rpm package

almalinux/kernel-rt-64k-modules

pkg:rpm/almalinux/kernel-rt-64k-modules

Vulnerabilities (355)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-40258	—	< 5.14.0-611.26.1.el9_7	5.14.0-611.26.1.el9_7	Dec 4, 2025	In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is that mptcp_schedule_work() schedules a work, then gets a refcount on sk->sk_refcnt i
CVE-2025-40249	—	< 6.12.0-124.43.1.el10_1	6.12.0-124.43.1.el10_1	Dec 4, 2025	In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: make sure the cdev fd is still active before emitting events With the final call to fput() on a file descriptor, the release action may be deferred and scheduled on a work queue. The reference count
CVE-2025-40248	—	< 5.14.0-611.26.1.el9_7	5.14.0-611.26.1.el9_7	Dec 4, 2025	In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock
CVE-2025-40240	—	< 5.14.0-611.20.1.el9_7	5.14.0-611.20.1.el9_7	Dec 4, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk->skb can only be NULL if chunk->head_skb is not. Che
CVE-2025-40251	—	< 5.14.0-611.27.1.el9_7	5.14.0-611.27.1.el9_7	Dec 4, 2025	In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy The function devl_rate_nodes_destroy is documented to "Unset parent for all rate objects". However, it was only calling the driver-specific `rate_l
CVE-2025-40185	—	< 5.14.0-611.11.1.el9_7	5.14.0-611.11.1.el9_7	Nov 12, 2025	In the Linux kernel, the following vulnerability has been resolved: ice: ice_adapter: release xa entry on adapter allocation failure When ice_adapter_new() fails, the reserved XArray entry created by xa_insert() is not released. This causes subsequent insertions at the same ind
CVE-2025-40176	—	< 5.14.0-611.16.1.el9_7	5.14.0-611.16.1.el9_7	Nov 12, 2025	In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tls_strp_msg_hold fails Async decryption calls tls_strp_msg_hold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate th
CVE-2025-40170	—	< 6.12.0-124.31.1.el10_1	6.12.0-124.31.1.el10_1	Nov 12, 2025	In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(), and ip_dst_mtu_maybe_for
CVE-2025-40168	—	< 6.12.0-124.39.1.el10_1	6.12.0-124.39.1.el10_1	Nov 12, 2025	In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk
CVE-2025-40158	—	< 6.12.0-124.31.1.el10_1	6.12.0-124.31.1.el10_1	Nov 12, 2025	In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2().
CVE-2025-40154	—	< 5.14.0-611.27.1.el9_7	5.14.0-611.27.1.el9_7	Nov 12, 2025	In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxect
CVE-2025-40141	—	< 5.14.0-611.30.1.el9_7	5.14.0-611.30.1.el9_7	Nov 12, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix possible UAF on iso_conn_free This attempt to fix similar issue to sco_conn_free where if the conn->sk is not set to NULL may lead to UAF on iso_conn_free.
CVE-2025-40135	—	< 6.12.0-124.31.1.el10_1	6.12.0-124.31.1.el10_1	Nov 12, 2025	In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_xmit() Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF.
CVE-2025-40133	—	< 6.12.0-124.35.1.el10_1	6.12.0-124.35.1.el10_1	Nov 12, 2025	In the Linux kernel, the following vulnerability has been resolved: mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). mptcp_active_enable() is called from subflow_finish_connect(), which is icsk->icsk_af_ops->sk_rx_dst_set() and it's not always under RCU. U
CVE-2025-40096	—	< 6.12.0-124.39.1.el10_1	6.12.0-124.39.1.el10_1	Oct 30, 2025	In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies When adding dependencies with drm_sched_job_add_dependency(), that function consumes the fence reference both on success and failure,
CVE-2025-40064	—	< 6.12.0-124.38.1.el10_1	6.12.0-124.38.1.el10_1	Oct 28, 2025	In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in __pnet_find_base_ndev(). syzbot reported use-after-free of net_device in __pnet_find_base_ndev(), which was called during connect(). [0] smc_pnet_find_ism_resource() fetches sk_dst_g
CVE-2025-40058	—	< 5.14.0-611.11.1.el9_7	5.14.0-611.11.1.el9_7	Oct 28, 2025	In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent page walk Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation to succeed, the paging- st
CVE-2025-40047	—	< 6.12.0-124.20.1.el10_1	6.12.0-124.20.1.el10_1	Oct 28, 2025	In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress,
CVE-2025-39984	—	< 6.12.0-124.21.1.el10_1	6.12.0-124.21.1.el10_1	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi->skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skb_reset_mac_header include/linux/skbuff.h:3150 [inline] BUG: KASAN: slab-use-after-free in n
CVE-2025-39983	—	< 6.12.0-124.20.1.el10_1	6.12.0-124.20.1.el10_1	Oct 15, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not properly locking hdev when processing HCI_EV_NUM_COMP_PKTS: BUG: KASAN: slab-use-after-free in hci_conn_tx_dequeu

CVE-2025-40258Dec 4, 2025
affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is that mptcp_schedule_work() schedules a work, then gets a refcount on sk->sk_refcnt i
CVE-2025-40249Dec 4, 2025
affected < 6.12.0-124.43.1.el10_1fixed 6.12.0-124.43.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: make sure the cdev fd is still active before emitting events With the final call to fput() on a file descriptor, the release action may be deferred and scheduled on a work queue. The reference count
CVE-2025-40248Dec 4, 2025
affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock
CVE-2025-40240Dec 4, 2025
affected < 5.14.0-611.20.1.el9_7fixed 5.14.0-611.20.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk->skb can only be NULL if chunk->head_skb is not. Che
CVE-2025-40251Dec 4, 2025
affected < 5.14.0-611.27.1.el9_7fixed 5.14.0-611.27.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy The function devl_rate_nodes_destroy is documented to "Unset parent for all rate objects". However, it was only calling the driver-specific `rate_l
CVE-2025-40185Nov 12, 2025
affected < 5.14.0-611.11.1.el9_7fixed 5.14.0-611.11.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: ice: ice_adapter: release xa entry on adapter allocation failure When ice_adapter_new() fails, the reserved XArray entry created by xa_insert() is not released. This causes subsequent insertions at the same ind
CVE-2025-40176Nov 12, 2025
affected < 5.14.0-611.16.1.el9_7fixed 5.14.0-611.16.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tls_strp_msg_hold fails Async decryption calls tls_strp_msg_hold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate th
CVE-2025-40170Nov 12, 2025
affected < 6.12.0-124.31.1.el10_1fixed 6.12.0-124.31.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(), and ip_dst_mtu_maybe_for
CVE-2025-40168Nov 12, 2025
affected < 6.12.0-124.39.1.el10_1fixed 6.12.0-124.39.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). smc_clc_prfx_match() is called from smc_listen_work() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk
CVE-2025-40158Nov 12, 2025
affected < 6.12.0-124.31.1.el10_1fixed 6.12.0-124.31.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. We can remove rcu_read_lock()/rcu_read_unlock() pairs from ip6_finish_output2().
CVE-2025-40154Nov 12, 2025
affected < 5.14.0-611.27.1.el9_7fixed 5.14.0-611.27.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxect
CVE-2025-40141Nov 12, 2025
affected < 5.14.0-611.30.1.el9_7fixed 5.14.0-611.30.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix possible UAF on iso_conn_free This attempt to fix similar issue to sco_conn_free where if the conn->sk is not set to NULL may lead to UAF on iso_conn_free.
CVE-2025-40135Nov 12, 2025
affected < 6.12.0-124.31.1.el10_1fixed 6.12.0-124.31.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_xmit() Use RCU in ip6_xmit() in order to use dst_dev_rcu() to prevent possible UAF.
CVE-2025-40133Nov 12, 2025
affected < 6.12.0-124.35.1.el10_1fixed 6.12.0-124.35.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). mptcp_active_enable() is called from subflow_finish_connect(), which is icsk->icsk_af_ops->sk_rx_dst_set() and it's not always under RCU. U
CVE-2025-40096Oct 30, 2025
affected < 6.12.0-124.39.1.el10_1fixed 6.12.0-124.39.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies When adding dependencies with drm_sched_job_add_dependency(), that function consumes the fence reference both on success and failure,
CVE-2025-40064Oct 28, 2025
affected < 6.12.0-124.38.1.el10_1fixed 6.12.0-124.38.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in __pnet_find_base_ndev(). syzbot reported use-after-free of net_device in __pnet_find_base_ndev(), which was called during connect(). [0] smc_pnet_find_ism_resource() fetches sk_dst_g
CVE-2025-40058Oct 28, 2025
affected < 5.14.0-611.11.1.el9_7fixed 5.14.0-611.11.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent page walk Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation to succeed, the paging- st
CVE-2025-40047Oct 28, 2025
affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress,
CVE-2025-39984Oct 15, 2025
affected < 6.12.0-124.21.1.el10_1fixed 6.12.0-124.21.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi->skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skb_reset_mac_header include/linux/skbuff.h:3150 [inline] BUG: KASAN: slab-use-after-free in n
CVE-2025-39983Oct 15, 2025
affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not properly locking hdev when processing HCI_EV_NUM_COMP_PKTS: BUG: KASAN: slab-use-after-free in hci_conn_tx_dequeu

Page 3 of 18