rpm package
almalinux/kernel-rt-kvm
pkg:rpm/almalinux/kernel-rt-kvm
Vulnerabilities (523)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52463 | — | < 4.18.0-553.16.1.rt7.357.el8_10 | 4.18.0-553.16.1.rt7.357.el8_10 | Feb 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as | ||
| CVE-2024-26593 | — | < 4.18.0-553.5.1.rt7.346.el8_10 | 4.18.0-553.5.1.rt7.346.el8_10 | Feb 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to t | ||
| CVE-2023-52445 | — | < 4.18.0-553.5.1.rt7.346.el8_10 | 4.18.0-553.5.1.rt7.346.el8_10 | Feb 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on t | ||
| CVE-2024-26585 | — | < 4.18.0-553.8.1.rt7.349.el8_10 | 4.18.0-553.8.1.rt7.349.el8_10 | Feb 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling | ||
| CVE-2024-26584 | — | < 4.18.0-553.8.1.rt7.349.el8_10 | 4.18.0-553.8.1.rt7.349.el8_10 | Feb 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRES | ||
| CVE-2024-26583 | — | < 4.18.0-553.8.1.rt7.349.el8_10 | 4.18.0-553.8.1.rt7.349.el8_10 | Feb 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touch | ||
| CVE-2024-25739 | Med | 5.5 | < 4.18.0-553.16.1.rt7.357.el8_10 | 4.18.0-553.16.1.rt7.357.el8_10 | Feb 12, 2024 | create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. | |
| CVE-2024-25744 | — | < 4.18.0-553.5.1.rt7.346.el8_10 | 4.18.0-553.5.1.rt7.346.el8_10 | Feb 12, 2024 | In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. | ||
| CVE-2023-6240 | — | < 4.18.0-553.5.1.rt7.346.el8_10 | 4.18.0-553.5.1.rt7.346.el8_10 | Feb 4, 2024 | A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key. | ||
| CVE-2024-23307 | Med | 4.4 | < 4.18.0-553.5.1.rt7.346.el8_10 | 4.18.0-553.5.1.rt7.346.el8_10 | Jan 25, 2024 | Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow. | |
| CVE-2023-6040 | — | < 4.18.0-553.22.1.rt7.363.el8_10 | 4.18.0-553.22.1.rt7.363.el8_10 | Jan 12, 2024 | An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_ | ||
| CVE-2024-0340 | — | < 4.18.0-553.5.1.rt7.346.el8_10 | 4.18.0-553.5.1.rt7.346.el8_10 | Jan 9, 2024 | A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local pri | ||
| CVE-2022-2588 | — | < 4.18.0-372.32.1.rt7.189.el8_6 | 4.18.0-372.32.1.rt7.189.el8_6 | Jan 8, 2024 | It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | ||
| CVE-2022-2586 | — | KEV | < 4.18.0-425.3.1.rt7.213.el8 | 4.18.0-425.3.1.rt7.213.el8 | Jan 8, 2024 | It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. | |
| CVE-2022-2585 | — | < 5.14.0-70.30.1.rt21.102.el9_0 | 5.14.0-70.30.1.rt21.102.el9_0 | Jan 8, 2024 | It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. | ||
| CVE-2023-5090 | — | < 4.18.0-553.8.1.rt7.349.el8_10 | 4.18.0-553.8.1.rt7.349.el8_10 | Nov 6, 2023 | A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. | ||
| CVE-2023-4147 | — | < 5.14.0-284.30.1.rt14.315.el9_2 | 5.14.0-284.30.1.rt14.315.el9_2 | Aug 7, 2023 | A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. | ||
| CVE-2023-4004 | — | < 5.14.0-284.30.1.rt14.315.el9_2 | 5.14.0-284.30.1.rt14.315.el9_2 | Jul 31, 2023 | A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the syste | ||
| CVE-2023-20593 | — | < 5.14.0-284.30.1.rt14.315.el9_2 | 5.14.0-284.30.1.rt14.315.el9_2 | Jul 24, 2023 | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | ||
| CVE-2023-3776 | — | < 5.14.0-284.30.1.rt14.315.el9_2 | 5.14.0-284.30.1.rt14.315.el9_2 | Jul 21, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b |
- CVE-2023-52463Feb 23, 2024affected < 4.18.0-553.16.1.rt7.357.el8_10fixed 4.18.0-553.16.1.rt7.357.el8_10
In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as
- CVE-2024-26593Feb 23, 2024affected < 4.18.0-553.5.1.rt7.346.el8_10fixed 4.18.0-553.5.1.rt7.346.el8_10
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to t
- CVE-2023-52445Feb 22, 2024affected < 4.18.0-553.5.1.rt7.346.el8_10fixed 4.18.0-553.5.1.rt7.346.el8_10
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on t
- CVE-2024-26585Feb 21, 2024affected < 4.18.0-553.8.1.rt7.349.el8_10fixed 4.18.0-553.8.1.rt7.349.el8_10
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling
- CVE-2024-26584Feb 21, 2024affected < 4.18.0-553.8.1.rt7.349.el8_10fixed 4.18.0-553.8.1.rt7.349.el8_10
In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRES
- CVE-2024-26583Feb 21, 2024affected < 4.18.0-553.8.1.rt7.349.el8_10fixed 4.18.0-553.8.1.rt7.349.el8_10
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touch
- affected < 4.18.0-553.16.1.rt7.357.el8_10fixed 4.18.0-553.16.1.rt7.357.el8_10
create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.
- CVE-2024-25744Feb 12, 2024affected < 4.18.0-553.5.1.rt7.346.el8_10fixed 4.18.0-553.5.1.rt7.346.el8_10
In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.
- CVE-2023-6240Feb 4, 2024affected < 4.18.0-553.5.1.rt7.346.el8_10fixed 4.18.0-553.5.1.rt7.346.el8_10
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.
- affected < 4.18.0-553.5.1.rt7.346.el8_10fixed 4.18.0-553.5.1.rt7.346.el8_10
Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.
- CVE-2023-6040Jan 12, 2024affected < 4.18.0-553.22.1.rt7.363.el8_10fixed 4.18.0-553.22.1.rt7.363.el8_10
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_
- CVE-2024-0340Jan 9, 2024affected < 4.18.0-553.5.1.rt7.346.el8_10fixed 4.18.0-553.5.1.rt7.346.el8_10
A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local pri
- CVE-2022-2588Jan 8, 2024affected < 4.18.0-372.32.1.rt7.189.el8_6fixed 4.18.0-372.32.1.rt7.189.el8_6
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
- affected < 4.18.0-425.3.1.rt7.213.el8fixed 4.18.0-425.3.1.rt7.213.el8
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
- CVE-2022-2585Jan 8, 2024affected < 5.14.0-70.30.1.rt21.102.el9_0fixed 5.14.0-70.30.1.rt21.102.el9_0
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.
- CVE-2023-5090Nov 6, 2023affected < 4.18.0-553.8.1.rt7.349.el8_10fixed 4.18.0-553.8.1.rt7.349.el8_10
A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.
- CVE-2023-4147Aug 7, 2023affected < 5.14.0-284.30.1.rt14.315.el9_2fixed 5.14.0-284.30.1.rt14.315.el9_2
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
- CVE-2023-4004Jul 31, 2023affected < 5.14.0-284.30.1.rt14.315.el9_2fixed 5.14.0-284.30.1.rt14.315.el9_2
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the syste
- CVE-2023-20593Jul 24, 2023affected < 5.14.0-284.30.1.rt14.315.el9_2fixed 5.14.0-284.30.1.rt14.315.el9_2
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
- CVE-2023-3776Jul 21, 2023affected < 5.14.0-284.30.1.rt14.315.el9_2fixed 5.14.0-284.30.1.rt14.315.el9_2
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b
Page 20 of 27