VYPR

rpm package

almalinux/kernel-rt-64k-debug-modules

pkg:rpm/almalinux/kernel-rt-64k-debug-modules

Vulnerabilities (462)

  • CVE-2026-43125CriMay 6, 2026
    affected < 5.14.0-687.15.1.el9_8fixed 5.14.0-687.15.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlm_search_rsb_tree The len parameter in dlm_dump_rsb_name() is not validated and comes from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can cause out-of-bounds write in dlm

  • CVE-2026-43116HigMay 6, 2026
    affected < 6.12.0-211.18.1.el10_2fixed 6.12.0-211.18.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp->master invalid. To access exp->mas

  • CVE-2026-43112HigMay 6, 2026
    affected < 6.12.0-211.30.1.el10_2fixed 6.12.0-211.30.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a string containing only delimiters (e.g., "/"), the current logic attempts to check *

  • CVE-2026-43110HigMay 6, 2026
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index before it touches drvr->iflist[], but it still uses the raw bsscfgidx field as a

  • CVE-2026-43056HigMay 1, 2026
    affected < 5.14.0-687.15.1.el9_8fixed 5.14.0-687.15.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in add_adev() error path If auxiliary_device_add() fails, add_adev() jumps to add_fail and calls auxiliary_device_uninit(adev). The auxiliary device has its release callback set t

  • CVE-2026-43051HigMay 1, 2026
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq The wacom_intuos_bt_irq() function processes Bluetooth HID reports without sufficient bounds checking. A maliciously crafted short report can trigger an

  • CVE-2026-43038CriMay 1, 2026
    affected < 6.12.0-211.28.1.el10_2fixed 6.12.0-211.28.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() Sashiko AI-review observed: In ip6_err_gen_icmpv6_unreach(), the skb is an outer IPv4 ICMP error packet where its cb contains an IPv4 inet_skb_p

  • CVE-2026-43037CriMay 1, 2026
    affected < 6.12.0-211.22.1.el10_2fixed 6.12.0-211.22.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() Oskar Kjos reported the following problem. ip4ip6_err() calls icmp_send() on a cloned skb whose cb[] was written by the IPv6 receive path as struct inet6_skb_parm.

  • CVE-2026-43027HigMay 1, 2026
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_helper: pass helper to expect cleanup nf_conntrack_helper_unregister() calls nf_ct_expect_iterate_destroy() to remove expectations belonging to the helper being unregistered. However, it

  • CVE-2026-43023HigMay 1, 2026
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in sco_sock_connect() sco_sock_connect() checks sk_state and sk_type without holding the socket lock. Two concurrent connect() syscalls on the same socket can both pass the c

  • CVE-2026-43020HigMay 1, 2026
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate LTK enc_size on load Load Long Term Keys stores the user-provided enc_size and later uses it to size fixed-size stack operations when replying to LE LTK requests. An enc_size larger th

  • CVE-2026-43006HigMay 1, 2026
    affected < 6.12.0-211.18.1.el10_2fixed 6.12.0-211.18.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: reject zero-length fixed buffer import validate_fixed_range() admits buf_addr at the exact end of the registered region when len is zero, because the check uses strict greater-than (buf_end > imu

  • CVE-2026-31772HigMay 1, 2026
    affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync hci_le_big_create_sync() uses DEFINE_FLEX to allocate a struct hci_cp_le_big_create_sync on the stack with room for 0x11 (17) BIS entries

  • CVE-2026-31709HigMay 1, 2026
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild th

  • CVE-2026-31787HigApr 30, 2026
    affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor .open. When userspace does a partial munmap() on a privcmd mapping, the kernel splits the

  • CVE-2026-31786HigApr 30, 2026
    affected < 5.14.0-687.13.1.el9_8fixed 5.14.0-687.13.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string. The first causes a buffer overflow as sprintf in buildid

  • CVE-2026-31685CriApr 25, 2026
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all packets `eui64_mt6()` derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The ex

  • CVE-2026-31684MedApr 25, 2026
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: net: sched: act_csum: validate nested VLAN headers tcf_csum_act() walks nested VLAN headers directly from skb->data when an skb still carries in-payload VLAN tags. The current code reads vlan->h_vlan_encapsulat

  • CVE-2026-31677MedApr 25, 2026
    affected < 6.12.0-211.7.3.el10_2fixed 6.12.0-211.7.3.el10_2

    In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - limit RX SG extraction by receive buffer budget Make af_alg_get_rsgl() limit each RX scatterlist extraction to the remaining receive buffer budget. af_alg_get_rsgl() currently uses af_alg_read

  • CVE-2026-31669CriApr 24, 2026
    affected < 6.12.0-211.26.1.el10_2fixed 6.12.0-211.26.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_established The ehash table lookups are lockless and rely on SLAB_TYPESAFE_BY_RCU to guarantee socket memory stability during RCU read-side critical sections. Bot

Page 3 of 24