VYPR

rpm package

almalinux/kernel-devel-matched

pkg:rpm/almalinux/kernel-devel-matched

Vulnerabilities (883)

  • CVE-2026-46331Jun 16, 2026
    affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account

  • CVE-2026-46316CriJun 9, 2026
    affected < 6.12.0-211.28.1.el10_2fixed 6.12.0-211.28.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each en

  • CVE-2026-46243HigJun 1, 2026
    affected < 6.12.0-211.20.1.el10_2fixed 6.12.0-211.20.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating in

  • CVE-2026-46189HigMay 28, 2026
    affected < 5.14.0-687.19.1.el9_8fixed 5.14.0-687.19.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path Sashiko points out that pvrdma_uar_free() is already called within pvrdma_dealloc_ucontext(), so calling it before triggers a double free.

  • CVE-2026-46181HigMay 28, 2026
    affected < 5.14.0-687.15.1.el9_8fixed 5.14.0-687.15.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() Sashiko points out the radix_tree itself is RCU safe, but nothing ever frees the mlx4_srq struct with RCU, and it isn't even accessed within the RCU critical se

  • CVE-2026-46176HigMay 28, 2026
    affected < 5.14.0-687.19.1.el9_8fixed 5.14.0-687.19.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() mlx5_ib_dev_res_srq_init() allocates two SRQs, s0 and s1. When ib_create_srq() fails for s1, the error branch destroys s0 but falls through a

  • CVE-2026-46173HigMay 28, 2026
    affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASK_DEAD task When an already-exiting task oopses, make_task_dead() currently calls do_task_dead() with preemption enabled. That is forbidden: do_task_dead() calls __schedu

  • CVE-2026-46166HigMay 28, 2026
    affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211_dfs_cac_cancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-aft

  • CVE-2026-46152HigMay 28, 2026
    affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rx_result ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but its per-invocation rx_result is declared static. Concurrent callers then share on

  • CVE-2026-46145HigMay 28, 2026
    affected < 5.14.0-687.17.1.el9_8fixed 5.14.0-687.17.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rx_hash_key_len Sashiko points out that rx_hash_key_len comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the mem

  • CVE-2026-46135CriMay 28, 2026
    affected < 5.14.0-687.17.1.el9_8fixed 5.14.0-687.17.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmet_tcp_handle_icreq() updates queue->state after sending an Initialization Connection Response (ICResp), but it does so without serializing again

  • CVE-2026-46125HigMay 28, 2026
    affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: remove station if connection prep fails If connection preparation fails for MLO connections, then the interface is completely reset to non-MLD. In this case, we must not keep the station since i

  • CVE-2026-46117HigMay 28, 2026
    affected < 5.14.0-687.17.1.el9_8fixed 5.14.0-687.17.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() Sashiko points out that the user can specify WQs sharing the same CQ as a part of the uAPI and this will trigger the WARN_ON() then go on

  • CVE-2026-46090HigMay 27, 2026
    affected < 5.14.0-687.19.1.el9_8fixed 5.14.0-687.19.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa6

  • CVE-2026-46056HigMay 27, 2026
    affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in hci_user_passkey_notify_evt() and hci_keypress_notify_evt(), otherwise the connec

  • CVE-2026-46054HigMay 27, 2026
    affected < 6.12.0-211.22.1.el10_2fixed 6.12.0-211.22.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() and mprotect() access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file (the "user" file) and the

  • CVE-2026-45984HigMay 27, 2026
    affected < 5.14.0-687.17.1.el9_8fixed 5.14.0-687.17.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head (dibh) is being released prematurely in gfs2_iomap_begin() via release_metapath() while iomap->inline_data still points to di

  • CVE-2026-45898CriMay 27, 2026
    affected < 6.12.0-211.28.1.el10_2fixed 6.12.0-211.28.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing work_list The commit e1168f0 ("RDMA/iwcm: Simplify cm_event_handler()") changed the work submission logic to unconditionally call queue_work() with the expec

  • CVE-2026-45852HigMay 27, 2026
    affected < 5.14.0-687.15.1.el9_8fixed 5.14.0-687.15.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxe_srq_from_init In rxe_srq_from_init(), the queue pointer 'q' is assigned to 'srq->rq.queue' before copying the SRQ number to user space. If copy_to_user() fails, the function cal

  • CVE-2026-46300HigMay 23, 2026
    affected < 5.14.0-687.10.1.el9_8fixed 5.14.0-687.10.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally

Page 1 of 45