rpm package

almalinux/kernel-modules

pkg:rpm/almalinux/kernel-modules

Vulnerabilities (1,228)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-21741	—	< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix DPE OoB read Fix an out-of-bounds DPE read, limit the number of processed DPEs to the amount that fits into the fixed-size NDP16 header.
CVE-2025-21738	—	< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated buffer reveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len set to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA com
CVE-2025-21732	—	< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error This patch addresses a race condition for an ODP MR that can result in a CQE with an error on the UMR QP. During the __mlx5_ib_dereg_mr() flow,
CVE-2024-58015	—	< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix for out-of bound access error Selfgen stats are placed in a buffer using print_array_to_buf_index() function. Array length parameter passed to the function is too big, resulting in possible ou
CVE-2024-58013	—	< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free
CVE-2024-58012	—	< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology might not create the right number of DAI widgets for aggregated amps. And i
CVE-2024-58007	—	< 5.14.0-570.16.1.el9_6	5.14.0-570.16.1.el9_6	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: soc: qcom: socinfo: Avoid out of bounds read of serial number On MSM8916 devices, the serial number exposed in sysfs is constant and does not change across individual devices. It's always: db410c:/sys/device
CVE-2024-58006	—	< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() In commit 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() update inbound map address") set_bar() was modified to support dynamically
CVE-2024-58004	—	< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: remove cpu latency qos request on error Fix cpu latency qos list corruption like below. It happens when we do not remove cpu latency request on error path and free corresponding memory. [
CVE-2024-58002	—	< 4.18.0-553.62.1.el8_10	4.18.0-553.62.1.el8_10	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. That pointer will be used when the device is done. Which could be any
CVE-2025-21729	—	< 5.14.0-611.5.1.el9_7	5.14.0-611.5.1.el9_7	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion The rtwdev->scanning flag isn't protected by mutex originally, so cancel_hw_scan can pass the condition, but suddenly hw_scan completion unset
CVE-2025-21714	—	< 5.14.0-611.5.1.el9_7	5.14.0-611.5.1.el9_7	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP use after free Prevent double queueing of implicit ODP mr destroy work by using __xa_cmpxchg() to make sure this is the only time we are destroying this specific mr. Without this ch
CVE-2024-57998	—	< 5.14.0-611.5.1.el9_7	5.14.0-611.5.1.el9_7	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq index to the assert function to make sure we do not read a freq out of the opp->rates[] table when called from the indexed v
CVE-2024-57995	—	< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() In ath12k_mac_assign_vif_to_vdev(), if arvif is created on a different radio, it gets deleted from that radio through a call to ath12
CVE-2024-57993	—	< 5.14.0-611.5.1.el9_7	5.14.0-611.5.1.el9_7	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check syzbot has found a type mismatch between a USB pipe and the transfer endpoint, which is triggered by the hid-thrustmaster driver
CVE-2024-57990	—	< 5.14.0-611.5.1.el9_7	5.14.0-611.5.1.el9_7	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_load_clc() This comparison should be >= instead of > to prevent an out of bounds read and write.
CVE-2024-57989	—	< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links In mt7925_change_vif_links() devm_kzalloc() may return NULL but this returned value is not checked.
CVE-2024-57988	—	< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() devm_kstrdup() can return a NULL pointer on failure,but this returned value in btbcm_get_board_name() is not checked. Add NULL check in btbcm_get_board
CVE-2024-57987	—	< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() If insert an USB dongle which chip is not maintained in ic_id_table, it will hit the NULL point accessed. Add a null point check to avoid the Kernel Oop
CVE-2024-57984	—	< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition In dw_i3c_common_probe, &master->hj_work is bound with dw_i3c_hj_work. And dw_i3c_master_irq_handler can call dw_i3c_master_irq_handle_i

CVE-2025-21741Feb 27, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix DPE OoB read Fix an out-of-bounds DPE read, limit the number of processed DPEs to the amount that fits into the fixed-size NDP16 header.
CVE-2025-21738Feb 27, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated buffer reveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len set to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA com
CVE-2025-21732Feb 27, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error This patch addresses a race condition for an ODP MR that can result in a CQE with an error on the UMR QP. During the __mlx5_ib_dereg_mr() flow,
CVE-2024-58015Feb 27, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix for out-of bound access error Selfgen stats are placed in a buffer using print_array_to_buf_index() function. Array length parameter passed to the function is too big, resulting in possible ou
CVE-2024-58013Feb 27, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free
CVE-2024-58012Feb 27, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology might not create the right number of DAI widgets for aggregated amps. And i
CVE-2024-58007Feb 27, 2025
affected < 5.14.0-570.16.1.el9_6fixed 5.14.0-570.16.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: socinfo: Avoid out of bounds read of serial number On MSM8916 devices, the serial number exposed in sysfs is constant and does not change across individual devices. It's always: db410c:/sys/device
CVE-2024-58006Feb 27, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() In commit 4284c88fff0e ("PCI: designware-ep: Allow pci_epc_set_bar() update inbound map address") set_bar() was modified to support dynamically
CVE-2024-58004Feb 27, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: remove cpu latency qos request on error Fix cpu latency qos list corruption like below. It happens when we do not remove cpu latency request on error path and free corresponding memory. [
CVE-2024-58002Feb 27, 2025
affected < 4.18.0-553.62.1.el8_10fixed 4.18.0-553.62.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. That pointer will be used when the device is done. Which could be any
CVE-2025-21729Feb 27, 2025
affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion The rtwdev->scanning flag isn't protected by mutex originally, so cancel_hw_scan can pass the condition, but suddenly hw_scan completion unset
CVE-2025-21714Feb 27, 2025
affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP use after free Prevent double queueing of implicit ODP mr destroy work by using __xa_cmpxchg() to make sure this is the only time we are destroying this specific mr. Without this ch
CVE-2024-57998Feb 27, 2025
affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq index to the assert function to make sure we do not read a freq out of the opp->rates[] table when called from the indexed v
CVE-2024-57995Feb 27, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() In ath12k_mac_assign_vif_to_vdev(), if arvif is created on a different radio, it gets deleted from that radio through a call to ath12
CVE-2024-57993Feb 27, 2025
affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check syzbot has found a type mismatch between a USB pipe and the transfer endpoint, which is triggered by the hid-thrustmaster driver
CVE-2024-57990Feb 27, 2025
affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_load_clc() This comparison should be >= instead of > to prevent an out of bounds read and write.
CVE-2024-57989Feb 27, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links In mt7925_change_vif_links() devm_kzalloc() may return NULL but this returned value is not checked.
CVE-2024-57988Feb 27, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() devm_kstrdup() can return a NULL pointer on failure,but this returned value in btbcm_get_board_name() is not checked. Add NULL check in btbcm_get_board
CVE-2024-57987Feb 27, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() If insert an USB dongle which chip is not maintained in ic_id_table, it will hit the NULL point accessed. Add a null point check to avoid the Kernel Oop
CVE-2024-57984Feb 27, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition In dw_i3c_common_probe, &master->hj_work is bound with dw_i3c_hj_work. And dw_i3c_master_irq_handler can call dw_i3c_master_irq_handle_i

Page 20 of 62