rpm package
almalinux/kernel-modules-extra
pkg:rpm/almalinux/kernel-modules-extra
Vulnerabilities (1,256)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68811 | — | < 5.14.0-611.34.1.el9_7 | 5.14.0-611.34.1.el9_7 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rc_pageoff for memcpy byte offset svc_rdma_copy_inline_range added rc_curpage (page index) to the page base instead of the byte offset rc_pageoff. Use rc_pageoff so copies land within the current p | ||
| CVE-2025-68800 | — | < 4.18.0-553.107.1.el8_10 | 4.18.0-553.107.1.el8_10 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver | ||
| CVE-2025-71085 | — | < 5.14.0-611.36.1.el9_7 | 5.14.0-611.36.1.el9_7 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of t | ||
| CVE-2022-50865 | — | < 4.18.0-553.100.1.el8_10 | 4.18.0-553.100.1.el8_10 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and in tcp_add_backlog(), the variable limit is caculated by adding sk_rcvbuf, sk_sndbuf an | ||
| CVE-2025-68741 | — | < 5.14.0-687.10.1.el9_8 | 5.14.0-687.10.1.el9_8 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(). The qla24xx_alloc_pur | ||
| CVE-2025-68724 | — | < 4.18.0-553.123.1.el8_10 | 4.18.0-553.123.1.el8_10 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_k | ||
| CVE-2025-68366 | — | < 5.14.0-687.12.1.el9_8 | 5.14.0-687.12.1.el9_8 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK: nbd_genl_connect nbd_alloc_and_init_config // config_refs=1 nbd_start_devic | ||
| CVE-2025-68349 | — | < 4.18.0-553.104.1.el8_10 | 4.18.0-553.104.1.el8_10 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs | ||
| CVE-2025-68347 | — | < 4.18.0-553.126.1.el8_10 | 4.18.0-553.126.1.el8_10 | Dec 24, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write more bytes to the user buffer than requested, when a user provides a buffer smaller | ||
| CVE-2025-68305 | — | < 5.14.0-611.26.1.el9_7 | 5.14.0-611.26.1.el9_7 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmt_pending before write iter se | ||
| CVE-2025-68301 | — | < 4.18.0-553.94.1.el8_10 | 4.18.0-553.94.1.el8_10 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAX_SKB_FRAGS (17) fragments when handling large multi-descriptor packets. This causes an out-of-b | ||
| CVE-2025-68287 | — | < 5.14.0-611.24.1.el9_7 | 5.14.0-611.24.1.el9_7 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths This patch addresses a race condition caused by unsynchronized execution of multiple call paths invoking `dwc3_remove_requests( | ||
| CVE-2025-68285 | — | < 4.18.0-553.92.1.el8_10 | 4.18.0-553.92.1.el8_10 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both | ||
| CVE-2025-68183 | — | < 5.14.0-687.12.1.el9_8 | 5.14.0-687.12.1.el9_8 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in se | ||
| CVE-2022-50673 | — | < 4.18.0-553.104.1.el8_10 | 4.18.0-553.104.1.el8_10 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_orphan_cleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0 Read o | ||
| CVE-2023-53781 | — | < 4.18.0-553.132.1.el8_10 | 4.18.0-553.132.1.el8_10 | Dec 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcp_write_timer_handler(). With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcp_write_timer_handler() by kernel TCP sockets. [0] If SMC creates a kernel so | ||
| CVE-2023-53762 | — | < 4.18.0-553.105.1.el8_10 | 4.18.0-553.105.1.el8_10 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync Use-after-free can occur in hci_disconnect_all_sync if a connection is deleted by concurrent processing of a controller event. To prevent this the code n | ||
| CVE-2025-40322 | — | < 4.18.0-553.100.1.el8_10 | 4.18.0-553.100.1.el8_10 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bit_putcs* bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and | ||
| CVE-2025-40320 | — | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential cfid UAF in smb2_query_info_compound When smb2_query_info_compound() retries, a previously allocated cfid may have been freed in the first attempt. Because cfid wasn't reset on replay | ||
| CVE-2025-40318 | — | < 5.14.0-611.30.1.el9_7 | 5.14.0-611.30.1.el9_7 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once hci_cmd_sync_dequeue_once() does lookup and then cancel the entry under two separate lock sections. Meanwhile, hci_cmd_sync_work() can also delete the |
- CVE-2025-68811Jan 13, 2026affected < 5.14.0-611.34.1.el9_7fixed 5.14.0-611.34.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rc_pageoff for memcpy byte offset svc_rdma_copy_inline_range added rc_curpage (page index) to the page base instead of the byte offset rc_pageoff. Use rc_pageoff so copies land within the current p
- CVE-2025-68800Jan 13, 2026affected < 4.18.0-553.107.1.el8_10fixed 4.18.0-553.107.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver
- CVE-2025-71085Jan 13, 2026affected < 5.14.0-611.36.1.el9_7fixed 5.14.0-611.36.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of t
- CVE-2022-50865Dec 30, 2025affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and in tcp_add_backlog(), the variable limit is caculated by adding sk_rcvbuf, sk_sndbuf an
- CVE-2025-68741Dec 24, 2025affected < 5.14.0-687.10.1.el9_8fixed 5.14.0-687.10.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(). The qla24xx_alloc_pur
- CVE-2025-68724Dec 24, 2025affected < 4.18.0-553.123.1.el8_10fixed 4.18.0-553.123.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_k
- CVE-2025-68366Dec 24, 2025affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK: nbd_genl_connect nbd_alloc_and_init_config // config_refs=1 nbd_start_devic
- CVE-2025-68349Dec 24, 2025affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs
- CVE-2025-68347Dec 24, 2025affected < 4.18.0-553.126.1.el8_10fixed 4.18.0-553.126.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write more bytes to the user buffer than requested, when a user provides a buffer smaller
- CVE-2025-68305Dec 16, 2025affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmt_pending before write iter se
- CVE-2025-68301Dec 16, 2025affected < 4.18.0-553.94.1.el8_10fixed 4.18.0-553.94.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAX_SKB_FRAGS (17) fragments when handling large multi-descriptor packets. This causes an out-of-b
- CVE-2025-68287Dec 16, 2025affected < 5.14.0-611.24.1.el9_7fixed 5.14.0-611.24.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths This patch addresses a race condition caused by unsynchronized execution of multiple call paths invoking `dwc3_remove_requests(
- CVE-2025-68285Dec 16, 2025affected < 4.18.0-553.92.1.el8_10fixed 4.18.0-553.92.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both
- CVE-2025-68183Dec 16, 2025affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in se
- CVE-2022-50673Dec 9, 2025affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_orphan_cleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0 Read o
- CVE-2023-53781Dec 9, 2025affected < 4.18.0-553.132.1.el8_10fixed 4.18.0-553.132.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcp_write_timer_handler(). With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcp_write_timer_handler() by kernel TCP sockets. [0] If SMC creates a kernel so
- CVE-2023-53762Dec 8, 2025affected < 4.18.0-553.105.1.el8_10fixed 4.18.0-553.105.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync Use-after-free can occur in hci_disconnect_all_sync if a connection is deleted by concurrent processing of a controller event. To prevent this the code n
- CVE-2025-40322Dec 8, 2025affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bit_putcs* bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and
- CVE-2025-40320Dec 8, 2025affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential cfid UAF in smb2_query_info_compound When smb2_query_info_compound() retries, a previously allocated cfid may have been freed in the first attempt. Because cfid wasn't reset on replay
- CVE-2025-40318Dec 8, 2025affected < 5.14.0-611.30.1.el9_7fixed 5.14.0-611.30.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once hci_cmd_sync_dequeue_once() does lookup and then cancel the entry under two separate lock sections. Meanwhile, hci_cmd_sync_work() can also delete the
Page 6 of 63