rpm package
almalinux/kernel-rt-core
pkg:rpm/almalinux/kernel-rt-core
Vulnerabilities (1,061)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52448 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Feb 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Syzkaller has reported a NULL pointer dereference when accessing rgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating rgd->rd_gl fails in r | ||
| CVE-2023-52445 | — | < 4.18.0-553.5.1.rt7.346.el8_10 | 4.18.0-553.5.1.rt7.346.el8_10 | Feb 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on t | ||
| CVE-2024-26586 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Feb 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn, | ||
| CVE-2024-26585 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Feb 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling | ||
| CVE-2024-26584 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Feb 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRES | ||
| CVE-2024-26583 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Feb 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touch | ||
| CVE-2024-26582 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Feb 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-a | ||
| CVE-2023-52439 | — | < 5.14.0-427.37.1.el9_4 | 5.14.0-427.37.1.el9_4 | Feb 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_device uio_open idev = idr_find() device_unregister(&idev->dev) put_device(&idev- | ||
| CVE-2023-52434 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Feb 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create cont | ||
| CVE-2024-26581 | — | < 5.14.0-427.33.1.el9_4 | 5.14.0-427.33.1.el9_4 | Feb 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not | ||
| CVE-2024-25739 | Med | 5.5 | < 4.18.0-553.16.1.rt7.357.el8_10 | 4.18.0-553.16.1.rt7.357.el8_10 | Feb 12, 2024 | create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. | |
| CVE-2024-25744 | — | < 4.18.0-553.5.1.rt7.346.el8_10 | 4.18.0-553.5.1.rt7.346.el8_10 | Feb 12, 2024 | In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. | ||
| CVE-2024-24857 | Med | 4.6 | < 4.18.0-553.27.1.rt7.368.el8_10 | 4.18.0-553.27.1.rt7.368.el8_10 | Feb 5, 2024 | A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service. | |
| CVE-2023-6240 | — | < 5.14.0-427.16.1.el9_4 | 5.14.0-427.16.1.el9_4 | Feb 4, 2024 | A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key. | ||
| CVE-2024-1086 | — | KEV | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Jan 31, 2024 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cau | |
| CVE-2024-1085 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Jan 31, 2024 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the | ||
| CVE-2024-0841 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Jan 28, 2024 | A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. | ||
| CVE-2024-23307 | Med | 4.4 | < 4.18.0-553.5.1.rt7.346.el8_10 | 4.18.0-553.5.1.rt7.346.el8_10 | Jan 25, 2024 | Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow. | |
| CVE-2023-51043 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Jan 23, 2024 | In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. | ||
| CVE-2023-6531 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Jan 21, 2024 | A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. |
- CVE-2023-52448Feb 22, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Syzkaller has reported a NULL pointer dereference when accessing rgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating rgd->rd_gl fails in r
- CVE-2023-52445Feb 22, 2024affected < 4.18.0-553.5.1.rt7.346.el8_10fixed 4.18.0-553.5.1.rt7.346.el8_10
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on t
- CVE-2024-26586Feb 22, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn,
- CVE-2024-26585Feb 21, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling
- CVE-2024-26584Feb 21, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRES
- CVE-2024-26583Feb 21, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touch
- CVE-2024-26582Feb 21, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-a
- CVE-2023-52439Feb 20, 2024affected < 5.14.0-427.37.1.el9_4fixed 5.14.0-427.37.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_device uio_open idev = idr_find() device_unregister(&idev->dev) put_device(&idev-
- CVE-2023-52434Feb 20, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create cont
- CVE-2024-26581Feb 20, 2024affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not
- affected < 4.18.0-553.16.1.rt7.357.el8_10fixed 4.18.0-553.16.1.rt7.357.el8_10
create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.
- CVE-2024-25744Feb 12, 2024affected < 4.18.0-553.5.1.rt7.346.el8_10fixed 4.18.0-553.5.1.rt7.346.el8_10
In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.
- affected < 4.18.0-553.27.1.rt7.368.el8_10fixed 4.18.0-553.27.1.rt7.368.el8_10
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
- CVE-2023-6240Feb 4, 2024affected < 5.14.0-427.16.1.el9_4fixed 5.14.0-427.16.1.el9_4
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.
- affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cau
- CVE-2024-1085Jan 31, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the
- CVE-2024-0841Jan 28, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
- affected < 4.18.0-553.5.1.rt7.346.el8_10fixed 4.18.0-553.5.1.rt7.346.el8_10
Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.
- CVE-2023-51043Jan 23, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.
- CVE-2023-6531Jan 21, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.
Page 45 of 54