VYPR

rpm package

almalinux/kernel-headers

pkg:rpm/almalinux/kernel-headers

Vulnerabilities (1,155)

  • CVE-2022-45869Nov 30, 2022
    affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9

    A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.

  • CVE-2022-45934Nov 27, 2022
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

  • CVE-2022-45887Nov 25, 2022
    affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.

  • CVE-2022-42895Nov 23, 2022
    affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9

    There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit  https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba31

  • CVE-2022-3640Oct 21, 2022
    affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9

    A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue.

  • CVE-2022-3594Oct 18, 2022
    affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9

    A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched r

  • CVE-2022-38096MedSep 9, 2022
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, cau

  • CVE-2022-40133Sep 9, 2022
    affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9

    A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain

  • CVE-2022-38457Sep 9, 2022
    affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9

    A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi

  • CVE-2022-39190Sep 2, 2022
    affected < 5.14.0-162.6.1.el9_1fixed 5.14.0-162.6.1.el9_1

    An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.

  • CVE-2022-2639Sep 1, 2022
    affected < 4.18.0-425.3.1.el8fixed 4.18.0-425.3.1.el8

    An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an

  • CVE-2022-1729Sep 1, 2022
    affected < 5.14.0-70.17.1.el9_0fixed 5.14.0-70.17.1.el9_0

    A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

  • CVE-2022-1016Aug 29, 2022
    affected < 4.18.0-425.3.1.el8fixed 4.18.0-425.3.1.el8

    A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

  • CVE-2022-0480Aug 29, 2022
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.

  • CVE-2022-1184Aug 29, 2022
    affected < 4.18.0-425.3.1.el8fixed 4.18.0-425.3.1.el8

    A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

  • CVE-2022-0168Aug 26, 2022
    affected < 4.18.0-425.3.1.el8fixed 4.18.0-425.3.1.el8

    A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to cr

  • CVE-2021-3669Aug 26, 2022
    affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8

    A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

  • CVE-2021-4037Aug 24, 2022
    affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8

    A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a direct

  • CVE-2021-3764Aug 23, 2022
    affected < 4.18.0-372.9.1.el8fixed 4.18.0-372.9.1.el8

    A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.

  • CVE-2022-2938Aug 23, 2022
    affected < 4.18.0-425.3.1.el8fixed 4.18.0-425.3.1.el8

    A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.

Page 54 of 58