-39841 | Hig | 7.8 | < 5.14.0-570.55.1.el9_6 | 5.14.0-570.55.1.el9_6 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only t | |
| CVE-2025-39840 | — | < 5.14.0-611.20.1.el9_7 | 5.14.0-611.20.1.el9_7 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can o | ||
| CVE-2023-53373 | — | < 5.14.0-570.52.1.el9_6 | 5.14.0-570.52.1.el9_6 | Sep 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller | ||
| CVE-2022-50367 | — | < 5.14.0-570.60.1.el9_6 | 5.14.0-570.60.1.el9_6 | Sep 17, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode( | ||
| CVE-2025-39817 | Hig | 7.1 | < 5.14.0-570.55.1.el9_6 | 5.14.0-570.55.1.el9_6 | Sep 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasan_check_range+0xe8/0x190 | |
| CVE-2025-39806 | Hig | 7.1 | < 5.14.0-611.20.1.el9_7 | 5.14.0-611.20.1.el9_7 | Sep 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() A malicious HID device can trigger a slab out-of-bounds during mt_report_fixup() by passing in report descriptor smaller than 607 bytes. mt_re | |
| CVE-2025-39818 | — | < 5.14.0-611.41.1.el9_7 | 5.14.0-611.41.1.el9_7 | Sep 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer (&dev->i2c_subip_regs) caused kernel crash and out-of-bounds error: BUG: KASAN: slab-out-of-b | ||
| CVE-2025-40300 | Med | 5.5 | < 5.14.0-570.62.1.el9_6 | 5.14.0-570.62.1.el9_6 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already | |
| CVE-2025-39766 | Hig | 7.8 | < 5.14.0-687.10.1.el9_8 | 5.14.0-687.10.1.el9_8 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit The following setup can trigger a WARNING in htb_activate due to the condition: !cl->leaf.q->q.qlen tc qdisc del dev lo root tc qdisc add | |
| CVE-2025-39760 | Hig | 7.1 | < 5.14.0-611.30.1.el9_7 | 5.14.0-611.30.1.el9_7 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type before length, enabling a potentially odd read outside of the buffer size. Fix this | |
| CVE-2025-39757 | Hig | 7.1 | < 5.14.0-570.52.1.el9_6 | 5.14.0-570.52.1.el9_6 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer s | |
| CVE-2025-39761 | — | < 5.14.0-570.51.1.el9_6 | 5.14.0-570.51.1.el9_6 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Decrement TID on RX peer frag setup error handling Currently, TID is not decremented before peer cleanup, during error handling path of ath12k_dp_rx_peer_frag_setup(). This could lead to out-of-bo | ||
| CVE-2025-39730 | — | < 6.12.0-124.13.1.el10_1 | 6.12.0-124.13.1.el10_1 | Sep 7, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle. | ||
| CVE-2025-39702 | Hig | 7.0 | < 5.14.0-570.60.1.el9_6 | 5.14.0-570.60.1.el9_6 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. | |
| CVE-2025-39694 | Med | 5.5 | < 5.14.0-570.46.1.el9_6 | 5.14.0-570.46.1.el9_6 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix SCCB present check Tracing code called by the SCLP interrupt handler contains early exits if the SCCB address associated with an interrupt is NULL. This check is performed after physical to virtu | |
| CVE-2025-39682 | Hig | 7.1 | < 5.14.0-570.49.1.el9_6 | 5.14.0-570.49.1.el9_6 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type | |
| CVE-2025-39698 | — | < 5.14.0-570.49.1.el9_6 | 5.14.0-570.49.1.el9_6 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure io_futex_wait() cleans up properly on failure The io_futex_data is allocated upfront and assigned to the io_kiocb async_data field, but the request isn't marked with REQ_F_ASYNC_DATA at t | ||
| CVE-2025-38737 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it is given. Setti | ||
| CVE-2025-38731 | — | < 5.14.0-611.26.1.el9_7 | 5.14.0-611.26.1.el9_7 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vm_bind_ioctl double free bug If the argument check during an array bind fails, the bind_ops are freed twice as seen below. Fix this by setting bind_ops to NULL after freeing. ===================== | ||
| CVE-2025-38724 | Hig | 7.8 | < 5.14.0-611.11.1.el9_7 | 5.14.0-611.11.1.el9_7 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM c |
- affected < 5.14.0-570.55.1.el9_6fixed 5.14.0-570.55.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only t
- CVE-2025-39840Sep 19, 2025affected < 5.14.0-611.20.1.el9_7fixed 5.14.0-611.20.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can o
- CVE-2023-53373Sep 18, 2025affected < 5.14.0-570.52.1.el9_6fixed 5.14.0-570.52.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller
- CVE-2022-50367Sep 17, 2025affected < 5.14.0-570.60.1.el9_6fixed 5.14.0-570.60.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode(
- affected < 5.14.0-570.55.1.el9_6fixed 5.14.0-570.55.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasan_check_range+0xe8/0x190
- affected < 5.14.0-611.20.1.el9_7fixed 5.14.0-611.20.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() A malicious HID device can trigger a slab out-of-bounds during mt_report_fixup() by passing in report descriptor smaller than 607 bytes. mt_re
- CVE-2025-39818Sep 16, 2025affected < 5.14.0-611.41.1.el9_7fixed 5.14.0-611.41.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer (&dev->i2c_subip_regs) caused kernel crash and out-of-bounds error: BUG: KASAN: slab-out-of-b
- affected < 5.14.0-570.62.1.el9_6fixed 5.14.0-570.62.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already
- affected < 5.14.0-687.10.1.el9_8fixed 5.14.0-687.10.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit The following setup can trigger a WARNING in htb_activate due to the condition: !cl->leaf.q->q.qlen tc qdisc del dev lo root tc qdisc add
- affected < 5.14.0-611.30.1.el9_7fixed 5.14.0-611.30.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type before length, enabling a potentially odd read outside of the buffer size. Fix this
- affected < 5.14.0-570.52.1.el9_6fixed 5.14.0-570.52.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer s
- CVE-2025-39761Sep 11, 2025affected < 5.14.0-570.51.1.el9_6fixed 5.14.0-570.51.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Decrement TID on RX peer frag setup error handling Currently, TID is not decremented before peer cleanup, during error handling path of ath12k_dp_rx_peer_frag_setup(). This could lead to out-of-bo
- CVE-2025-39730Sep 7, 2025affected < 6.12.0-124.13.1.el10_1fixed 6.12.0-124.13.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle.
- affected < 5.14.0-570.60.1.el9_6fixed 5.14.0-570.60.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.
- affected < 5.14.0-570.46.1.el9_6fixed 5.14.0-570.46.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix SCCB present check Tracing code called by the SCLP interrupt handler contains early exits if the SCCB address associated with an interrupt is NULL. This check is performed after physical to virtu
- affected < 5.14.0-570.49.1.el9_6fixed 5.14.0-570.49.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type
- CVE-2025-39698Sep 5, 2025affected < 5.14.0-570.49.1.el9_6fixed 5.14.0-570.49.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure io_futex_wait() cleans up properly on failure The io_futex_data is allocated upfront and assigned to the io_kiocb async_data field, but the request isn't marked with REQ_F_ASYNC_DATA at t
- CVE-2025-38737Sep 5, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it is given. Setti
- CVE-2025-38731Sep 5, 2025affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vm_bind_ioctl double free bug If the argument check during an array bind fails, the bind_ops are freed twice as seen below. Fix this by setting bind_ops to NULL after freeing. =====================
- affected < 5.14.0-611.11.1.el9_7fixed 5.14.0-611.11.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM c
Page 9 of 42