VYPR

rpm package

almalinux/kernel-rt-64k-debug-devel

pkg:rpm/almalinux/kernel-rt-64k-debug-devel

Vulnerabilities (355)

  • CVE-2026-23010HigJan 25, 2026
    affected < 6.12.0-124.45.1.el10_1fixed 6.12.0-124.45.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited commit accidentally moved ipv6_del_addr() for mngtmpaddr before reading its ifp->

  • CVE-2026-23001HigJan 25, 2026
    affected < 5.14.0-611.38.1.el9_7fixed 5.14.0-611.38.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace

  • CVE-2026-22998HigJan 25, 2026
    affected < 6.12.0-124.38.1.el10_1fixed 6.12.0-124.38.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec Commit efa56305908b ("nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length") added ttag bounds checking and data_offset va

  • CVE-2025-68811Jan 13, 2026
    affected < 6.12.0-124.35.1.el10_1fixed 6.12.0-124.35.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rc_pageoff for memcpy byte offset svc_rdma_copy_inline_range added rc_curpage (page index) to the page base instead of the byte offset rc_pageoff. Use rc_pageoff so copies land within the current p

  • CVE-2025-68800Jan 13, 2026
    affected < 6.12.0-124.39.1.el10_1fixed 6.12.0-124.39.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver

  • CVE-2025-71085Jan 13, 2026
    affected < 5.14.0-611.36.1.el9_7fixed 5.14.0-611.36.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of t

  • CVE-2025-68741Dec 24, 2025
    affected < 5.14.0-611.49.1.el9_7fixed 5.14.0-611.49.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(). The qla24xx_alloc_pur

  • CVE-2025-68349Dec 24, 2025
    affected < 6.12.0-124.38.1.el10_1fixed 6.12.0-124.38.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs

  • CVE-2025-68305Dec 16, 2025
    affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmt_pending before write iter se

  • CVE-2025-68301Dec 16, 2025
    affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAX_SKB_FRAGS (17) fragments when handling large multi-descriptor packets. This causes an out-of-b

  • CVE-2025-68287Dec 16, 2025
    affected < 6.12.0-124.27.1.el10_1fixed 6.12.0-124.27.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths This patch addresses a race condition caused by unsynchronized execution of multiple call paths invoking `dwc3_remove_requests(

  • CVE-2025-68285Dec 16, 2025
    affected < 6.12.0-124.28.1.el10_1fixed 6.12.0-124.28.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both

  • CVE-2025-40322Dec 8, 2025
    affected < 6.12.0-124.35.1.el10_1fixed 6.12.0-124.35.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bit_putcs* bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and

  • CVE-2025-40318Dec 8, 2025
    affected < 6.12.0-124.31.1.el10_1fixed 6.12.0-124.31.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once hci_cmd_sync_dequeue_once() does lookup and then cancel the entry under two separate lock sections. Meanwhile, hci_cmd_sync_work() can also delete the

  • CVE-2025-40304Dec 8, 2025
    affected < 6.12.0-124.35.1.el10_1fixed 6.12.0-124.35.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is of

  • CVE-2025-40301Dec 8, 2025
    affected < 6.12.0-124.31.1.el10_1fixed 6.12.0-124.31.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: validate skb length for unknown CC opcode In hci_cmd_complete_evt(), if the command complete event has an unknown opcode, we assume the first byte of the remaining skb->data contains the r

  • CVE-2025-40294Dec 8, 2025
    affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() In the parse_adv_monitor_pattern() function, the value of the 'length' variable is currently limited to HCI_MAX_EXT_AD_LENGTH(251). The size of the

  • CVE-2025-40277Dec 6, 2025
    affected < 6.12.0-124.27.1.el10_1fixed 6.12.0-124.27.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE This data originates from userspace and is used in buffer offset calculations which could potentially overflow causing an out-of-bounds acc

  • CVE-2025-40271Dec 6, 2025
    affected < 6.12.0-124.31.1.el10_1fixed 6.12.0-124.31.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EM

  • CVE-2025-40269Dec 6, 2025
    affected < 5.14.0-611.30.1.el9_7fixed 5.14.0-611.30.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is transferred over USB URB packet buffers, and each packet size is determined dynamically. The packet siz

Page 2 of 18