rpm package
almalinux/kernel-debug
pkg:rpm/almalinux/kernel-debug
Vulnerabilities (1,153)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-49846 | — | < 5.14.0-570.25.1.el9_6 | 5.14.0-570.25.1.el9_6 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ====================================================== | ||
| CVE-2022-49845 | — | < 5.14.0-611.5.1.el9_7 | 5.14.0-611.5.1.el9_7 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access to struct canxl_frame::len inside of a j1939 created skbuff revealed a missing initialization of reserved and later filled ele | ||
| CVE-2022-49788 | — | < 4.18.0-553.62.1.el8_10 | 4.18.0-553.62.1.el8_10 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN | ||
| CVE-2025-37789 | — | < 5.14.0-611.30.1.el9_7 | 5.14.0-611.30.1.el9_7 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first. | ||
| CVE-2025-37750 | — | < 5.14.0-570.22.1.el9_6 | 5.14.0-570.22.1.el9_6 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 ("smb: client: allocate crypto only for primary server") and commit b0abcd65ec54 ("smb: client: fix UAF in async decryption"), the | ||
| CVE-2025-37749 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing s | ||
| CVE-2025-37738 | — | < 4.18.0-553.62.1.el8_10 | 4.18.0-553.62.1.el8_10 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: ignore xattrs past end Once inside 'ext4_xattr_inode_dec_ref_all' we should ignore xattrs entries past the 'end' entry. This fixes the following KASAN reported issue: =================================== | ||
| CVE-2025-23150 | — | < 4.18.0-553.62.1.el8_10 | 4.18.0-553.62.1.el8_10 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in do_split Syzkaller detected a use-after-free issue in ext4_insert_dentry that was caused by out-of-bounds access due to incorrect splitting in do_split. BUG: KASAN: use-after-free | ||
| CVE-2025-37785 | — | < 5.14.0-570.21.1.el9_6 | 5.14.0-570.21.1.el9_6 | Apr 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with rec_len == block size results in out-of-bounds read (later on, when the corrupted dir | ||
| CVE-2021-47670 | — | < 4.18.0-553.69.1.el8_10 | 4.18.0-553.69.1.el8_10 | Apr 17, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni(). | ||
| CVE-2025-22026 | Med | 5.5 | < 4.18.0-553.77.1.el8_10 | 4.18.0-553.77.1.el8_10 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svc_proc_register() Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it trie | |
| CVE-2025-22126 | — | < 5.14.0-570.22.1.el9_6 | 5.14.0-570.22.1.el9_6 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating all_mddevs list While iterating all_mddevs list from md_notify_reboot() and md_exit(), list_for_each_entry_safe is used, and this can race with deletint the next mddev, causing | ||
| CVE-2025-22121 | — | < 5.14.0-570.30.1.el9_6 | 5.14.0-570.30.1.el9_6 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() There's issue as follows: BUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 Read of size 4 at addr ffff88807b003000 by task syz | ||
| CVE-2025-22113 | — | < 5.14.0-570.30.1.el9_6 | 5.14.0-570.30.1.el9_6 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid journaling sb update on error if journal is destroying Presently we always BUG_ON if trying to start a transaction on a journal marked with JBD2_UNMOUNT, since this should never happen. However, whi | ||
| CVE-2025-22104 | — | < 5.14.0-570.23.1.el9_6 | 5.14.0-570.23.1.el9_6 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Use kernel helpers for hex dumps Previously, when the driver was printing hex dumps, the buffer was cast to an 8 byte long and printed using string formatters. If the buffer size was not a multiple of | ||
| CVE-2025-22097 | — | < 4.18.0-553.70.1.el8_10 | 4.18.0-553.70.1.el8_10 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config pointer and it might double free it. | ||
| CVE-2025-22091 | — | < 5.14.0-570.30.1.el9_6 | 5.14.0-570.30.1.el9_6 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix page_size variable overflow Change all variables storing mlx5_umem_mkc_find_best_pgsz() result to unsigned long to support values larger than 31 and avoid overflow. For example: If we try to reg | ||
| CVE-2025-22085 | — | < 5.14.0-570.30.1.el9_6 | 5.14.0-570.30.1.el9_6 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-us | ||
| CVE-2025-22068 | — | < 6.12.0-124.16.1.el10_1 | 6.12.0-124.16.1.el10_1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ublk: make sure ubq->canceling is set when queue is frozen Now ublk driver depends on `ubq->canceling` for deciding if the request can be dispatched via uring_cmd & io_uring_cmd_complete_in_task(). Once ubq->c | ||
| CVE-2025-22058 | — | < 5.14.0-570.37.1.el9_6 | 5.14.0-570.37.1.el9_6 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasional |
- CVE-2022-49846May 1, 2025affected < 5.14.0-570.25.1.el9_6fixed 5.14.0-570.25.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ======================================================
- CVE-2022-49845May 1, 2025affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access to struct canxl_frame::len inside of a j1939 created skbuff revealed a missing initialization of reserved and later filled ele
- CVE-2022-49788May 1, 2025affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN
- CVE-2025-37789May 1, 2025affected < 5.14.0-611.30.1.el9_7fixed 5.14.0-611.30.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first.
- CVE-2025-37750May 1, 2025affected < 5.14.0-570.22.1.el9_6fixed 5.14.0-570.22.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 ("smb: client: allocate crypto only for primary server") and commit b0abcd65ec54 ("smb: client: fix UAF in async decryption"), the
- CVE-2025-37749May 1, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing s
- CVE-2025-37738May 1, 2025affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ext4: ignore xattrs past end Once inside 'ext4_xattr_inode_dec_ref_all' we should ignore xattrs entries past the 'end' entry. This fixes the following KASAN reported issue: ===================================
- CVE-2025-23150May 1, 2025affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in do_split Syzkaller detected a use-after-free issue in ext4_insert_dentry that was caused by out-of-bounds access due to incorrect splitting in do_split. BUG: KASAN: use-after-free
- CVE-2025-37785Apr 18, 2025affected < 5.14.0-570.21.1.el9_6fixed 5.14.0-570.21.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with rec_len == block size results in out-of-bounds read (later on, when the corrupted dir
- CVE-2021-47670Apr 17, 2025affected < 4.18.0-553.69.1.el8_10fixed 4.18.0-553.69.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni().
- affected < 4.18.0-553.77.1.el8_10fixed 4.18.0-553.77.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svc_proc_register() Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it trie
- CVE-2025-22126Apr 16, 2025affected < 5.14.0-570.22.1.el9_6fixed 5.14.0-570.22.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating all_mddevs list While iterating all_mddevs list from md_notify_reboot() and md_exit(), list_for_each_entry_safe is used, and this can race with deletint the next mddev, causing
- CVE-2025-22121Apr 16, 2025affected < 5.14.0-570.30.1.el9_6fixed 5.14.0-570.30.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() There's issue as follows: BUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 Read of size 4 at addr ffff88807b003000 by task syz
- CVE-2025-22113Apr 16, 2025affected < 5.14.0-570.30.1.el9_6fixed 5.14.0-570.30.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid journaling sb update on error if journal is destroying Presently we always BUG_ON if trying to start a transaction on a journal marked with JBD2_UNMOUNT, since this should never happen. However, whi
- CVE-2025-22104Apr 16, 2025affected < 5.14.0-570.23.1.el9_6fixed 5.14.0-570.23.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Use kernel helpers for hex dumps Previously, when the driver was printing hex dumps, the buffer was cast to an 8 byte long and printed using string formatters. If the buffer size was not a multiple of
- CVE-2025-22097Apr 16, 2025affected < 4.18.0-553.70.1.el8_10fixed 4.18.0-553.70.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config pointer and it might double free it.
- CVE-2025-22091Apr 16, 2025affected < 5.14.0-570.30.1.el9_6fixed 5.14.0-570.30.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix page_size variable overflow Change all variables storing mlx5_umem_mkc_find_best_pgsz() result to unsigned long to support values larger than 31 and avoid overflow. For example: If we try to reg
- CVE-2025-22085Apr 16, 2025affected < 5.14.0-570.30.1.el9_6fixed 5.14.0-570.30.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-us
- CVE-2025-22068Apr 16, 2025affected < 6.12.0-124.16.1.el10_1fixed 6.12.0-124.16.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: ublk: make sure ubq->canceling is set when queue is frozen Now ublk driver depends on `ubq->canceling` for deciding if the request can be dispatched via uring_cmd & io_uring_cmd_complete_in_task(). Once ubq->c
- CVE-2025-22058Apr 16, 2025affected < 5.14.0-570.37.1.el9_6fixed 5.14.0-570.37.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasional
Page 11 of 58