rpm package
almalinux/kernel-doc
pkg:rpm/almalinux/kernel-doc
Vulnerabilities (1,156)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-39189 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Oct 9, 2023 | A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or inform | ||
| CVE-2023-42754 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Oct 5, 2023 | A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with C | ||
| CVE-2023-4732 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Oct 3, 2023 | A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x. | ||
| CVE-2023-42756 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Sep 28, 2023 | A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. | ||
| CVE-2023-42753 | — | < 4.18.0-513.11.1.el8_9 | 4.18.0-513.11.1.el8_9 | Sep 25, 2023 | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This iss | ||
| CVE-2023-2163 | — | < 4.18.0-513.9.1.el8_9 | 4.18.0-513.9.1.el8_9 | Sep 20, 2023 | Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. | ||
| CVE-2023-4155 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Sep 13, 2023 | A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the | ||
| CVE-2023-4921 | — | < 4.18.0-513.18.1.el8_9 | 4.18.0-513.18.1.el8_9 | Sep 12, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrec | ||
| CVE-2023-4623 | — | < 4.18.0-513.18.1.el8_9 | 4.18.0-513.18.1.el8_9 | Sep 6, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curv | ||
| CVE-2023-4622 | — | < 4.18.0-513.11.1.el8_9 | 4.18.0-513.11.1.el8_9 | Sep 6, 2023 | A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where uni | ||
| CVE-2023-4208 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Sep 6, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This cau | ||
| CVE-2023-4207 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Sep 6, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This cause | ||
| CVE-2023-4206 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Sep 6, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. Thi | ||
| CVE-2023-40283 | — | < 4.18.0-513.18.1.el8_9 | 4.18.0-513.18.1.el8_9 | Aug 14, 2023 | An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. | ||
| CVE-2022-40982 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Aug 11, 2023 | Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2023-25775 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Aug 11, 2023 | Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||
| CVE-2023-20569 | — | < 4.18.0-513.11.1.el8_9 | 4.18.0-513.11.1.el8_9 | Aug 8, 2023 | A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | ||
| CVE-2023-4132 | — | < 4.18.0-513.5.1.el8_9 | 4.18.0-513.5.1.el8_9 | Aug 3, 2023 | A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. | ||
| CVE-2023-4133 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Aug 3, 2023 | A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of ser | ||
| CVE-2023-4004 | — | < 4.18.0-477.27.2.el8_8 | 4.18.0-477.27.2.el8_8 | Jul 31, 2023 | A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the syste |
- CVE-2023-39189Oct 9, 2023affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or inform
- CVE-2023-42754Oct 5, 2023affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with C
- CVE-2023-4732Oct 3, 2023affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.
- CVE-2023-42756Sep 28, 2023affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.
- CVE-2023-42753Sep 25, 2023affected < 4.18.0-513.11.1.el8_9fixed 4.18.0-513.11.1.el8_9
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This iss
- CVE-2023-2163Sep 20, 2023affected < 4.18.0-513.9.1.el8_9fixed 4.18.0-513.9.1.el8_9
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.
- CVE-2023-4155Sep 13, 2023affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the
- CVE-2023-4921Sep 12, 2023affected < 4.18.0-513.18.1.el8_9fixed 4.18.0-513.18.1.el8_9
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrec
- CVE-2023-4623Sep 6, 2023affected < 4.18.0-513.18.1.el8_9fixed 4.18.0-513.18.1.el8_9
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curv
- CVE-2023-4622Sep 6, 2023affected < 4.18.0-513.11.1.el8_9fixed 4.18.0-513.11.1.el8_9
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where uni
- CVE-2023-4208Sep 6, 2023affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This cau
- CVE-2023-4207Sep 6, 2023affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This cause
- CVE-2023-4206Sep 6, 2023affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. Thi
- CVE-2023-40283Aug 14, 2023affected < 4.18.0-513.18.1.el8_9fixed 4.18.0-513.18.1.el8_9
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.
- CVE-2022-40982Aug 11, 2023affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-25775Aug 11, 2023affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
- CVE-2023-20569Aug 8, 2023affected < 4.18.0-513.11.1.el8_9fixed 4.18.0-513.11.1.el8_9
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
- CVE-2023-4132Aug 3, 2023affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.
- CVE-2023-4133Aug 3, 2023affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of ser
- CVE-2023-4004Jul 31, 2023affected < 4.18.0-477.27.2.el8_8fixed 4.18.0-477.27.2.el8_8
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the syste
Page 47 of 58