rpm package
almalinux/kernel-rt-debug
pkg:rpm/almalinux/kernel-rt-debug
Vulnerabilities (1,061)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-47466 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential memoryleak in kmem_cache_open() In error path, the random_seq of slub cache might be leaked. Fix this by using __kmem_cache_release() to release all the relevant resources. | ||
| CVE-2021-47459 | — | < 5.14.0-427.28.1.el9_4 | 5.14.0-427.28.1.el9_4 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv It will trigger UAF for rx_kref of j1939_priv as following. cpu0 cpu1 j1939_sk_bind(socket0, ndev0 | ||
| CVE-2021-47456 | — | < 4.18.0-553.8.1.rt7.349.el8_10 | 4.18.0-553.8.1.rt7.349.el8_10 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: can: peak_pci: peak_pci_remove(): fix UAF When remove the module peek_pci, referencing 'chan' again after releasing 'dev' will cause UAF. Fix this by releasing 'dev' later. The following log reveals it: [ | ||
| CVE-2021-47455 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: ptp: Fix possible memory leak in ptp_clock_register() I got memory leak as follows when doing fault injection test: unreferenced object 0xffff88800906c618 (size 8): comm "i2c-idt82p33931", pid 4421, jiffies | ||
| CVE-2021-47441 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type m | ||
| CVE-2023-52878 | — | < 4.18.0-553.8.1.rt7.349.el8_10 | 4.18.0-553.8.1.rt7.349.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds If the "struct can_priv::echoo_skb" is accessed out of bounds, this would cause a kernel crash. Instead, issue a | ||
| CVE-2023-52877 | — | < 4.18.0-553.8.1.rt7.349.el8_10 | 4.18.0-553.8.1.rt7.349.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() It is possible that typec_register_partner() returns ERR_PTR on failure. When port->partner is an error, a NULL pointer dereference may occur as | ||
| CVE-2023-52864 | — | < 4.18.0-553.16.1.rt7.357.el8_10 | 4.18.0-553.16.1.rt7.357.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, whi | ||
| CVE-2023-52845 | — | < 4.18.0-553.16.1.rt7.357.el8_10 | 4.18.0-553.16.1.rt7.357.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in | ||
| CVE-2023-52840 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees "fn" so the dereference on the next line "fn->num_of_irqs" is a use after free. | ||
| CVE-2023-52835 | — | < 4.18.0-553.8.1.rt7.349.el8_10 | 4.18.0-553.8.1.rt7.349.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: perf/core: Bail out early if the request AUX area is out of bound When perf-record with a large AUX area, e.g 4GB, it fails with: #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1 failed to mmap with | ||
| CVE-2023-52834 | — | < 4.18.0-553.16.1.rt7.357.el8_10 | 4.18.0-553.16.1.rt7.357.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: atl1c: Work around the DMA RX overflow issue This is based on alx driver commit 881d0327db37 ("net: alx: Work around the DMA RX overflow issue"). The alx and atl1c drivers had RX overflow error which was why a | ||
| CVE-2023-52832 | — | < 4.18.0-553.16.1.rt7.357.el8_10 | 4.18.0-553.16.1.rt7.357.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211_get_tx_power() We can get a UBSAN warning if ieee80211_get_tx_power() returns the INT_MIN value mac80211 internally uses for "unset power level". UBSAN: s | ||
| CVE-2023-52817 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL In certain types of chips, such as VEGA20, reading the amdgpu_regs_smc file could result in an abnormal null pointer access when the smc_r | ||
| CVE-2023-52813 | — | < 4.18.0-553.8.1.rt7.349.el8_10 | 4.18.0-553.8.1.rt7.349.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATA_RESET We found a hungtask bug in test_aead_vec_cfg as follows: INFO: task cryptomgr_test:391009 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_ | ||
| CVE-2023-52809 | — | < 5.14.0-427.28.1.el9_4 | 5.14.0-427.28.1.el9_4 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() fc_lport_ptp_setup() did not check the return value of fc_rport_create() which can return NULL and would cause a NULL pointer derefere | ||
| CVE-2023-52803 | — | < 4.18.0-553.16.1.rt7.357.el8_10 | 4.18.0-553.16.1.rt7.357.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix RPC client cleaned up the freed pipefs dentries RPC client pipefs dentries cleanup is in separated rpc_remove_pipedir() workqueue,which takes care about pipefs superblock locking. In some special sc | ||
| CVE-2023-52801 | — | < 5.14.0-427.35.1.el9_4 | 5.14.0-427.35.1.el9_4 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled a domain and is linked to domains_itree, pages_nodes have to be properly reinser | ||
| CVE-2023-52791 | — | < 4.18.0-553.16.1.rt7.357.el8_10 | 4.18.0-553.16.1.rt7.357.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is disabled. However, non-atomic i2c transfers require preemption (e.g. in wait_for_completion() w | ||
| CVE-2023-52781 | — | < 4.18.0-553.8.1.rt7.349.el8_10 | 4.18.0-553.8.1.rt7.349.el8_10 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usb_get_bos_descriptor()' The BOS descriptor defines a root descriptor and is the base descriptor for accessing a family of related descriptors. Function 'usb_get_bos_descr |
- CVE-2021-47466May 22, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential memoryleak in kmem_cache_open() In error path, the random_seq of slub cache might be leaked. Fix this by using __kmem_cache_release() to release all the relevant resources.
- CVE-2021-47459May 22, 2024affected < 5.14.0-427.28.1.el9_4fixed 5.14.0-427.28.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv It will trigger UAF for rx_kref of j1939_priv as following. cpu0 cpu1 j1939_sk_bind(socket0, ndev0
- CVE-2021-47456May 22, 2024affected < 4.18.0-553.8.1.rt7.349.el8_10fixed 4.18.0-553.8.1.rt7.349.el8_10
In the Linux kernel, the following vulnerability has been resolved: can: peak_pci: peak_pci_remove(): fix UAF When remove the module peek_pci, referencing 'chan' again after releasing 'dev' will cause UAF. Fix this by releasing 'dev' later. The following log reveals it: [
- CVE-2021-47455May 22, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: ptp: Fix possible memory leak in ptp_clock_register() I got memory leak as follows when doing fault injection test: unreferenced object 0xffff88800906c618 (size 8): comm "i2c-idt82p33931", pid 4421, jiffies
- CVE-2021-47441May 22, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type m
- CVE-2023-52878May 21, 2024affected < 4.18.0-553.8.1.rt7.349.el8_10fixed 4.18.0-553.8.1.rt7.349.el8_10
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds If the "struct can_priv::echoo_skb" is accessed out of bounds, this would cause a kernel crash. Instead, issue a
- CVE-2023-52877May 21, 2024affected < 4.18.0-553.8.1.rt7.349.el8_10fixed 4.18.0-553.8.1.rt7.349.el8_10
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() It is possible that typec_register_partner() returns ERR_PTR on failure. When port->partner is an error, a NULL pointer dereference may occur as
- CVE-2023-52864May 21, 2024affected < 4.18.0-553.16.1.rt7.357.el8_10fixed 4.18.0-553.16.1.rt7.357.el8_10
In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, whi
- CVE-2023-52845May 21, 2024affected < 4.18.0-553.16.1.rt7.357.el8_10fixed 4.18.0-553.16.1.rt7.357.el8_10
In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in
- CVE-2023-52840May 21, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees "fn" so the dereference on the next line "fn->num_of_irqs" is a use after free.
- CVE-2023-52835May 21, 2024affected < 4.18.0-553.8.1.rt7.349.el8_10fixed 4.18.0-553.8.1.rt7.349.el8_10
In the Linux kernel, the following vulnerability has been resolved: perf/core: Bail out early if the request AUX area is out of bound When perf-record with a large AUX area, e.g 4GB, it fails with: #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1 failed to mmap with
- CVE-2023-52834May 21, 2024affected < 4.18.0-553.16.1.rt7.357.el8_10fixed 4.18.0-553.16.1.rt7.357.el8_10
In the Linux kernel, the following vulnerability has been resolved: atl1c: Work around the DMA RX overflow issue This is based on alx driver commit 881d0327db37 ("net: alx: Work around the DMA RX overflow issue"). The alx and atl1c drivers had RX overflow error which was why a
- CVE-2023-52832May 21, 2024affected < 4.18.0-553.16.1.rt7.357.el8_10fixed 4.18.0-553.16.1.rt7.357.el8_10
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211_get_tx_power() We can get a UBSAN warning if ieee80211_get_tx_power() returns the INT_MIN value mac80211 internally uses for "unset power level". UBSAN: s
- CVE-2023-52817May 21, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL In certain types of chips, such as VEGA20, reading the amdgpu_regs_smc file could result in an abnormal null pointer access when the smc_r
- CVE-2023-52813May 21, 2024affected < 4.18.0-553.8.1.rt7.349.el8_10fixed 4.18.0-553.8.1.rt7.349.el8_10
In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix hungtask for PADATA_RESET We found a hungtask bug in test_aead_vec_cfg as follows: INFO: task cryptomgr_test:391009 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_
- CVE-2023-52809May 21, 2024affected < 5.14.0-427.28.1.el9_4fixed 5.14.0-427.28.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() fc_lport_ptp_setup() did not check the return value of fc_rport_create() which can return NULL and would cause a NULL pointer derefere
- CVE-2023-52803May 21, 2024affected < 4.18.0-553.16.1.rt7.357.el8_10fixed 4.18.0-553.16.1.rt7.357.el8_10
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix RPC client cleaned up the freed pipefs dentries RPC client pipefs dentries cleanup is in separated rpc_remove_pipedir() workqueue,which takes care about pipefs superblock locking. In some special sc
- CVE-2023-52801May 21, 2024affected < 5.14.0-427.35.1.el9_4fixed 5.14.0-427.35.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix missing update of domains_itree after splitting iopt_area In iopt_area_split(), if the original iopt_area has filled a domain and is linked to domains_itree, pages_nodes have to be properly reinser
- CVE-2023-52791May 21, 2024affected < 4.18.0-553.16.1.rt7.357.el8_10fixed 4.18.0-553.16.1.rt7.357.el8_10
In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is disabled. However, non-atomic i2c transfers require preemption (e.g. in wait_for_completion() w
- CVE-2023-52781May 21, 2024affected < 4.18.0-553.8.1.rt7.349.el8_10fixed 4.18.0-553.8.1.rt7.349.el8_10
In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usb_get_bos_descriptor()' The BOS descriptor defines a root descriptor and is the base descriptor for accessing a family of related descriptors. Function 'usb_get_bos_descr
Page 32 of 54