rpm package
almalinux/kernel-rt-64k-debug-core
pkg:rpm/almalinux/kernel-rt-64k-debug-core
Vulnerabilities (457)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40047 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress, | ||
| CVE-2025-40034 | — | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn' | ||
| CVE-2025-39984 | — | < 6.12.0-124.21.1.el10_1 | 6.12.0-124.21.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi->skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skb_reset_mac_header include/linux/skbuff.h:3150 [inline] BUG: KASAN: slab-use-after-free in n | ||
| CVE-2025-39983 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not properly locking hdev when processing HCI_EV_NUM_COMP_PKTS: BUG: KASAN: slab-use-after-free in hci_conn_tx_dequeu | ||
| CVE-2025-39982 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connection still pending is command submission (conn->state == BT_OPEN) maybe freed, al | ||
| CVE-2025-39981 | — | < 5.14.0-611.11.1.el9_7 | 5.14.0-611.11.1.el9_7 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is intr | ||
| CVE-2025-39979 | — | < 5.14.0-611.13.1.el9_7 | 5.14.0-611.13.1.el9_7 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace [1] caused by releasing an HWS action of a local flow counter in mlx5_cmd_hws_delete_fte(), where the HWS action refcount and mutex were not init | ||
| CVE-2025-39971 | — | < 6.12.0-124.16.1.el10_1 | 6.12.0-124.16.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg(). | ||
| CVE-2025-39966 | — | < 5.14.0-611.16.1.el9_7 | 5.14.0-611.16.1.el9_7 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, it puts the file on a work queue and it will be released eventually. This is normally f | ||
| CVE-2025-39955 | — | < 5.14.0-611.11.1.el9_7 | 5.14.0-611.11.1.el9_7 | Oct 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Ope | ||
| CVE-2025-39933 | — | < 5.14.0-611.24.1.el9_7 | 5.14.0-611.24.1.el9_7 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes. | ||
| CVE-2023-53494 | — | < 5.14.0-570.60.1.el9_6 | 5.14.0-570.60.1.el9_6 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: xts - Handle EBUSY correctly As it is xts only handles the special return value of EINPROGRESS, which means that in all other cases it will free data related to the request. However, as the caller of x | ||
| CVE-2025-39925 | — | < 5.14.0-611.13.1.el9_7 | 5.14.0-611.13.1.el9_7 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UNREGISTER notification handler syzbot is reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have NETDEV_UNREG | ||
| CVE-2025-39918 | — | < 5.14.0-611.11.1.el9_7 | 5.14.0-611.11.1.el9_7 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix linked list corruption Never leave scheduled wcid entries on the temporary on-stack list | ||
| CVE-2025-39905 | — | < 6.12.0-124.27.1.el10_1 | 6.12.0-124.27.1.el10_1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Currently phylink_resolve() protects itself against concurrent phylink_bringup_phy() or phylink_disconnect_phy() calls which mod | ||
| CVE-2025-39883 | — | < 5.14.0-611.20.1.el9_7 | 5.14.0-611.20.1.el9_7 | Sep 23, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory When I did memory failure tests, below panic occurs: page dumped because: VM_BUG_ON_PAGE(PagePoisoned(page)) kernel BUG at include | ||
| CVE-2025-39866 | Hig | 7.8 | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-r | |
| CVE-2025-39864 | Hig | 7.8 | < 5.14.0-611.11.1.el9_7 | 5.14.0-611.11.1.el9_7 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix use-after-free in cmp_bss() Following bss_free() quirk introduced in commit 776b3580178f ("cfg80211: track hidden SSID networks properly"), adjust cfg80211_update_known_bss() to free the las | |
| CVE-2025-39849 | Hig | 7.8 | < 5.14.0-570.55.1.el9_6 | 5.14.0-570.55.1.el9_6 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking. | |
| CVE-2025-39843 | Med | 5.5 | < 6.12.0-124.27.1.el10_1 | 6.12.0-124.27.1.el10_1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in set_track_prepare set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when |
- CVE-2025-40047Oct 28, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress,
- CVE-2025-40034Oct 28, 2025affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn'
- CVE-2025-39984Oct 15, 2025affected < 6.12.0-124.21.1.el10_1fixed 6.12.0-124.21.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi->skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skb_reset_mac_header include/linux/skbuff.h:3150 [inline] BUG: KASAN: slab-use-after-free in n
- CVE-2025-39983Oct 15, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not properly locking hdev when processing HCI_EV_NUM_COMP_PKTS: BUG: KASAN: slab-use-after-free in hci_conn_tx_dequeu
- CVE-2025-39982Oct 15, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connection still pending is command submission (conn->state == BT_OPEN) maybe freed, al
- CVE-2025-39981Oct 15, 2025affected < 5.14.0-611.11.1.el9_7fixed 5.14.0-611.11.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is intr
- CVE-2025-39979Oct 15, 2025affected < 5.14.0-611.13.1.el9_7fixed 5.14.0-611.13.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace [1] caused by releasing an HWS action of a local flow counter in mlx5_cmd_hws_delete_fte(), where the HWS action refcount and mutex were not init
- CVE-2025-39971Oct 15, 2025affected < 6.12.0-124.16.1.el10_1fixed 6.12.0-124.16.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg().
- CVE-2025-39966Oct 15, 2025affected < 5.14.0-611.16.1.el9_7fixed 5.14.0-611.16.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, it puts the file on a work queue and it will be released eventually. This is normally f
- CVE-2025-39955Oct 9, 2025affected < 5.14.0-611.11.1.el9_7fixed 5.14.0-611.11.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Ope
- CVE-2025-39933Oct 4, 2025affected < 5.14.0-611.24.1.el9_7fixed 5.14.0-611.24.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes.
- CVE-2023-53494Oct 1, 2025affected < 5.14.0-570.60.1.el9_6fixed 5.14.0-570.60.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: crypto: xts - Handle EBUSY correctly As it is xts only handles the special return value of EINPROGRESS, which means that in all other cases it will free data related to the request. However, as the caller of x
- CVE-2025-39925Oct 1, 2025affected < 5.14.0-611.13.1.el9_7fixed 5.14.0-611.13.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UNREGISTER notification handler syzbot is reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have NETDEV_UNREG
- CVE-2025-39918Oct 1, 2025affected < 5.14.0-611.11.1.el9_7fixed 5.14.0-611.11.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix linked list corruption Never leave scheduled wcid entries on the temporary on-stack list
- CVE-2025-39905Oct 1, 2025affected < 6.12.0-124.27.1.el10_1fixed 6.12.0-124.27.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Currently phylink_resolve() protects itself against concurrent phylink_bringup_phy() or phylink_disconnect_phy() calls which mod
- CVE-2025-39883Sep 23, 2025affected < 5.14.0-611.20.1.el9_7fixed 5.14.0-611.20.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory When I did memory failure tests, below panic occurs: page dumped because: VM_BUG_ON_PAGE(PagePoisoned(page)) kernel BUG at include
- affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-r
- affected < 5.14.0-611.11.1.el9_7fixed 5.14.0-611.11.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix use-after-free in cmp_bss() Following bss_free() quirk introduced in commit 776b3580178f ("cfg80211: track hidden SSID networks properly"), adjust cfg80211_update_known_bss() to free the las
- affected < 5.14.0-570.55.1.el9_6fixed 5.14.0-570.55.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.
- affected < 6.12.0-124.27.1.el10_1fixed 6.12.0-124.27.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in set_track_prepare set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when
Page 8 of 23