rpm package
almalinux/kernel-modules-extra-matched
pkg:rpm/almalinux/kernel-modules-extra-matched
Vulnerabilities (270)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40064 | — | < 6.12.0-124.38.1.el10_1 | 6.12.0-124.38.1.el10_1 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in __pnet_find_base_ndev(). syzbot reported use-after-free of net_device in __pnet_find_base_ndev(), which was called during connect(). [0] smc_pnet_find_ism_resource() fetches sk_dst_g | ||
| CVE-2025-40058 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent page walk Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation to succeed, the paging- st | ||
| CVE-2025-40047 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress, | ||
| CVE-2025-40034 | — | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn' | ||
| CVE-2025-39984 | — | < 6.12.0-124.21.1.el10_1 | 6.12.0-124.21.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi->skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skb_reset_mac_header include/linux/skbuff.h:3150 [inline] BUG: KASAN: slab-use-after-free in n | ||
| CVE-2025-39983 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not properly locking hdev when processing HCI_EV_NUM_COMP_PKTS: BUG: KASAN: slab-use-after-free in hci_conn_tx_dequeu | ||
| CVE-2025-39982 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connection still pending is command submission (conn->state == BT_OPEN) maybe freed, al | ||
| CVE-2025-39981 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is intr | ||
| CVE-2025-39979 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace [1] caused by releasing an HWS action of a local flow counter in mlx5_cmd_hws_delete_fte(), where the HWS action refcount and mutex were not init | ||
| CVE-2025-39971 | — | < 6.12.0-124.16.1.el10_1 | 6.12.0-124.16.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg(). | ||
| CVE-2025-39966 | — | < 6.12.0-124.27.1.el10_1 | 6.12.0-124.27.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, it puts the file on a work queue and it will be released eventually. This is normally f | ||
| CVE-2025-39955 | — | < 6.12.0-124.13.1.el10_1 | 6.12.0-124.13.1.el10_1 | Oct 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Ope | ||
| CVE-2025-39933 | — | < 6.12.0-124.35.1.el10_1 | 6.12.0-124.35.1.el10_1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes. | ||
| CVE-2025-39925 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UNREGISTER notification handler syzbot is reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have NETDEV_UNREG | ||
| CVE-2025-39918 | — | < 6.12.0-124.16.1.el10_1 | 6.12.0-124.16.1.el10_1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix linked list corruption Never leave scheduled wcid entries on the temporary on-stack list | ||
| CVE-2025-39905 | — | < 6.12.0-124.27.1.el10_1 | 6.12.0-124.27.1.el10_1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Currently phylink_resolve() protects itself against concurrent phylink_bringup_phy() or phylink_disconnect_phy() calls which mod | ||
| CVE-2025-39883 | — | < 6.12.0-124.16.1.el10_1 | 6.12.0-124.16.1.el10_1 | Sep 23, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory When I did memory failure tests, below panic occurs: page dumped because: VM_BUG_ON_PAGE(PagePoisoned(page)) kernel BUG at include | ||
| CVE-2025-39866 | Hig | 7.8 | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-r | |
| CVE-2025-39843 | Med | 5.5 | < 6.12.0-124.27.1.el10_1 | 6.12.0-124.27.1.el10_1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in set_track_prepare set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when | |
| CVE-2025-39840 | — | < 6.12.0-124.27.1.el10_1 | 6.12.0-124.27.1.el10_1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can o |
- CVE-2025-40064Oct 28, 2025affected < 6.12.0-124.38.1.el10_1fixed 6.12.0-124.38.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in __pnet_find_base_ndev(). syzbot reported use-after-free of net_device in __pnet_find_base_ndev(), which was called during connect(). [0] smc_pnet_find_ism_resource() fetches sk_dst_g
- CVE-2025-40058Oct 28, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent page walk Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation to succeed, the paging- st
- CVE-2025-40047Oct 28, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress,
- CVE-2025-40034Oct 28, 2025affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn'
- CVE-2025-39984Oct 15, 2025affected < 6.12.0-124.21.1.el10_1fixed 6.12.0-124.21.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi->skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skb_reset_mac_header include/linux/skbuff.h:3150 [inline] BUG: KASAN: slab-use-after-free in n
- CVE-2025-39983Oct 15, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not properly locking hdev when processing HCI_EV_NUM_COMP_PKTS: BUG: KASAN: slab-use-after-free in hci_conn_tx_dequeu
- CVE-2025-39982Oct 15, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connection still pending is command submission (conn->state == BT_OPEN) maybe freed, al
- CVE-2025-39981Oct 15, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is intr
- CVE-2025-39979Oct 15, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace [1] caused by releasing an HWS action of a local flow counter in mlx5_cmd_hws_delete_fte(), where the HWS action refcount and mutex were not init
- CVE-2025-39971Oct 15, 2025affected < 6.12.0-124.16.1.el10_1fixed 6.12.0-124.16.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg().
- CVE-2025-39966Oct 15, 2025affected < 6.12.0-124.27.1.el10_1fixed 6.12.0-124.27.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, it puts the file on a work queue and it will be released eventually. This is normally f
- CVE-2025-39955Oct 9, 2025affected < 6.12.0-124.13.1.el10_1fixed 6.12.0-124.13.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Ope
- CVE-2025-39933Oct 4, 2025affected < 6.12.0-124.35.1.el10_1fixed 6.12.0-124.35.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes.
- CVE-2025-39925Oct 1, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UNREGISTER notification handler syzbot is reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have NETDEV_UNREG
- CVE-2025-39918Oct 1, 2025affected < 6.12.0-124.16.1.el10_1fixed 6.12.0-124.16.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix linked list corruption Never leave scheduled wcid entries on the temporary on-stack list
- CVE-2025-39905Oct 1, 2025affected < 6.12.0-124.27.1.el10_1fixed 6.12.0-124.27.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Currently phylink_resolve() protects itself against concurrent phylink_bringup_phy() or phylink_disconnect_phy() calls which mod
- CVE-2025-39883Sep 23, 2025affected < 6.12.0-124.16.1.el10_1fixed 6.12.0-124.16.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory When I did memory failure tests, below panic occurs: page dumped because: VM_BUG_ON_PAGE(PagePoisoned(page)) kernel BUG at include
- affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-r
- affected < 6.12.0-124.27.1.el10_1fixed 6.12.0-124.27.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in set_track_prepare set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when
- CVE-2025-39840Sep 19, 2025affected < 6.12.0-124.27.1.el10_1fixed 6.12.0-124.27.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an out-of-bounds read can o
Page 7 of 14