rpm package
almalinux/kernel-modules
pkg:rpm/almalinux/kernel-modules
Vulnerabilities (1,228)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47668 | — | < 4.18.0-553.27.1.el8_10 | 4.18.0-553.27.1.el8_10 | Oct 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll sti | ||
| CVE-2024-46858 | — | < 4.18.0-553.30.1.el8_10 | 4.18.0-553.30.1.el8_10 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action | ||
| CVE-2024-46826 | — | < 4.18.0-553.27.1.el8_10 | 4.18.0-553.27.1.el8_10 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequ | ||
| CVE-2024-46824 | — | < 5.14.0-503.14.1.el9_5 | 5.14.0-503.14.1.el9_5 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommufd: Require drivers to supply the cache_invalidate_user ops If drivers don't do this then iommufd will oops invalidation ioctls with something like: Unable to handle kernel NULL pointer dereference at v | ||
| CVE-2024-46744 | Hig | 7.8 | < 5.14.0-611.5.1.el9_7 | 5.14.0-611.5.1.el9_7 | Sep 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read | |
| CVE-2024-46713 | — | < 5.14.0-503.21.1.el9_5 | 5.14.0-503.21.1.el9_5 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment th | ||
| CVE-2024-46697 | — | < 5.14.0-503.19.1.el9_5 | 5.14.0-503.19.1.el9_5 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4_fattr_args.context is zeroed out If nfsd4_encode_fattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk o | ||
| CVE-2024-46695 | — | < 5.14.0-503.16.1.el9_5 | 5.14.0-503.16.1.el9_5 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inode_setsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exporte | ||
| CVE-2024-46689 | — | < 5.14.0-611.5.1.el9_7 | 5.14.0-611.5.1.el9_7 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into | ||
| CVE-2024-45018 | Med | 5.5 | < 5.14.0-503.16.1.el9_5 | 5.14.0-503.16.1.el9_5 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload. | |
| CVE-2024-45020 | — | < 5.14.0-503.19.1.el9_5 | 5.14.0-503.19.1.el9_5 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a kernel verifier crash in stacksafe() Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksaf | ||
| CVE-2024-44990 | Med | 5.5 | < 4.18.0-553.27.1.el8_10 | 4.18.0-553.27.1.el8_10 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer. | |
| CVE-2024-44989 | Med | 5.5 | < 4.18.0-553.27.1.el8_10 | 4.18.0-553.27.1.el8_10 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set | |
| CVE-2024-44994 | — | < 5.14.0-503.16.1.el9_5 | 5.14.0-503.16.1.el9_5 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu: Restore lost return in iommu_report_device_fault() When iommu_report_device_fault gets called with a partial fault it is supposed to collect the fault into the group and then return. Instead the return | ||
| CVE-2024-44970 | — | < 4.18.0-553.53.1.el8_10 | 4.18.0-553.53.1.el8_10 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible to receive CQEs | ||
| CVE-2024-44935 | Med | 5.5 | < 4.18.0-553.27.1.el8_10 | 4.18.0-553.27.1.el8_10 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseport_add_sock(). syzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in reuseport_add_sock(). [0] The repro first creates a listener with SO_REUSEPORT. Then, | |
| CVE-2024-43889 | Med | 5.5 | < 4.18.0-553.27.1.el8_10 | 4.18.0-553.27.1.el8_10 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: padata: Fix possible divide-by-0 panic in padata_mt_helper() We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time. [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPT | |
| CVE-2024-43892 | — | < 4.18.0-553.27.1.el8_10 | 4.18.0-553.27.1.el8_10 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creat | ||
| CVE-2022-48919 | — | < 4.18.0-553.58.1.el8_10 | 4.18.0-553.58.1.el8_10 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free | ||
| CVE-2024-43871 | Med | 5.5 | < 4.18.0-553.22.1.el8_10 | 4.18.0-553.22.1.el8_10 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_rele |
- CVE-2024-47668Oct 9, 2024affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll sti
- CVE-2024-46858Sep 27, 2024affected < 4.18.0-553.30.1.el8_10fixed 4.18.0-553.30.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action
- CVE-2024-46826Sep 27, 2024affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequ
- CVE-2024-46824Sep 27, 2024affected < 5.14.0-503.14.1.el9_5fixed 5.14.0-503.14.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: iommufd: Require drivers to supply the cache_invalidate_user ops If drivers don't do this then iommufd will oops invalidation ioctls with something like: Unable to handle kernel NULL pointer dereference at v
- affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read
- CVE-2024-46713Sep 13, 2024affected < 5.14.0-503.21.1.el9_5fixed 5.14.0-503.21.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment th
- CVE-2024-46697Sep 13, 2024affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4_fattr_args.context is zeroed out If nfsd4_encode_fattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk o
- CVE-2024-46695Sep 13, 2024affected < 5.14.0-503.16.1.el9_5fixed 5.14.0-503.16.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inode_setsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exporte
- CVE-2024-46689Sep 13, 2024affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into
- affected < 5.14.0-503.16.1.el9_5fixed 5.14.0-503.16.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload.
- CVE-2024-45020Sep 11, 2024affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a kernel verifier crash in stacksafe() Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksaf
- affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer.
- affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set
- CVE-2024-44994Sep 4, 2024affected < 5.14.0-503.16.1.el9_5fixed 5.14.0-503.16.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: iommu: Restore lost return in iommu_report_device_fault() When iommu_report_device_fault gets called with a partial fault it is supposed to collect the fault into the group and then return. Instead the return
- CVE-2024-44970Sep 4, 2024affected < 4.18.0-553.53.1.el8_10fixed 4.18.0-553.53.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible to receive CQEs
- affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseport_add_sock(). syzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in reuseport_add_sock(). [0] The repro first creates a listener with SO_REUSEPORT. Then,
- affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: padata: Fix possible divide-by-0 panic in padata_mt_helper() We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time. [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPT
- CVE-2024-43892Aug 26, 2024affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creat
- CVE-2022-48919Aug 22, 2024affected < 4.18.0-553.58.1.el8_10fixed 4.18.0-553.58.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free
- affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_rele
Page 26 of 62