VYPR

rpm package

almalinux/kernel-rt-64k-debug-modules

pkg:rpm/almalinux/kernel-rt-64k-debug-modules

Vulnerabilities (462)

  • CVE-2026-22990HigJan 23, 2026
    affected < 5.14.0-687.10.1.el9_8fixed 5.14.0-687.10.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. In

  • CVE-2026-22984CriJan 23, 2026
    affected < 5.14.0-687.10.1.el9_8fixed 5.14.0-687.10.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ]

  • CVE-2025-71116Jan 14, 2026
    affected < 5.14.0-687.10.1.el9_8fixed 5.14.0-687.10.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is expected for a particular

  • CVE-2025-71089HigJan 13, 2026
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA).

  • CVE-2025-68811Jan 13, 2026
    affected < 5.14.0-611.34.1.el9_7fixed 5.14.0-611.34.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rc_pageoff for memcpy byte offset svc_rdma_copy_inline_range added rc_curpage (page index) to the page base instead of the byte offset rc_pageoff. Use rc_pageoff so copies land within the current p

  • CVE-2025-68800Jan 13, 2026
    affected < 5.14.0-611.41.1.el9_7fixed 5.14.0-611.41.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver

  • CVE-2025-71085Jan 13, 2026
    affected < 5.14.0-611.36.1.el9_7fixed 5.14.0-611.36.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of t

  • CVE-2025-68741Dec 24, 2025
    affected < 5.14.0-687.10.1.el9_8fixed 5.14.0-687.10.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(). The qla24xx_alloc_pur

  • CVE-2025-68724Dec 24, 2025
    affected < 6.12.0-211.16.1.el10_2fixed 6.12.0-211.16.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_k

  • CVE-2025-68366Dec 24, 2025
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK: nbd_genl_connect nbd_alloc_and_init_config // config_refs=1 nbd_start_devic

  • CVE-2025-68349Dec 24, 2025
    affected < 5.14.0-611.34.1.el9_7fixed 5.14.0-611.34.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs

  • CVE-2025-68305Dec 16, 2025
    affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmt_pending before write iter se

  • CVE-2025-68301Dec 16, 2025
    affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAX_SKB_FRAGS (17) fragments when handling large multi-descriptor packets. This causes an out-of-b

  • CVE-2025-68287Dec 16, 2025
    affected < 5.14.0-611.24.1.el9_7fixed 5.14.0-611.24.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths This patch addresses a race condition caused by unsynchronized execution of multiple call paths invoking `dwc3_remove_requests(

  • CVE-2025-68285Dec 16, 2025
    affected < 5.14.0-611.24.1.el9_7fixed 5.14.0-611.24.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both

  • CVE-2025-68183Dec 16, 2025
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in se

  • CVE-2025-40322Dec 8, 2025
    affected < 5.14.0-611.34.1.el9_7fixed 5.14.0-611.34.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bit_putcs* bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and

  • CVE-2025-40320Dec 8, 2025
    affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential cfid UAF in smb2_query_info_compound When smb2_query_info_compound() retries, a previously allocated cfid may have been freed in the first attempt. Because cfid wasn't reset on replay

  • CVE-2025-40318Dec 8, 2025
    affected < 5.14.0-611.30.1.el9_7fixed 5.14.0-611.30.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once hci_cmd_sync_dequeue_once() does lookup and then cancel the entry under two separate lock sections. Meanwhile, hci_cmd_sync_work() can also delete the

  • CVE-2025-40304Dec 8, 2025
    affected < 5.14.0-611.34.1.el9_7fixed 5.14.0-611.34.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is of

Page 6 of 24