rpm package
almalinux/kernel-debug
pkg:rpm/almalinux/kernel-debug
Vulnerabilities (1,261)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-40995 | Med | 5.5 | < 4.18.0-553.22.1.el8_10 | 4.18.0-553.22.1.el8_10 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() syzbot found hanging tasks waiting on rtnl_lock [1] A reproducer is available in the syzbot bug. When a request to add multiple actions | |
| CVE-2024-40989 | Hig | 7.8 | < 4.18.0-553.22.1.el8_10 | 4.18.0-553.22.1.el8_10 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu. | |
| CVE-2024-40988 | Med | 5.5 | < 4.18.0-553.22.1.el8_10 | 4.18.0-553.22.1.el8_10 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix UBSAN warning in kv_dpm.c Adds bounds check for sumo_vid_mapping_entry. | |
| CVE-2024-40984 | Med | 5.5 | < 5.14.0-427.37.1.el9_4 | 5.14.0-427.37.1.el9_4 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid "Info: mapping multiple BARs. Your kernel is fine.""). The ini | |
| CVE-2024-40983 | Med | 5.5 | < 5.14.0-427.33.1.el9_4 | 5.14.0-427.33.1.el9_4 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before entering the xfrm type handlers"): "Crypto requests might return asynchronous. In this c | |
| CVE-2024-40978 | Hig | 7.1 | < 5.14.0-427.33.1.el9_4 | 5.14.0-427.33.1.el9_4 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash. To fix this issue, use a smal | |
| CVE-2024-40977 | Med | 5.5 | < 4.18.0-553.22.1.el8_10 | 4.18.0-553.22.1.el8_10 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery During chip recovery (e.g. chip reset), there is a possible situation that kernel worker reset_work is holding the lock and waiting for kernel | |
| CVE-2024-40972 | Med | 5.5 | < 4.18.0-553.22.1.el8_10 | 4.18.0-553.22.1.el8_10 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: do not create EA inode under buffer lock ext4_xattr_set_entry() creates new EA inodes while holding buffer lock on the external xattr block. This is problematic as it nests all the allocation locking (whi | |
| CVE-2024-40961 | Med | 5.5 | < 5.14.0-427.31.1.el9_4 | 5.14.0-427.31.1.el9_4 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL. fib6_nh_init() ip6_validate_gw( &idev ) ip6_route_check_nh( idev ) *idev = | |
| CVE-2024-40960 | Med | 5.5 | < 4.18.0-553.22.1.el8_10 | 4.18.0-553.22.1.el8_10 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if __in6_dev_get() returns NULL. [1] Oops: general protection fault, probably for non-canon | |
| CVE-2024-40959 | Med | 5.5 | < 4.18.0-553.22.1.el8_10 | 4.18.0-553.22.1.el8_10 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ip6_dst_idev() can return NULL, xfrm6_get_saddr() must act accordingly. syzbot reported: Oops: general protection fault, probably for non-canonica | |
| CVE-2024-40958 | Hig | 7.8 | < 5.14.0-427.31.1.el9_4 | 5.14.0-427.31.1.el9_4 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: netns: Make get_net_ns() handle zero refcount net Syzkaller hit a warning: refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0 Modules lin | |
| CVE-2024-40957 | Med | 5.5 | < 5.14.0-427.33.1.el9_4 | 5.14.0-427.33.1.el9_4 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors input_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for PREROUTING hook, in PREROUTING hook, we should pass | |
| CVE-2024-40954 | Hig | 7.8 | < 5.14.0-427.31.1.el9_4 | 5.14.0-427.31.1.el9_4 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: do not leave a dangling sk pointer, when socket creation fails It is possible to trigger a use-after-free by: * attaching an fentry probe to __sock_release() and the probe calling the bpf_get_socket_ | |
| CVE-2024-40941 | Med | 5.5 | < 5.14.0-427.33.1.el9_4 | 5.14.0-427.33.1.el9_4 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove t | |
| CVE-2024-40939 | Hig | 7.8 | < 5.14.0-427.33.1.el9_4 | 5.14.0-427.33.1.el9_4 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail In case of region creation fail in ipc_devlink_create_region(), previously created regions delete process starts from tainted pointer | |
| CVE-2024-40936 | Med | 5.5 | < 5.14.0-427.35.1.el9_4 | 5.14.0-427.35.1.el9_4 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix memregion leaks in devm_cxl_add_region() Move the mode verification to __create_region() before allocating the memregion to avoid the memregion leaks. | |
| CVE-2024-40931 | Med | 5.5 | < 4.18.0-553.22.1.el8_10 | 4.18.0-553.22.1.el8_10 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_una is properly initialized on connect This is strictly related to commit fb7a0d334894 ("mptcp: ensure snd_nxt is properly initialized on connect"). It turns out that syzkaller can trigger the | |
| CVE-2024-40929 | Hig | 7.1 | < 5.14.0-427.33.1.el9_4 | 5.14.0-427.33.1.el9_4 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids In some versions of cfg80211, the ssids poinet might be a valid one even though n_ssids is 0. Accessing the pointer in this case will cuase an out-of | |
| CVE-2024-40928 | Med | 5.5 | < 5.14.0-427.31.1.el9_4 | 5.14.0-427.31.1.el9_4 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() Clang static checker (scan-build) warning: net/ethtool/ioctl.c:line 2233, column 2 Called function pointer is null (null dereference). R |
- affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() syzbot found hanging tasks waiting on rtnl_lock [1] A reproducer is available in the syzbot bug. When a request to add multiple actions
- affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu.
- affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix UBSAN warning in kv_dpm.c Adds bounds check for sumo_vid_mapping_entry.
- affected < 5.14.0-427.37.1.el9_4fixed 5.14.0-427.37.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid "Info: mapping multiple BARs. Your kernel is fine.""). The ini
- affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before entering the xfrm type handlers"): "Crypto requests might return asynchronous. In this c
- affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash. To fix this issue, use a smal
- affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery During chip recovery (e.g. chip reset), there is a possible situation that kernel worker reset_work is holding the lock and waiting for kernel
- affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ext4: do not create EA inode under buffer lock ext4_xattr_set_entry() creates new EA inodes while holding buffer lock on the external xattr block. This is problematic as it nests all the allocation locking (whi
- affected < 5.14.0-427.31.1.el9_4fixed 5.14.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL. fib6_nh_init() ip6_validate_gw( &idev ) ip6_route_check_nh( idev ) *idev =
- affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if __in6_dev_get() returns NULL. [1] Oops: general protection fault, probably for non-canon
- affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ip6_dst_idev() can return NULL, xfrm6_get_saddr() must act accordingly. syzbot reported: Oops: general protection fault, probably for non-canonica
- affected < 5.14.0-427.31.1.el9_4fixed 5.14.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netns: Make get_net_ns() handle zero refcount net Syzkaller hit a warning: refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0 Modules lin
- affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors input_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for PREROUTING hook, in PREROUTING hook, we should pass
- affected < 5.14.0-427.31.1.el9_4fixed 5.14.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net: do not leave a dangling sk pointer, when socket creation fails It is possible to trigger a use-after-free by: * attaching an fentry probe to __sock_release() and the probe calling the bpf_get_socket_
- affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove t
- affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail In case of region creation fail in ipc_devlink_create_region(), previously created regions delete process starts from tainted pointer
- affected < 5.14.0-427.35.1.el9_4fixed 5.14.0-427.35.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix memregion leaks in devm_cxl_add_region() Move the mode verification to __create_region() before allocating the memregion to avoid the memregion leaks.
- affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_una is properly initialized on connect This is strictly related to commit fb7a0d334894 ("mptcp: ensure snd_nxt is properly initialized on connect"). It turns out that syzkaller can trigger the
- affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids In some versions of cfg80211, the ssids poinet might be a valid one even though n_ssids is 0. Accessing the pointer in this case will cuase an out-of
- affected < 5.14.0-427.31.1.el9_4fixed 5.14.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() Clang static checker (scan-build) warning: net/ethtool/ioctl.c:line 2233, column 2 Called function pointer is null (null dereference). R
Page 32 of 64