rpm package

almalinux/kernel-rt-kvm

pkg:rpm/almalinux/kernel-rt-kvm

Vulnerabilities (523)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-22004		—	< 5.14.0-570.25.1.el9_6	5.14.0-570.25.1.el9_6	Apr 3, 2025	In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free.
CVE-2025-21999		—	< 5.14.0-570.22.1.el9_6	5.14.0-570.22.1.el9_6	Apr 3, 2025	In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc
CVE-2025-21997		—	< 5.14.0-570.21.1.el9_6	5.14.0-570.21.1.el9_6	Apr 3, 2025	In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem() Since the i and pool->chunk_size variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different
CVE-2025-21993		—	< 5.14.0-570.16.1.el9_6	5.14.0-570.16.1.el9_6	Apr 2, 2025	In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 pref
CVE-2025-21991		—	< 5.14.0-570.26.1.el9_6	5.14.0-570.26.1.el9_6	Apr 2, 2025	In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the
CVE-2025-21979	Hig	7.8	< 5.14.0-570.22.1.el9_6	5.14.0-570.22.1.el9_6	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel wiphy_work before freeing wiphy A wiphy_work can be queued from the moment the wiphy is allocated and initialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the rdev::wiphy_work is
CVE-2025-21969		—	< 5.14.0-570.22.1.el9_6	5.14.0-570.22.1.el9_6	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive data work queue references the released l2cap_conn when sending to the upper laye
CVE-2025-21966		—	< 5.14.0-570.17.1.el9_6	5.14.0-570.17.1.el9_6	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature Fix memory corruption due to incorrect parameter being passed to bio_init
CVE-2025-21964		—	< 5.14.0-570.18.1.el9_6	5.14.0-570.18.1.el9_6	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from s
CVE-2025-21963		—	< 5.14.0-570.22.1.el9_6	5.14.0-570.22.1.el9_6	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from s
CVE-2025-21962		—	< 5.14.0-570.32.1.el9_6	5.14.0-570.32.1.el9_6	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option User-provided mount parameter closetimeo of type u32 is intended to have an upper limit, but before it is validated, the value is converted fr
CVE-2025-21961		—	< 5.14.0-570.22.1.el9_6	5.14.0-570.22.1.el9_6	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix truesize for mb-xdp-pass case When mb-xdp is set and return is XDP_PASS, packet is converted from xdp_buff to sk_buff with xdp_update_skb_shared_info() in bnxt_xdp_build_skb(). bnxt_xdp_build_skb
CVE-2025-21929		—	< 5.14.0-570.32.1.el9_6	5.14.0-570.32.1.el9_6	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the `rmmod` operation for the `intel_ishtp_hid` driver, a use-after-free issue can occur in the hid_ishtp_cl_remove() function. The f
CVE-2025-21928		—	< 5.14.0-570.32.1.el9_6	5.14.0-570.32.1.el9_6	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freein
CVE-2025-21927		—	< 5.14.0-570.16.1.el9_6	5.14.0-570.16.1.el9_6	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn't check the validity of the header length. When header digests are enabled, a target might send a packet with an invali
CVE-2025-21926		—	< 5.14.0-570.21.1.el9_6	5.14.0-570.21.1.el9_6	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: net: gso: fix ownership in __udp_gso_segment In __udp_gso_segment the skb destructor is removed before segmenting the skb but the socket reference is kept as-is. This is an issue if the original skb is later or
CVE-2025-21920		—	< 5.14.0-570.21.1.el9_6	5.14.0-570.21.1.el9_6	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: vlan: enforce underlying device type Currently, VLAN devices can be created on top of non-ethernet devices. Besides the fact that it doesn't make much sense, this also causes a bug which leaks the address of a
CVE-2025-21919		—	< 5.14.0-570.23.1.el9_6	5.14.0-570.23.1.el9_6	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. This 'prev' pointer can originate from struct rq's leaf_cfs_rq_list, ma
CVE-2025-21905		—	< 5.14.0-570.30.1.el9_6	5.14.0-570.30.1.el9_6	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the
CVE-2023-52933		—	< 5.14.0-570.24.1.el9_6	5.14.0-570.24.1.el9_6	Mar 27, 2025	In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix handling and sanity checking of xattr_ids count A Sysbot [1] corrupted filesystem exposes two flaws in the handling and sanity checking of the xattr_ids count in the filesystem. Both of these fla

CVE-2025-22004Apr 3, 2025
affected < 5.14.0-570.25.1.el9_6fixed 5.14.0-570.25.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free.
CVE-2025-21999Apr 3, 2025
affected < 5.14.0-570.22.1.el9_6fixed 5.14.0-570.22.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc
CVE-2025-21997Apr 3, 2025
affected < 5.14.0-570.21.1.el9_6fixed 5.14.0-570.21.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: xsk: fix an integer overflow in xp_create_and_assign_umem() Since the i and pool->chunk_size variables are of type 'u32', their product can wrap around and then be cast to 'u64'. This can lead to two different
CVE-2025-21993Apr 2, 2025
affected < 5.14.0-570.16.1.el9_6fixed 5.14.0-570.16.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 pref
CVE-2025-21991Apr 2, 2025
affected < 5.14.0-570.26.1.el9_6fixed 5.14.0-570.26.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the
CVE-2025-21979HigApr 1, 2025
affected < 5.14.0-570.22.1.el9_6fixed 5.14.0-570.22.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel wiphy_work before freeing wiphy A wiphy_work can be queued from the moment the wiphy is allocated and initialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the rdev::wiphy_work is
CVE-2025-21969Apr 1, 2025
affected < 5.14.0-570.22.1.el9_6fixed 5.14.0-570.22.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive data work queue references the released l2cap_conn when sending to the upper laye
CVE-2025-21966Apr 1, 2025
affected < 5.14.0-570.17.1.el9_6fixed 5.14.0-570.17.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature Fix memory corruption due to incorrect parameter being passed to bio_init
CVE-2025-21964Apr 1, 2025
affected < 5.14.0-570.18.1.el9_6fixed 5.14.0-570.18.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from s
CVE-2025-21963Apr 1, 2025
affected < 5.14.0-570.22.1.el9_6fixed 5.14.0-570.22.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from s
CVE-2025-21962Apr 1, 2025
affected < 5.14.0-570.32.1.el9_6fixed 5.14.0-570.32.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option User-provided mount parameter closetimeo of type u32 is intended to have an upper limit, but before it is validated, the value is converted fr
CVE-2025-21961Apr 1, 2025
affected < 5.14.0-570.22.1.el9_6fixed 5.14.0-570.22.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix truesize for mb-xdp-pass case When mb-xdp is set and return is XDP_PASS, packet is converted from xdp_buff to sk_buff with xdp_update_skb_shared_info() in bnxt_xdp_build_skb(). bnxt_xdp_build_skb
CVE-2025-21929Apr 1, 2025
affected < 5.14.0-570.32.1.el9_6fixed 5.14.0-570.32.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the `rmmod` operation for the `intel_ishtp_hid` driver, a use-after-free issue can occur in the hid_ishtp_cl_remove() function. The f
CVE-2025-21928Apr 1, 2025
affected < 5.14.0-570.32.1.el9_6fixed 5.14.0-570.32.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freein
CVE-2025-21927Apr 1, 2025
affected < 5.14.0-570.16.1.el9_6fixed 5.14.0-570.16.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn't check the validity of the header length. When header digests are enabled, a target might send a packet with an invali
CVE-2025-21926Apr 1, 2025
affected < 5.14.0-570.21.1.el9_6fixed 5.14.0-570.21.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: net: gso: fix ownership in __udp_gso_segment In __udp_gso_segment the skb destructor is removed before segmenting the skb but the socket reference is kept as-is. This is an issue if the original skb is later or
CVE-2025-21920Apr 1, 2025
affected < 5.14.0-570.21.1.el9_6fixed 5.14.0-570.21.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: vlan: enforce underlying device type Currently, VLAN devices can be created on top of non-ethernet devices. Besides the fact that it doesn't make much sense, this also causes a bug which leaks the address of a
CVE-2025-21919Apr 1, 2025
affected < 5.14.0-570.23.1.el9_6fixed 5.14.0-570.23.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. This 'prev' pointer can originate from struct rq's leaf_cfs_rq_list, ma
CVE-2025-21905Apr 1, 2025
affected < 5.14.0-570.30.1.el9_6fixed 5.14.0-570.30.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the
CVE-2023-52933Mar 27, 2025
affected < 5.14.0-570.24.1.el9_6fixed 5.14.0-570.24.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix handling and sanity checking of xattr_ids count A Sysbot [1] corrupted filesystem exposes two flaws in the handling and sanity checking of the xattr_ids count in the filesystem. Both of these fla

Page 5 of 27