rpm package
almalinux/kernel-rt-64k-debug
pkg:rpm/almalinux/kernel-rt-64k-debug
Vulnerabilities (457)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-46331 | — | < 6.12.0-211.26.1.el10_2 | 6.12.0-211.26.1.el10_2 | Jun 16, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account | ||
| CVE-2026-46316 | Cri | 9.3 | < 6.12.0-211.28.1.el10_2 | 6.12.0-211.28.1.el10_2 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each en | |
| CVE-2026-46243 | Hig | 7.1 | < 6.12.0-211.20.1.el10_2 | 6.12.0-211.20.1.el10_2 | Jun 1, 2026 | In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating in | |
| CVE-2026-46189 | Hig | 7.8 | < 5.14.0-687.19.1.el9_8 | 5.14.0-687.19.1.el9_8 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path Sashiko points out that pvrdma_uar_free() is already called within pvrdma_dealloc_ucontext(), so calling it before triggers a double free. | |
| CVE-2026-46181 | Hig | 7.8 | < 5.14.0-687.15.1.el9_8 | 5.14.0-687.15.1.el9_8 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() Sashiko points out the radix_tree itself is RCU safe, but nothing ever frees the mlx4_srq struct with RCU, and it isn't even accessed within the RCU critical se | |
| CVE-2026-46176 | Hig | 7.8 | < 5.14.0-687.19.1.el9_8 | 5.14.0-687.19.1.el9_8 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() mlx5_ib_dev_res_srq_init() allocates two SRQs, s0 and s1. When ib_create_srq() fails for s1, the error branch destroys s0 but falls through a | |
| CVE-2026-46173 | Hig | 7.8 | < 6.12.0-211.26.1.el10_2 | 6.12.0-211.26.1.el10_2 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASK_DEAD task When an already-exiting task oopses, make_task_dead() currently calls do_task_dead() with preemption enabled. That is forbidden: do_task_dead() calls __schedu | |
| CVE-2026-46166 | Hig | 8.8 | < 6.12.0-211.26.1.el10_2 | 6.12.0-211.26.1.el10_2 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211_dfs_cac_cancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-aft | |
| CVE-2026-46152 | Hig | 8.8 | < 6.12.0-211.26.1.el10_2 | 6.12.0-211.26.1.el10_2 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rx_result ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but its per-invocation rx_result is declared static. Concurrent callers then share on | |
| CVE-2026-46145 | Hig | 7.8 | < 5.14.0-687.17.1.el9_8 | 5.14.0-687.17.1.el9_8 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rx_hash_key_len Sashiko points out that rx_hash_key_len comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the mem | |
| CVE-2026-46135 | Cri | 9.8 | < 5.14.0-687.17.1.el9_8 | 5.14.0-687.17.1.el9_8 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmet_tcp_handle_icreq() updates queue->state after sending an Initialization Connection Response (ICResp), but it does so without serializing again | |
| CVE-2026-46125 | Hig | 8.8 | < 6.12.0-211.26.1.el10_2 | 6.12.0-211.26.1.el10_2 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: remove station if connection prep fails If connection preparation fails for MLO connections, then the interface is completely reset to non-MLD. In this case, we must not keep the station since i | |
| CVE-2026-46117 | Hig | 7.8 | < 5.14.0-687.17.1.el9_8 | 5.14.0-687.17.1.el9_8 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() Sashiko points out that the user can specify WQs sharing the same CQ as a part of the uAPI and this will trigger the WARN_ON() then go on | |
| CVE-2026-46090 | Hig | 7.8 | < 5.14.0-687.19.1.el9_8 | 5.14.0-687.19.1.el9_8 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa6 | |
| CVE-2026-46056 | Hig | 8.8 | < 6.12.0-211.26.1.el10_2 | 6.12.0-211.26.1.el10_2 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in hci_user_passkey_notify_evt() and hci_keypress_notify_evt(), otherwise the connec | |
| CVE-2026-46054 | Hig | 7.1 | < 6.12.0-211.22.1.el10_2 | 6.12.0-211.22.1.el10_2 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() and mprotect() access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file (the "user" file) and the | |
| CVE-2026-45984 | Hig | 7.8 | < 5.14.0-687.17.1.el9_8 | 5.14.0-687.17.1.el9_8 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head (dibh) is being released prematurely in gfs2_iomap_begin() via release_metapath() while iomap->inline_data still points to di | |
| CVE-2026-45898 | Cri | 9.8 | < 6.12.0-211.28.1.el10_2 | 6.12.0-211.28.1.el10_2 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing work_list The commit e1168f0 ("RDMA/iwcm: Simplify cm_event_handler()") changed the work submission logic to unconditionally call queue_work() with the expec | |
| CVE-2026-45852 | Hig | 7.8 | < 5.14.0-687.15.1.el9_8 | 5.14.0-687.15.1.el9_8 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxe_srq_from_init In rxe_srq_from_init(), the queue pointer 'q' is assigned to 'srq->rq.queue' before copying the SRQ number to user space. If copy_to_user() fails, the function cal | |
| CVE-2026-46300 | Hig | 7.8 | < 5.14.0-687.10.1.el9_8 | 5.14.0-687.10.1.el9_8 | May 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally |
- CVE-2026-46331Jun 16, 2026affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account
- affected < 6.12.0-211.28.1.el10_2fixed 6.12.0-211.28.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each en
- affected < 6.12.0-211.20.1.el10_2fixed 6.12.0-211.20.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating in
- affected < 5.14.0-687.19.1.el9_8fixed 5.14.0-687.19.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path Sashiko points out that pvrdma_uar_free() is already called within pvrdma_dealloc_ucontext(), so calling it before triggers a double free.
- affected < 5.14.0-687.15.1.el9_8fixed 5.14.0-687.15.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() Sashiko points out the radix_tree itself is RCU safe, but nothing ever frees the mlx4_srq struct with RCU, and it isn't even accessed within the RCU critical se
- affected < 5.14.0-687.19.1.el9_8fixed 5.14.0-687.19.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() mlx5_ib_dev_res_srq_init() allocates two SRQs, s0 and s1. When ib_create_srq() fails for s1, the error branch destroys s0 but falls through a
- affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASK_DEAD task When an already-exiting task oopses, make_task_dead() currently calls do_task_dead() with preemption enabled. That is forbidden: do_task_dead() calls __schedu
- affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211_dfs_cac_cancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-aft
- affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rx_result ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but its per-invocation rx_result is declared static. Concurrent callers then share on
- affected < 5.14.0-687.17.1.el9_8fixed 5.14.0-687.17.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rx_hash_key_len Sashiko points out that rx_hash_key_len comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the mem
- affected < 5.14.0-687.17.1.el9_8fixed 5.14.0-687.17.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmet_tcp_handle_icreq() updates queue->state after sending an Initialization Connection Response (ICResp), but it does so without serializing again
- affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: remove station if connection prep fails If connection preparation fails for MLO connections, then the interface is completely reset to non-MLD. In this case, we must not keep the station since i
- affected < 5.14.0-687.17.1.el9_8fixed 5.14.0-687.17.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() Sashiko points out that the user can specify WQs sharing the same CQ as a part of the uAPI and this will trigger the WARN_ON() then go on
- affected < 5.14.0-687.19.1.el9_8fixed 5.14.0-687.19.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa6
- affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in hci_user_passkey_notify_evt() and hci_keypress_notify_evt(), otherwise the connec
- affected < 6.12.0-211.22.1.el10_2fixed 6.12.0-211.22.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() and mprotect() access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file (the "user" file) and the
- affected < 5.14.0-687.17.1.el9_8fixed 5.14.0-687.17.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head (dibh) is being released prematurely in gfs2_iomap_begin() via release_metapath() while iomap->inline_data still points to di
- affected < 6.12.0-211.28.1.el10_2fixed 6.12.0-211.28.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removing work_list The commit e1168f0 ("RDMA/iwcm: Simplify cm_event_handler()") changed the work submission logic to unconditionally call queue_work() with the expec
- affected < 5.14.0-687.15.1.el9_8fixed 5.14.0-687.15.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxe_srq_from_init In rxe_srq_from_init(), the queue pointer 'q' is assigned to 'srq->rq.queue' before copying the SRQ number to user space. If copy_to_user() fails, the function cal
- affected < 5.14.0-687.10.1.el9_8fixed 5.14.0-687.10.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally
Page 1 of 23