rpm package
almalinux/kernel-modules-extra-matched
pkg:rpm/almalinux/kernel-modules-extra-matched
Vulnerabilities (270)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-39806 | Hig | 7.1 | < 6.12.0-124.27.1.el10_1 | 6.12.0-124.27.1.el10_1 | Sep 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() A malicious HID device can trigger a slab out-of-bounds during mt_report_fixup() by passing in report descriptor smaller than 607 bytes. mt_re | |
| CVE-2025-39818 | — | < 6.12.0-124.43.1.el10_1 | 6.12.0-124.43.1.el10_1 | Sep 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer (&dev->i2c_subip_regs) caused kernel crash and out-of-bounds error: BUG: KASAN: slab-out-of-b | ||
| CVE-2025-39766 | Hig | 7.8 | < 6.12.0-211.16.1.el10_2 | 6.12.0-211.16.1.el10_2 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit The following setup can trigger a WARNING in htb_activate due to the condition: !cl->leaf.q->q.qlen tc qdisc del dev lo root tc qdisc add | |
| CVE-2025-39760 | Hig | 7.1 | < 6.12.0-124.43.1.el10_1 | 6.12.0-124.43.1.el10_1 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type before length, enabling a potentially odd read outside of the buffer size. Fix this | |
| CVE-2025-39730 | — | < 6.12.0-124.13.1.el10_1 | 6.12.0-124.13.1.el10_1 | Sep 7, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle. | ||
| CVE-2025-38737 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it is given. Setti | ||
| CVE-2025-38731 | — | < 6.12.0-124.31.1.el10_1 | 6.12.0-124.31.1.el10_1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vm_bind_ioctl double free bug If the argument check during an array bind fails, the bind_ops are freed twice as seen below. Fix this by setting bind_ops to NULL after freeing. ===================== | ||
| CVE-2025-38724 | Hig | 7.8 | < 6.12.0-124.16.1.el10_1 | 6.12.0-124.16.1.el10_1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM c | |
| CVE-2025-38730 | — | < 6.12.0-124.35.1.el10_1 | 6.12.0-124.35.1.el10_1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. io_uring deals with this and invalidates them on r | ||
| CVE-2025-38703 | — | < 6.12.0-124.43.1.el10_1 | 6.12.0-124.43.1.el10_1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Most notably the timeline name can get freed if userspace closes the associated | ||
| CVE-2025-38653 | — | < 6.12.0-211.20.1.el10_2 | 6.12.0-211.20.1.el10_2 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario. It's a gap in proc_reg_open() after commit 654b33ada4 | ||
| CVE-2025-38568 | — | < 6.12.0-124.31.1.el10_1 | 6.12.0-124.31.1.el10_1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value TC_QOPT_MAX_QUEUE (16). This | ||
| CVE-2025-38499 | Med | 5.5 | < 6.12.0-124.21.1.el10_1 | 6.12.0-124.21.1.el10_1 | Aug 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be | |
| CVE-2025-38470 | Med | 5.5 | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on a net device, the 8021q module will automatically add or remove VLAN 0 when the | |
| CVE-2025-38468 | Med | 5.5 | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree htb_lookup_leaf has a BUG_ON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default | |
| CVE-2025-38453 | — | < 6.12.0-124.31.1.el10_1 | 6.12.0-124.31.1.el10_1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU syzbot reports that defer/local task_work adding via msg_ring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 | ||
| CVE-2025-38441 | — | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_flow_pppoe_proto() Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit | ||
| CVE-2025-38415 | — | < 6.12.0-124.35.1.el10_1 | 6.12.0-124.35.1.el10_1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, is | ||
| CVE-2025-38412 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content. | ||
| CVE-2025-38405 | — | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128 slab or more precisely bio->bi_integrity. Since commit bf4c89fc8797 ("block: do |
- affected < 6.12.0-124.27.1.el10_1fixed 6.12.0-124.27.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() A malicious HID device can trigger a slab out-of-bounds during mt_report_fixup() by passing in report descriptor smaller than 607 bytes. mt_re
- CVE-2025-39818Sep 16, 2025affected < 6.12.0-124.43.1.el10_1fixed 6.12.0-124.43.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer (&dev->i2c_subip_regs) caused kernel crash and out-of-bounds error: BUG: KASAN: slab-out-of-b
- affected < 6.12.0-211.16.1.el10_2fixed 6.12.0-211.16.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit The following setup can trigger a WARNING in htb_activate due to the condition: !cl->leaf.q->q.qlen tc qdisc del dev lo root tc qdisc add
- affected < 6.12.0-124.43.1.el10_1fixed 6.12.0-124.43.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type before length, enabling a potentially odd read outside of the buffer size. Fix this
- CVE-2025-39730Sep 7, 2025affected < 6.12.0-124.13.1.el10_1fixed 6.12.0-124.13.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle.
- CVE-2025-38737Sep 5, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it is given. Setti
- CVE-2025-38731Sep 5, 2025affected < 6.12.0-124.31.1.el10_1fixed 6.12.0-124.31.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vm_bind_ioctl double free bug If the argument check during an array bind fails, the bind_ops are freed twice as seen below. Fix this by setting bind_ops to NULL after freeing. =====================
- affected < 6.12.0-124.16.1.el10_1fixed 6.12.0-124.16.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM c
- CVE-2025-38730Sep 4, 2025affected < 6.12.0-124.35.1.el10_1fixed 6.12.0-124.35.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. io_uring deals with this and invalidates them on r
- CVE-2025-38703Sep 4, 2025affected < 6.12.0-124.43.1.el10_1fixed 6.12.0-124.43.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Most notably the timeline name can get freed if userspace closes the associated
- CVE-2025-38653Aug 22, 2025affected < 6.12.0-211.20.1.el10_2fixed 6.12.0-211.20.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario. It's a gap in proc_reg_open() after commit 654b33ada4
- CVE-2025-38568Aug 19, 2025affected < 6.12.0-124.31.1.el10_1fixed 6.12.0-124.31.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value TC_QOPT_MAX_QUEUE (16). This
- affected < 6.12.0-124.21.1.el10_1fixed 6.12.0-124.21.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be
- affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on a net device, the 8021q module will automatically add or remove VLAN 0 when the
- affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree htb_lookup_leaf has a BUG_ON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default
- CVE-2025-38453Jul 25, 2025affected < 6.12.0-124.31.1.el10_1fixed 6.12.0-124.31.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU syzbot reports that defer/local task_work adding via msg_ring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354
- CVE-2025-38441Jul 25, 2025affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_flow_pppoe_proto() Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit
- CVE-2025-38415Jul 25, 2025affected < 6.12.0-124.35.1.el10_1fixed 6.12.0-124.35.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, is
- CVE-2025-38412Jul 25, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content.
- CVE-2025-38405Jul 25, 2025affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128 slab or more precisely bio->bi_integrity. Since commit bf4c89fc8797 ("block: do
Page 8 of 14