rpm package
almalinux/kernel-rt-debug
pkg:rpm/almalinux/kernel-rt-debug
Vulnerabilities (1,061)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-41060 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bo_va->bo is non-NULL before using it The call to radeon_vm_clear_freed might clear bo_va->bo, so we have to check it before dereferencing it. | ||
| CVE-2024-41056 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Use strnlen() instead of strlen() on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-termin | ||
| CVE-2024-41055 | — | < 5.14.0-427.35.1.el9_4 | 5.14.0-427.35.1.el9_4 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfn_section_valid() Commit 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing memory_section->usage") changed pfn_section_valid() to add a READ_ONCE() call around "ms->usage" | ||
| CVE-2024-41044 | — | < 5.14.0-427.35.1.el9_4 | 5.14.0-427.35.1.el9_4 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual | ||
| CVE-2024-41042 | — | < 4.18.0-553.27.1.rt7.368.el8_10 | 4.18.0-553.27.1.rt7.368.el8_10 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prefer nft_chain_validate nft_chain_validate already performs loop detection because a cycle will result in a call stack overflow (ctx->level >= NFT_JUMP_STACK_SIZE). It also follows maps | ||
| CVE-2024-41041 | — | < 5.14.0-427.33.1.el9_4 | 5.14.0-427.33.1.el9_4 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). syzkaller triggered the warning [0] in udp_v4_early_demux(). In udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcount of the looked-up sk a | ||
| CVE-2024-41040 | — | < 5.14.0-427.35.1.el9_4 | 5.14.0-427.35.1.el9_4 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct] Read of size 1 at addr ffff888c07603600 by ta | ||
| CVE-2024-41039 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmw | ||
| CVE-2024-41038 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length | ||
| CVE-2024-41035 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore (see the Closes: tag below) caused by our assumption that the reserved bits in an endpoin | ||
| CVE-2024-41014 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed members of xlog_op_header in the xlog_recover_process_data. We can create a crafted image to | ||
| CVE-2024-41013 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry to make sure don't stray beyond valid memory region. Before patching, the loop simp | ||
| CVE-2024-41091 | — | < 5.14.0-427.33.1.el9_4 | 5.14.0-427.33.1.el9_4 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tun_xdp_one() path, which could cause a corrupted skb to be sent downstack. Even be | ||
| CVE-2024-41090 | — | < 5.14.0-427.33.1.el9_4 | 5.14.0-427.33.1.el9_4 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack. Ev | ||
| CVE-2024-41012 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | Jul 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait | ||
| CVE-2024-41009 | — | < 5.14.0-503.15.1.el9_5 | 5.14.0-503.15.1.el9_5 | Jul 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer coun | ||
| CVE-2022-48866 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts Syzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug. The root case is in missing validation check of actual number of endpoints. | ||
| CVE-2022-48836 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint. | ||
| CVE-2022-48830 | — | < 5.14.0-611.5.1.el9_7 | 5.14.0-611.5.1.el9_7 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix potential CAN frame reception race in isotp_rcv() When receiving a CAN frame the current code logic does not consider concurrently receiving processes which do not show up in real world usage. | ||
| CVE-2022-48804 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer |
- CVE-2024-41060Jul 29, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bo_va->bo is non-NULL before using it The call to radeon_vm_clear_freed might clear bo_va->bo, so we have to check it before dereferencing it.
- CVE-2024-41056Jul 29, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Use strnlen() instead of strlen() on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-termin
- CVE-2024-41055Jul 29, 2024affected < 5.14.0-427.35.1.el9_4fixed 5.14.0-427.35.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfn_section_valid() Commit 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing memory_section->usage") changed pfn_section_valid() to add a READ_ONCE() call around "ms->usage"
- CVE-2024-41044Jul 29, 2024affected < 5.14.0-427.35.1.el9_4fixed 5.14.0-427.35.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual
- CVE-2024-41042Jul 29, 2024affected < 4.18.0-553.27.1.rt7.368.el8_10fixed 4.18.0-553.27.1.rt7.368.el8_10
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prefer nft_chain_validate nft_chain_validate already performs loop detection because a cycle will result in a call stack overflow (ctx->level >= NFT_JUMP_STACK_SIZE). It also follows maps
- CVE-2024-41041Jul 29, 2024affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). syzkaller triggered the warning [0] in udp_v4_early_demux(). In udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcount of the looked-up sk a
- CVE-2024-41040Jul 29, 2024affected < 5.14.0-427.35.1.el9_4fixed 5.14.0-427.35.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct] Read of size 1 at addr ffff888c07603600 by ta
- CVE-2024-41039Jul 29, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmw
- CVE-2024-41038Jul 29, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length
- CVE-2024-41035Jul 29, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore (see the Closes: tag below) caused by our assumption that the reserved bits in an endpoin
- CVE-2024-41014Jul 29, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed members of xlog_op_header in the xlog_recover_process_data. We can create a crafted image to
- CVE-2024-41013Jul 29, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry to make sure don't stray beyond valid memory region. Before patching, the loop simp
- CVE-2024-41091Jul 29, 2024affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tun_xdp_one() path, which could cause a corrupted skb to be sent downstack. Even be
- CVE-2024-41090Jul 29, 2024affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack. Ev
- CVE-2024-41012Jul 23, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait
- CVE-2024-41009Jul 17, 2024affected < 5.14.0-503.15.1.el9_5fixed 5.14.0-503.15.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer coun
- CVE-2022-48866Jul 16, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts Syzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug. The root case is in missing validation check of actual number of endpoints.
- CVE-2022-48836Jul 16, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint.
- CVE-2022-48830Jul 16, 2024affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix potential CAN frame reception race in isotp_rcv() When receiving a CAN frame the current code logic does not consider concurrently receiving processes which do not show up in real world usage.
- CVE-2022-48804Jul 16, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer
Page 25 of 54