VYPR

rpm package

almalinux/kernel-rt-devel

pkg:rpm/almalinux/kernel-rt-devel

Vulnerabilities (1,164)

  • CVE-2025-68811Jan 13, 2026
    affected < 5.14.0-611.34.1.el9_7fixed 5.14.0-611.34.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rc_pageoff for memcpy byte offset svc_rdma_copy_inline_range added rc_curpage (page index) to the page base instead of the byte offset rc_pageoff. Use rc_pageoff so copies land within the current p

  • CVE-2025-68800Jan 13, 2026
    affected < 4.18.0-553.107.1.rt7.448.el8_10fixed 4.18.0-553.107.1.rt7.448.el8_10

    In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver

  • CVE-2025-71085Jan 13, 2026
    affected < 5.14.0-611.36.1.el9_7fixed 5.14.0-611.36.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of t

  • CVE-2022-50865Dec 30, 2025
    affected < 4.18.0-553.100.1.rt7.441.el8_10fixed 4.18.0-553.100.1.rt7.441.el8_10

    In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and in tcp_add_backlog(), the variable limit is caculated by adding sk_rcvbuf, sk_sndbuf an

  • CVE-2025-68741Dec 24, 2025
    affected < 5.14.0-687.10.1.el9_8fixed 5.14.0-687.10.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(). The qla24xx_alloc_pur

  • CVE-2025-68724Dec 24, 2025
    affected < 4.18.0-553.123.1.rt7.464.el8_10fixed 4.18.0-553.123.1.rt7.464.el8_10

    In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_k

  • CVE-2025-68366Dec 24, 2025
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK: nbd_genl_connect nbd_alloc_and_init_config // config_refs=1 nbd_start_devic

  • CVE-2025-68349Dec 24, 2025
    affected < 4.18.0-553.104.1.rt7.445.el8_10fixed 4.18.0-553.104.1.rt7.445.el8_10

    In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs

  • CVE-2025-68347Dec 24, 2025
    affected < 4.18.0-553.126.1.rt7.467.el8_10fixed 4.18.0-553.126.1.rt7.467.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write more bytes to the user buffer than requested, when a user provides a buffer smaller

  • CVE-2025-68305Dec 16, 2025
    affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmt_pending before write iter se

  • CVE-2025-68301Dec 16, 2025
    affected < 4.18.0-553.94.1.rt7.435.el8_10fixed 4.18.0-553.94.1.rt7.435.el8_10

    In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAX_SKB_FRAGS (17) fragments when handling large multi-descriptor packets. This causes an out-of-b

  • CVE-2025-68287Dec 16, 2025
    affected < 5.14.0-611.24.1.el9_7fixed 5.14.0-611.24.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths This patch addresses a race condition caused by unsynchronized execution of multiple call paths invoking `dwc3_remove_requests(

  • CVE-2025-68285Dec 16, 2025
    affected < 4.18.0-553.92.1.rt7.433.el8_10fixed 4.18.0-553.92.1.rt7.433.el8_10

    In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both

  • CVE-2025-68183Dec 16, 2025
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in se

  • CVE-2022-50673Dec 9, 2025
    affected < 4.18.0-553.104.1.rt7.445.el8_10fixed 4.18.0-553.104.1.rt7.445.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_orphan_cleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0 Read o

  • CVE-2023-53781Dec 9, 2025
    affected < 4.18.0-553.132.1.rt7.473.el8_10fixed 4.18.0-553.132.1.rt7.473.el8_10

    In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcp_write_timer_handler(). With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcp_write_timer_handler() by kernel TCP sockets. [0] If SMC creates a kernel so

  • CVE-2023-53762Dec 8, 2025
    affected < 4.18.0-553.105.1.rt7.446.el8_10fixed 4.18.0-553.105.1.rt7.446.el8_10

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync Use-after-free can occur in hci_disconnect_all_sync if a connection is deleted by concurrent processing of a controller event. To prevent this the code n

  • CVE-2025-40322Dec 8, 2025
    affected < 4.18.0-553.100.1.rt7.441.el8_10fixed 4.18.0-553.100.1.rt7.441.el8_10

    In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bit_putcs* bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and

  • CVE-2025-40320Dec 8, 2025
    affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential cfid UAF in smb2_query_info_compound When smb2_query_info_compound() retries, a previously allocated cfid may have been freed in the first attempt. Because cfid wasn't reset on replay

  • CVE-2025-40318Dec 8, 2025
    affected < 5.14.0-611.30.1.el9_7fixed 5.14.0-611.30.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once hci_cmd_sync_dequeue_once() does lookup and then cancel the entry under two separate lock sections. Meanwhile, hci_cmd_sync_work() can also delete the

Page 6 of 59