VYPR

rpm package

almalinux/kernel-modules-extra-matched

pkg:rpm/almalinux/kernel-modules-extra-matched

Vulnerabilities (270)

  • CVE-2026-31787HigApr 30, 2026
    affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor .open. When userspace does a partial munmap() on a privcmd mapping, the kernel splits the

  • CVE-2026-31786HigApr 30, 2026
    affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string. The first causes a buffer overflow as sprintf in buildid

  • CVE-2026-31685CriApr 25, 2026
    affected < 6.12.0-211.18.1.el10_2fixed 6.12.0-211.18.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all packets `eui64_mt6()` derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The ex

  • CVE-2026-31684MedApr 25, 2026
    affected < 6.12.0-211.18.1.el10_2fixed 6.12.0-211.18.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: net: sched: act_csum: validate nested VLAN headers tcf_csum_act() walks nested VLAN headers directly from skb->data when an skb still carries in-payload VLAN tags. The current code reads vlan->h_vlan_encapsulat

  • CVE-2026-31677MedApr 25, 2026
    affected < 6.12.0-211.7.3.el10_2fixed 6.12.0-211.7.3.el10_2

    In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - limit RX SG extraction by receive buffer budget Make af_alg_get_rsgl() limit each RX scatterlist extraction to the remaining receive buffer budget. af_alg_get_rsgl() currently uses af_alg_read

  • CVE-2026-31669CriApr 24, 2026
    affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_established The ehash table lookups are lockless and rely on SLAB_TYPESAFE_BY_RCU to guarantee socket memory stability during RCU read-side critical sections. Bot

  • CVE-2026-31641HigApr 24, 2026
    affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading to check bounds rxrpc_preparse_xdr_yfs_rxgk() reads the raw key length and ticket length from the XDR token as u32 values and passes each through round_up(x, 4) before using the ro

  • CVE-2026-31636CriApr 24, 2026
    affected < 6.12.0-211.28.1.el10_2fixed 6.12.0-211.28.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk_verify_authenticator() copies auth_len bytes into a temporary buffer and then passes p + auth_len as the parser limit to rxgk_do_verify_authenticator(). Si

  • CVE-2026-31613HigApr 24, 2026
    affected < 6.12.0-211.20.1.el10_2fixed 6.12.0-211.20.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB reads parsing symlink error response When a CREATE returns STATUS_STOPPED_ON_SYMLINK, smb2_check_message() returns success without any length validation, leaving the symlink parsers as the

  • CVE-2026-31607CriApr 24, 2026
    affected < 6.12.0-211.16.1.el10_2fixed 6.12.0-211.16.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: usbip: validate number_of_packets in usbip_pack_ret_submit() When a USB/IP client receives a RET_SUBMIT response, usbip_pack_ret_submit() unconditionally overwrites urb->number_of_packets from the network PDU.

  • CVE-2026-31581HigApr 24, 2026
    affected < 6.12.0-211.22.1.el10_2fixed 6.12.0-211.22.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: fix use-after-free on disconnect In usb6fire_chip_abort(), the chip struct is allocated as the card's private data (via snd_card_new with sizeof(struct sfire_chip)). When snd_card_free_when_closed

  • CVE-2026-31532HigApr 23, 2026
    affected < 6.12.0-211.22.1.el10_2fixed 6.12.0-211.22.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-after-free in raw_rcv() raw_release() unregisters raw CAN receive filters via can_rx_unregister(), but receiver deletion is deferred with call_rcu(). This leaves a window where raw_rc

  • CVE-2026-31474HigApr 22, 2026
    affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after-free in isotp_sendmsg() isotp_sendmsg() uses only cmpxchg() on so->tx.state to serialize access to so->tx.buf. isotp_release() waits for ISOTP_IDLE via wait_event_interruptible(

  • CVE-2026-31467HigApr 22, 2026
    affected < 6.12.0-211.22.1.el10_2fixed 6.12.0-211.22.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio completion if needed The bio completion path in the process context (e.g. dm-verity) will directly call into decompression rather than trigger another workqueue context for minima

  • CVE-2026-31431HigKEVApr 22, 2026
    affected < 6.12.0-211.7.3.el10_2fixed 6.12.0-211.7.3.el10_2

    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the so

  • CVE-2026-31419HigApr 13, 2026
    affected < 6.12.0-211.22.1.el10_2fixed 6.12.0-211.22.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free in bond_xmit_broadcast() bond_xmit_broadcast() reuses the original skb for the last slave (determined by bond_is_last_slave()) and clones it for others. Concurrent slave enslave

  • CVE-2026-31408HigApr 6, 2026
    affected < 6.12.0-211.16.1.el10_2fixed 6.12.0-211.16.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold sco_recv_frame() reads conn->sk under sco_conn_lock() but immediately releases the lock without holding a reference to the socket.

  • CVE-2026-31402CriApr 3, 2026
    affected < 6.12.0-211.16.1.el10_2fixed 6.12.0-211.16.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer (rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses. This size was calculated bas

  • CVE-2026-23455CriApr 3, 2026
    affected < 6.12.0-211.18.1.el10_2fixed 6.12.0-211.18.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() In DecodeQ931(), the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip the protocol discriminator by

  • CVE-2026-23401MedApr 1, 2026
    affected < 6.12.0-211.16.1.el10_2fixed 6.12.0-211.16.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so *after* dropping/zapping the existing SPTE (if it's shadow-present). While commit a54aa

Page 3 of 14