rpm package
almalinux/kernel-rt-kvm
pkg:rpm/almalinux/kernel-rt-kvm
Vulnerabilities (523)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-43284 | Hig | 8.8 | < 4.18.0-553.123.2.rt7.464.el8_10 | 4.18.0-553.123.2.rt7.464.el8_10 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths th | |
| CVE-2023-53494 | — | < 5.14.0-570.60.1.el9_6 | 5.14.0-570.60.1.el9_6 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: xts - Handle EBUSY correctly As it is xts only handles the special return value of EINPROGRESS, which means that in all other cases it will free data related to the request. However, as the caller of x | ||
| CVE-2025-39849 | Hig | 7.8 | < 5.14.0-570.55.1.el9_6 | 5.14.0-570.55.1.el9_6 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking. | |
| CVE-2025-39841 | Hig | 7.8 | < 5.14.0-570.55.1.el9_6 | 5.14.0-570.55.1.el9_6 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only t | |
| CVE-2023-53373 | — | < 5.14.0-570.52.1.el9_6 | 5.14.0-570.52.1.el9_6 | Sep 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller | ||
| CVE-2022-50367 | — | < 5.14.0-570.60.1.el9_6 | 5.14.0-570.60.1.el9_6 | Sep 17, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode( | ||
| CVE-2025-39817 | Hig | 7.1 | < 5.14.0-570.55.1.el9_6 | 5.14.0-570.55.1.el9_6 | Sep 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasan_check_range+0xe8/0x190 | |
| CVE-2025-40300 | Med | 5.5 | < 5.14.0-570.62.1.el9_6 | 5.14.0-570.62.1.el9_6 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already | |
| CVE-2025-39757 | Hig | 7.1 | < 5.14.0-570.52.1.el9_6 | 5.14.0-570.52.1.el9_6 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer s | |
| CVE-2025-39761 | — | < 5.14.0-570.51.1.el9_6 | 5.14.0-570.51.1.el9_6 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Decrement TID on RX peer frag setup error handling Currently, TID is not decremented before peer cleanup, during error handling path of ath12k_dp_rx_peer_frag_setup(). This could lead to out-of-bo | ||
| CVE-2025-39702 | Hig | 7.0 | < 5.14.0-570.60.1.el9_6 | 5.14.0-570.60.1.el9_6 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. | |
| CVE-2025-39694 | Med | 5.5 | < 5.14.0-570.46.1.el9_6 | 5.14.0-570.46.1.el9_6 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix SCCB present check Tracing code called by the SCLP interrupt handler contains early exits if the SCCB address associated with an interrupt is NULL. This check is performed after physical to virtu | |
| CVE-2025-39682 | Hig | 7.1 | < 5.14.0-570.49.1.el9_6 | 5.14.0-570.49.1.el9_6 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type | |
| CVE-2025-39698 | — | < 5.14.0-570.49.1.el9_6 | 5.14.0-570.49.1.el9_6 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure io_futex_wait() cleans up properly on failure The io_futex_data is allocated upfront and assigned to the io_kiocb async_data field, but the request isn't marked with REQ_F_ASYNC_DATA at t | ||
| CVE-2025-38718 | — | < 5.14.0-570.49.1.el9_6 | 5.14.0-570.49.1.el9_6 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti | ||
| CVE-2025-38614 | Med | 5.5 | < 5.14.0-570.52.1.el9_6 | 5.14.0-570.52.1.el9_6 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some re | |
| CVE-2025-38571 | — | < 5.14.0-570.55.1.el9_6 | 5.14.0-570.55.1.el9_6 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this | ||
| CVE-2025-38566 | — | < 5.14.0-570.55.1.el9_6 | 5.14.0-570.55.1.el9_6 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implemen | ||
| CVE-2025-38556 | — | < 5.14.0-570.52.1.el9_6 | 5.14.0-570.52.1.el9_6 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. | ||
| CVE-2025-38550 | — | < 5.14.0-570.44.1.el9_6 | 5.14.0-570.44.1.el9_6 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() pmc->idev is still used in ip6_mc_clear_src(), so as mld_clear_delrec() does, the reference should be put after ip6_mc_clear_src() return. |
- affected < 4.18.0-553.123.2.rt7.464.el8_10fixed 4.18.0-553.123.2.rt7.464.el8_10
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths th
- CVE-2023-53494Oct 1, 2025affected < 5.14.0-570.60.1.el9_6fixed 5.14.0-570.60.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: crypto: xts - Handle EBUSY correctly As it is xts only handles the special return value of EINPROGRESS, which means that in all other cases it will free data related to the request. However, as the caller of x
- affected < 5.14.0-570.55.1.el9_6fixed 5.14.0-570.55.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.
- affected < 5.14.0-570.55.1.el9_6fixed 5.14.0-570.55.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only t
- CVE-2023-53373Sep 18, 2025affected < 5.14.0-570.52.1.el9_6fixed 5.14.0-570.52.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller
- CVE-2022-50367Sep 17, 2025affected < 5.14.0-570.60.1.el9_6fixed 5.14.0-570.60.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode(
- affected < 5.14.0-570.55.1.el9_6fixed 5.14.0-570.55.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasan_check_range+0xe8/0x190
- affected < 5.14.0-570.62.1.el9_6fixed 5.14.0-570.62.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already
- affected < 5.14.0-570.52.1.el9_6fixed 5.14.0-570.52.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer s
- CVE-2025-39761Sep 11, 2025affected < 5.14.0-570.51.1.el9_6fixed 5.14.0-570.51.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Decrement TID on RX peer frag setup error handling Currently, TID is not decremented before peer cleanup, during error handling path of ath12k_dp_rx_peer_frag_setup(). This could lead to out-of-bo
- affected < 5.14.0-570.60.1.el9_6fixed 5.14.0-570.60.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.
- affected < 5.14.0-570.46.1.el9_6fixed 5.14.0-570.46.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix SCCB present check Tracing code called by the SCLP interrupt handler contains early exits if the SCCB address associated with an interrupt is NULL. This check is performed after physical to virtu
- affected < 5.14.0-570.49.1.el9_6fixed 5.14.0-570.49.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type
- CVE-2025-39698Sep 5, 2025affected < 5.14.0-570.49.1.el9_6fixed 5.14.0-570.49.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure io_futex_wait() cleans up properly on failure The io_futex_data is allocated upfront and assigned to the io_kiocb async_data field, but the request isn't marked with REQ_F_ASYNC_DATA at t
- CVE-2025-38718Sep 4, 2025affected < 5.14.0-570.49.1.el9_6fixed 5.14.0-570.49.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti
- affected < 5.14.0-570.52.1.el9_6fixed 5.14.0-570.52.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some re
- CVE-2025-38571Aug 19, 2025affected < 5.14.0-570.55.1.el9_6fixed 5.14.0-570.55.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this
- CVE-2025-38566Aug 19, 2025affected < 5.14.0-570.55.1.el9_6fixed 5.14.0-570.55.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implemen
- CVE-2025-38556Aug 19, 2025affected < 5.14.0-570.52.1.el9_6fixed 5.14.0-570.52.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity.
- CVE-2025-38550Aug 16, 2025affected < 5.14.0-570.44.1.el9_6fixed 5.14.0-570.44.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() pmc->idev is still used in ip6_mc_clear_src(), so as mld_clear_delrec() does, the reference should be put after ip6_mc_clear_src() return.
Page 1 of 27