rpm package
almalinux/kernel-modules-extra-matched
pkg:rpm/almalinux/kernel-modules-extra-matched
Vulnerabilities (270)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23392 | Hig | 7.8 | < 6.12.0-211.18.1.el10_2 | 6.12.0-211.18.1.el10_2 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flowtable after rcu grace period on error Call synchronize_rcu() after unregistering the hooks from error path, since a hook that already refers to this flowtable can be already re | |
| CVE-2026-23375 | Med | 5.5 | < 6.12.0-211.18.1.el10_2 | 6.12.0-211.18.1.el10_2 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm: thp: deny THP for files on anonymous inodes file_thp_enabled() incorrectly allows THP for files on anonymous inodes (e.g. guest_memfd and secretmem). These files are created via alloc_file_pseudo(), which d | |
| CVE-2026-23270 | Hig | 7.8 | < 6.12.0-211.16.1.el10_2 | 6.12.0-211.16.1.el10_2 | Mar 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier [1]: "Since the blamed commit below, classify can return TC_ACT_CONSUMED while the current skb being held b | |
| CVE-2026-23243 | Hig | 7.8 | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Mar 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD header sizes. With a mismatched user MAD header size and RMPP header length, data_len | |
| CVE-2025-71238 | — | < 6.12.0-124.47.1.el10_1 | 6.12.0-124.47.1.el10_1 | Mar 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access | ||
| CVE-2026-23231 | Hig | 7.8 | < 6.12.0-124.47.1.el10_1 | 6.12.0-124.47.1.el10_1 | Mar 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() nf_tables_addchain() publishes the chain to table->chains via list_add_tail_rcu() (in nft_chain_add()) before registering hooks. If nf_tables_reg | |
| CVE-2026-23210 | Med | 4.7 | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi->rx_rings. The sequence was: 1. ice_ptp_prepare_for_reset | |
| CVE-2026-23209 | Hig | 7.8 | < 6.12.0-124.49.1.el10_1 | 6.12.0-124.49.1.el10_1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip l | |
| CVE-2026-23204 | Hig | 7.1 | < 6.12.0-124.49.1.el10_1 | 6.12.0-124.49.1.el10_1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro f | |
| CVE-2026-23193 | Hig | 8.8 | < 6.12.0-124.49.1.el10_1 | 6.12.0-124.49.1.el10_1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the connecti | |
| CVE-2026-23191 | Hig | 7.8 | < 6.12.0-124.49.1.el10_1 | 6.12.0-124.49.1.el10_1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop | |
| CVE-2026-23171 | Hig | 7.8 | < 6.12.0-124.49.1.el10_1 | 6.12.0-124.49.1.el10_1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update Fix a use-after-free which happens due to enslave failure after the new slave has been added to the array. Since the new slave can be use | |
| CVE-2026-23156 | — | < 6.12.0-124.43.1.el10_1 | 6.12.0-124.43.1.el10_1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get() efivar_entry_get() always returns success even if the underlying __efivar_entry_get() fails, masking errors. This may result in uninitialized heap memory b | ||
| CVE-2026-23144 | — | < 6.12.0-124.49.1.el10_1 | 6.12.0-124.49.1.el10_1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure When a context DAMON sysfs directory setup is failed after setup of attrs/ directory, subdirectories of attrs/ directory are not cleaned up. A | ||
| CVE-2026-23111 | Hig | 7.8 | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Feb 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate() | |
| CVE-2026-23040 | — | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This could result in a NULL poi | ||
| CVE-2026-23097 | — | < 6.12.0-124.43.1.el10_1 | 6.12.0-124.43.1.el10_1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Holds folio_lock, then tries to acquire i_mmap_rwsem(read lock). 2) Task (5754): Hol | ||
| CVE-2026-23060 | — | < 6.12.0-211.7.3.el10_2 | 6.12.0-211.7.3.el10_2 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() | ||
| CVE-2026-23010 | Hig | 7.8 | < 6.12.0-124.45.1.el10_1 | 6.12.0-124.45.1.el10_1 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited commit accidentally moved ipv6_del_addr() for mngtmpaddr before reading its ifp-> | |
| CVE-2026-23001 | Hig | 7.8 | < 6.12.0-124.43.1.el10_1 | 6.12.0-124.43.1.el10_1 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace |
- affected < 6.12.0-211.18.1.el10_2fixed 6.12.0-211.18.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flowtable after rcu grace period on error Call synchronize_rcu() after unregistering the hooks from error path, since a hook that already refers to this flowtable can be already re
- affected < 6.12.0-211.18.1.el10_2fixed 6.12.0-211.18.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: mm: thp: deny THP for files on anonymous inodes file_thp_enabled() incorrectly allows THP for files on anonymous inodes (e.g. guest_memfd and secretmem). These files are created via alloc_file_pseudo(), which d
- affected < 6.12.0-211.16.1.el10_2fixed 6.12.0-211.16.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier [1]: "Since the blamed commit below, classify can return TC_ACT_CONSUMED while the current skb being held b
- affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD header sizes. With a mismatched user MAD header size and RMPP header length, data_len
- CVE-2025-71238Mar 4, 2026affected < 6.12.0-124.47.1.el10_1fixed 6.12.0-124.47.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access
- affected < 6.12.0-124.47.1.el10_1fixed 6.12.0-124.47.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() nf_tables_addchain() publishes the chain to table->chains via list_add_tail_rcu() (in nft_chain_add()) before registering hooks. If nf_tables_reg
- affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi->rx_rings. The sequence was: 1. ice_ptp_prepare_for_reset
- affected < 6.12.0-124.49.1.el10_1fixed 6.12.0-124.49.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip l
- affected < 6.12.0-124.49.1.el10_1fixed 6.12.0-124.49.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro f
- affected < 6.12.0-124.49.1.el10_1fixed 6.12.0-124.49.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the connecti
- affected < 6.12.0-124.49.1.el10_1fixed 6.12.0-124.49.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop
- affected < 6.12.0-124.49.1.el10_1fixed 6.12.0-124.49.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update Fix a use-after-free which happens due to enslave failure after the new slave has been added to the array. Since the new slave can be use
- CVE-2026-23156Feb 14, 2026affected < 6.12.0-124.43.1.el10_1fixed 6.12.0-124.43.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get() efivar_entry_get() always returns success even if the underlying __efivar_entry_get() fails, masking errors. This may result in uninitialized heap memory b
- CVE-2026-23144Feb 14, 2026affected < 6.12.0-124.49.1.el10_1fixed 6.12.0-124.49.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure When a context DAMON sysfs directory setup is failed after setup of attrs/ directory, subdirectories of attrs/ directory are not cleaned up. A
- affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate()
- CVE-2026-23040Feb 4, 2026affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This could result in a NULL poi
- CVE-2026-23097Feb 4, 2026affected < 6.12.0-124.43.1.el10_1fixed 6.12.0-124.43.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Holds folio_lock, then tries to acquire i_mmap_rwsem(read lock). 2) Task (5754): Hol
- CVE-2026-23060Feb 4, 2026affected < 6.12.0-211.7.3.el10_2fixed 6.12.0-211.7.3.el10_2
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt()
- affected < 6.12.0-124.45.1.el10_1fixed 6.12.0-124.45.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited commit accidentally moved ipv6_del_addr() for mngtmpaddr before reading its ifp->
- affected < 6.12.0-124.43.1.el10_1fixed 6.12.0-124.43.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace
Page 4 of 14