rpm package

almalinux/kernel-modules

pkg:rpm/almalinux/kernel-modules

Vulnerabilities (1,228)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-52620	Low	2.5	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Mar 21, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters.
CVE-2024-26640		—	< 5.14.0-427.42.1.el9_4	5.14.0-427.42.1.el9_4	Mar 18, 2024	In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page mu
CVE-2023-52619		—	< 4.18.0-553.16.1.el8_10	4.18.0-553.16.1.el8_10	Mar 18, 2024	In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will becom
CVE-2024-26638		—	< 4.18.0-553.22.1.el8_10	4.18.0-553.22.1.el8_10	Mar 18, 2024	In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg->msg_get_inq value can be uninitialized [1] struct msghdr got many new fields recently, we should always make sure their values is zero
CVE-2024-26633		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Mar 18, 2024	In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->hea
CVE-2023-52610		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Mar 18, 2024	In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, the last frag's reference is reset in: inet_frag_reasm_prepare skb_morph w
CVE-2021-47118		—	< 4.18.0-553.5.1.el8_10	4.18.0-553.5.1.el8_10	Mar 15, 2024	In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's struct pid. Later on, we may change `cad_pid` via a sysctl, and when this happens
CVE-2023-28746	Med	6.5	< 4.18.0-553.16.1.el8_10	4.18.0-553.16.1.el8_10	Mar 14, 2024	Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2024-26630		—	< 5.14.0-427.35.1.el9_4	5.14.0-427.35.1.el9_4	Mar 13, 2024	In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not
CVE-2024-26629	Med	5.5	< 5.14.0-427.35.1.el9_4	5.14.0-427.35.1.el9_4	Mar 13, 2024	In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kd
CVE-2023-52595		—	< 4.18.0-553.5.1.el8_10	4.18.0-553.5.1.el8_10	Mar 6, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset When a hardware reset is triggered, all registers are reset, so all queues are forced to stop in hardware interface. However, mac80211 will not automatical
CVE-2023-52594		—	< 4.18.0-553.5.1.el8_10	4.18.0-553.5.1.el8_10	Mar 6, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug occurs when txs->cnt, data from a URB provided by a USB d
CVE-2021-47101		—	< 4.18.0-553.22.1.el8_10	4.18.0-553.22.1.el8_10	Mar 4, 2024	In the Linux kernel, the following vulnerability has been resolved: asix: fix uninit-value in asix_mdio_read() asix_read_cmd() may read less than sizeof(smsr) bytes and in this case smsr will be uninitialized. Fail log: BUG: KMSAN: uninit-value in asix_check_host_enable driver
CVE-2021-47097		—	< 4.18.0-553.22.1.el8_10	4.18.0-553.22.1.el8_10	Mar 4, 2024	In the Linux kernel, the following vulnerability has been resolved: Input: elantech - fix stack out of bound access in elantech_change_report_id() The array param[] in elantech_change_report_id() must be at least 3 bytes, because elantech_read_reg_params() is calling ps2_comman
CVE-2023-52581		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Mar 2, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak when more than 255 elements expired When more than 255 elements expired we're supposed to switch to a new gc container structure. This never happens: u8 type will wrap before
CVE-2023-52580		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Mar 2, 2024	In the Linux kernel, the following vulnerability has been resolved: net/core: Fix ETH_P_1588 flow dissector When a PTP ethernet raw frame with a size of more than 256 bytes followed by a 0xff pattern is sent to __skb_flow_dissect, nhoff value calculation is wrong. For example:
CVE-2023-52578		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Mar 2, 2024	In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEV_STATS_INC() syzbot/KCSAN reported data-races in br_handle_frame_finish() [1] This function can run from multiple cpus without mutual exclusion. Adopt SMP safe DEV_STATS_INC() to update dev
CVE-2023-52574		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Mar 2, 2024	In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel NULL pointer dereference, address: 0000000000000228 ... RIP: 0010:vlan_dev_hard_he
CVE-2023-52565		—	< 4.18.0-553.5.1.el8_10	4.18.0-553.5.1.el8_10	Mar 2, 2024	In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is bigger than the mask size, we might do an out of bound read.
CVE-2023-52560		—	< 4.18.0-553.8.1.el8_10	4.18.0-553.8.1.el8_10	Mar 2, 2024	In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=y and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak i

CVE-2023-52620LowMar 21, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters.
CVE-2024-26640Mar 18, 2024
affected < 5.14.0-427.42.1.el9_4fixed 5.14.0-427.42.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page mu
CVE-2023-52619Mar 18, 2024
affected < 4.18.0-553.16.1.el8_10fixed 4.18.0-553.16.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will becom
CVE-2024-26638Mar 18, 2024
affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg->msg_get_inq value can be uninitialized [1] struct msghdr got many new fields recently, we should always make sure their values is zero
CVE-2024-26633Mar 18, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->hea
CVE-2023-52610Mar 18, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, the last frag's reference is reset in: inet_frag_reasm_prepare skb_morph w
CVE-2021-47118Mar 15, 2024
affected < 4.18.0-553.5.1.el8_10fixed 4.18.0-553.5.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's struct pid. Later on, we may change `cad_pid` via a sysctl, and when this happens
CVE-2023-28746MedMar 14, 2024
affected < 4.18.0-553.16.1.el8_10fixed 4.18.0-553.16.1.el8_10
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2024-26630Mar 13, 2024
affected < 5.14.0-427.35.1.el9_4fixed 5.14.0-427.35.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not
CVE-2024-26629MedMar 13, 2024
affected < 5.14.0-427.35.1.el9_4fixed 5.14.0-427.35.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kd
CVE-2023-52595Mar 6, 2024
affected < 4.18.0-553.5.1.el8_10fixed 4.18.0-553.5.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset When a hardware reset is triggered, all registers are reset, so all queues are forced to stop in hardware interface. However, mac80211 will not automatical
CVE-2023-52594Mar 6, 2024
affected < 4.18.0-553.5.1.el8_10fixed 4.18.0-553.5.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug occurs when txs->cnt, data from a URB provided by a USB d
CVE-2021-47101Mar 4, 2024
affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: asix: fix uninit-value in asix_mdio_read() asix_read_cmd() may read less than sizeof(smsr) bytes and in this case smsr will be uninitialized. Fail log: BUG: KMSAN: uninit-value in asix_check_host_enable driver
CVE-2021-47097Mar 4, 2024
affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Input: elantech - fix stack out of bound access in elantech_change_report_id() The array param[] in elantech_change_report_id() must be at least 3 bytes, because elantech_read_reg_params() is calling ps2_comman
CVE-2023-52581Mar 2, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak when more than 255 elements expired When more than 255 elements expired we're supposed to switch to a new gc container structure. This never happens: u8 type will wrap before
CVE-2023-52580Mar 2, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net/core: Fix ETH_P_1588 flow dissector When a PTP ethernet raw frame with a size of more than 256 bytes followed by a 0xff pattern is sent to __skb_flow_dissect, nhoff value calculation is wrong. For example:
CVE-2023-52578Mar 2, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEV_STATS_INC() syzbot/KCSAN reported data-races in br_handle_frame_finish() [1] This function can run from multiple cpus without mutual exclusion. Adopt SMP safe DEV_STATS_INC() to update dev
CVE-2023-52574Mar 2, 2024
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel NULL pointer dereference, address: 0000000000000228 ... RIP: 0010:vlan_dev_hard_he
CVE-2023-52565Mar 2, 2024
affected < 4.18.0-553.5.1.el8_10fixed 4.18.0-553.5.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is bigger than the mask size, we might do an out of bound read.
CVE-2023-52560Mar 2, 2024
affected < 4.18.0-553.8.1.el8_10fixed 4.18.0-553.8.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=y and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak i

Page 45 of 62