rpm package

almalinux/kernel-doc

pkg:rpm/almalinux/kernel-doc

Vulnerabilities (1,156)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-26595		—	< 4.18.0-553.22.1.el8_10	4.18.0-553.22.1.el8_10	Feb 23, 2024	In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer
CVE-2023-52464		—	< 4.18.0-553.8.1.el8_10	4.18.0-553.8.1.el8_10	Feb 23, 2024	In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat(): drivers/edac/thunderx_edac.c: In function 'thunderx
CVE-2023-52463		—	< 4.18.0-553.16.1.el8_10	4.18.0-553.16.1.el8_10	Feb 23, 2024	In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as
CVE-2024-26593		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Feb 23, 2024	In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to t
CVE-2023-52451		—	< 4.18.0-553.16.1.el8_10	4.18.0-553.16.1.el8_10	Feb 22, 2024	In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC inde
CVE-2023-52448		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Feb 22, 2024	In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Syzkaller has reported a NULL pointer dereference when accessing rgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating rgd->rd_gl fails in r
CVE-2023-52445		—	< 4.18.0-553.5.1.el8_10	4.18.0-553.5.1.el8_10	Feb 22, 2024	In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on t
CVE-2024-26586		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Feb 22, 2024	In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn,
CVE-2024-26585		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Feb 21, 2024	In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling
CVE-2024-26584		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Feb 21, 2024	In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRES
CVE-2024-26583		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Feb 21, 2024	In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touch
CVE-2024-26582		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Feb 21, 2024	In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-a
CVE-2023-52439		—	< 4.18.0-553.5.1.el8_10	4.18.0-553.5.1.el8_10	Feb 20, 2024	In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_device uio_open idev = idr_find() device_unregister(&idev->dev) put_device(&idev-
CVE-2023-52434		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Feb 20, 2024	In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create cont
CVE-2024-26581		—	< 5.14.0-427.33.1.el9_4	5.14.0-427.33.1.el9_4	Feb 20, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not
CVE-2024-25744		—	< 4.18.0-553.5.1.el8_10	4.18.0-553.5.1.el8_10	Feb 12, 2024	In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.
CVE-2023-6536		—	< 4.18.0-513.18.1.el8_9	4.18.0-513.18.1.el8_9	Feb 7, 2024	A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial
CVE-2023-6535		—	< 4.18.0-513.18.1.el8_9	4.18.0-513.18.1.el8_9	Feb 7, 2024	A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial
CVE-2023-6356		—	< 4.18.0-513.18.1.el8_9	4.18.0-513.18.1.el8_9	Feb 7, 2024	A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a deni
CVE-2024-24857	Med	4.6	< 4.18.0-553.27.1.el8_10	4.18.0-553.27.1.el8_10	Feb 5, 2024	A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

CVE-2024-26595Feb 23, 2024
affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer
CVE-2023-52464Feb 23, 2024
affected < 4.18.0-553.8.1.el8_10fixed 4.18.0-553.8.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat(): drivers/edac/thunderx_edac.c: In function 'thunderx
CVE-2023-52463Feb 23, 2024
affected < 4.18.0-553.16.1.el8_10fixed 4.18.0-553.16.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as
CVE-2024-26593Feb 23, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to t
CVE-2023-52451Feb 22, 2024
affected < 4.18.0-553.16.1.el8_10fixed 4.18.0-553.16.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC inde
CVE-2023-52448Feb 22, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Syzkaller has reported a NULL pointer dereference when accessing rgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating rgd->rd_gl fails in r
CVE-2023-52445Feb 22, 2024
affected < 4.18.0-553.5.1.el8_10fixed 4.18.0-553.5.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on t
CVE-2024-26586Feb 22, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn,
CVE-2024-26585Feb 21, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling
CVE-2024-26584Feb 21, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRES
CVE-2024-26583Feb 21, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touch
CVE-2024-26582Feb 21, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-a
CVE-2023-52439Feb 20, 2024
affected < 4.18.0-553.5.1.el8_10fixed 4.18.0-553.5.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_device uio_open idev = idr_find() device_unregister(&idev->dev) put_device(&idev-
CVE-2023-52434Feb 20, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create cont
CVE-2024-26581Feb 20, 2024
affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not
CVE-2024-25744Feb 12, 2024
affected < 4.18.0-553.5.1.el8_10fixed 4.18.0-553.5.1.el8_10
In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.
CVE-2023-6536Feb 7, 2024
affected < 4.18.0-513.18.1.el8_9fixed 4.18.0-513.18.1.el8_9
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial
CVE-2023-6535Feb 7, 2024
affected < 4.18.0-513.18.1.el8_9fixed 4.18.0-513.18.1.el8_9
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial
CVE-2023-6356Feb 7, 2024
affected < 4.18.0-513.18.1.el8_9fixed 4.18.0-513.18.1.el8_9
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a deni
CVE-2024-24857MedFeb 5, 2024
affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

Page 44 of 58