rpm package
almalinux/kernel-rt-64k-debug-modules
pkg:rpm/almalinux/kernel-rt-64k-debug-modules
Vulnerabilities (462)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23243 | Hig | 7.8 | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Mar 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD header sizes. With a mismatched user MAD header size and RMPP header length, data_len | |
| CVE-2025-71238 | — | < 6.12.0-124.47.1.el10_1 | 6.12.0-124.47.1.el10_1 | Mar 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access | ||
| CVE-2026-23231 | Hig | 7.8 | < 5.14.0-611.47.1.el9_7 | 5.14.0-611.47.1.el9_7 | Mar 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() nf_tables_addchain() publishes the chain to table->chains via list_add_tail_rcu() (in nft_chain_add()) before registering hooks. If nf_tables_reg | |
| CVE-2026-23216 | — | < 5.14.0-687.15.1.el9_8 | 5.14.0-687.15.1.el9_8 | Feb 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked | ||
| CVE-2026-23210 | Med | 4.7 | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi->rx_rings. The sequence was: 1. ice_ptp_prepare_for_reset | |
| CVE-2026-23209 | Hig | 7.8 | < 5.14.0-611.45.1.el9_7 | 5.14.0-611.45.1.el9_7 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip l | |
| CVE-2026-23204 | Hig | 7.1 | < 5.14.0-687.10.1.el9_8 | 5.14.0-687.10.1.el9_8 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro f | |
| CVE-2026-23193 | Hig | 8.8 | < 5.14.0-611.45.1.el9_7 | 5.14.0-611.45.1.el9_7 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the connecti | |
| CVE-2026-23191 | Hig | 7.8 | < 5.14.0-611.45.1.el9_7 | 5.14.0-611.45.1.el9_7 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop | |
| CVE-2026-23171 | Hig | 7.8 | < 5.14.0-611.45.1.el9_7 | 5.14.0-611.45.1.el9_7 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update Fix a use-after-free which happens due to enslave failure after the new slave has been added to the array. Since the new slave can be use | |
| CVE-2026-23136 | Hig | 7.5 | < 5.14.0-611.54.1.el9_7 | 5.14.0-611.54.1.el9_7 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply | |
| CVE-2026-23156 | — | < 6.12.0-124.43.1.el10_1 | 6.12.0-124.43.1.el10_1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get() efivar_entry_get() always returns success even if the underlying __efivar_entry_get() fails, masking errors. This may result in uninitialized heap memory b | ||
| CVE-2026-23144 | — | < 5.14.0-611.45.1.el9_7 | 5.14.0-611.45.1.el9_7 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure When a context DAMON sysfs directory setup is failed after setup of attrs/ directory, subdirectories of attrs/ directory are not cleaned up. A | ||
| CVE-2026-23111 | Hig | 7.8 | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Feb 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate() | |
| CVE-2026-23040 | — | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This could result in a NULL poi | ||
| CVE-2026-23097 | — | < 5.14.0-611.36.1.el9_7 | 5.14.0-611.36.1.el9_7 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Holds folio_lock, then tries to acquire i_mmap_rwsem(read lock). 2) Task (5754): Hol | ||
| CVE-2026-23060 | — | < 6.12.0-211.7.3.el10_2 | 6.12.0-211.7.3.el10_2 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() | ||
| CVE-2026-23010 | Hig | 7.8 | < 6.12.0-124.45.1.el10_1 | 6.12.0-124.45.1.el10_1 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited commit accidentally moved ipv6_del_addr() for mngtmpaddr before reading its ifp-> | |
| CVE-2026-23001 | Hig | 7.8 | < 5.14.0-611.38.1.el9_7 | 5.14.0-611.38.1.el9_7 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace | |
| CVE-2026-22998 | Hig | 7.5 | < 5.14.0-611.34.1.el9_7 | 5.14.0-611.34.1.el9_7 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec Commit efa56305908b ("nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length") added ttag bounds checking and data_offset va |
- affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD header sizes. With a mismatched user MAD header size and RMPP header length, data_len
- CVE-2025-71238Mar 4, 2026affected < 6.12.0-124.47.1.el10_1fixed 6.12.0-124.47.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access
- affected < 5.14.0-611.47.1.el9_7fixed 5.14.0-611.47.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() nf_tables_addchain() publishes the chain to table->chains via list_add_tail_rcu() (in nft_chain_add()) before registering hooks. If nf_tables_reg
- CVE-2026-23216Feb 18, 2026affected < 5.14.0-687.15.1.el9_8fixed 5.14.0-687.15.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked
- affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi->rx_rings. The sequence was: 1. ice_ptp_prepare_for_reset
- affected < 5.14.0-611.45.1.el9_7fixed 5.14.0-611.45.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip l
- affected < 5.14.0-687.10.1.el9_8fixed 5.14.0-687.10.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro f
- affected < 5.14.0-611.45.1.el9_7fixed 5.14.0-611.45.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the connecti
- affected < 5.14.0-611.45.1.el9_7fixed 5.14.0-611.45.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop
- affected < 5.14.0-611.45.1.el9_7fixed 5.14.0-611.45.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update Fix a use-after-free which happens due to enslave failure after the new slave has been added to the array. Since the new slave can be use
- affected < 5.14.0-611.54.1.el9_7fixed 5.14.0-611.54.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply
- CVE-2026-23156Feb 14, 2026affected < 6.12.0-124.43.1.el10_1fixed 6.12.0-124.43.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get() efivar_entry_get() always returns success even if the underlying __efivar_entry_get() fails, masking errors. This may result in uninitialized heap memory b
- CVE-2026-23144Feb 14, 2026affected < 5.14.0-611.45.1.el9_7fixed 5.14.0-611.45.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure When a context DAMON sysfs directory setup is failed after setup of attrs/ directory, subdirectories of attrs/ directory are not cleaned up. A
- affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate()
- CVE-2026-23040Feb 4, 2026affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This could result in a NULL poi
- CVE-2026-23097Feb 4, 2026affected < 5.14.0-611.36.1.el9_7fixed 5.14.0-611.36.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Holds folio_lock, then tries to acquire i_mmap_rwsem(read lock). 2) Task (5754): Hol
- CVE-2026-23060Feb 4, 2026affected < 6.12.0-211.7.3.el10_2fixed 6.12.0-211.7.3.el10_2
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt()
- affected < 6.12.0-124.45.1.el10_1fixed 6.12.0-124.45.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited commit accidentally moved ipv6_del_addr() for mngtmpaddr before reading its ifp->
- affected < 5.14.0-611.38.1.el9_7fixed 5.14.0-611.38.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace
- affected < 5.14.0-611.34.1.el9_7fixed 5.14.0-611.34.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec Commit efa56305908b ("nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length") added ttag bounds checking and data_offset va
Page 5 of 24