rpm package
almalinux/kernel-rt-modules-core
pkg:rpm/almalinux/kernel-rt-modules-core
Vulnerabilities (836)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-50301 | Hig | 7.1 | < 5.14.0-570.51.1.el9_6 | 5.14.0-570.51.1.el9_6 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36 BUG: KASAN: slab-out-of-bounds in uid_eq | |
| CVE-2024-50294 | Med | 4.7 | < 5.14.0-611.5.1.el9_7 | 5.14.0-611.5.1.el9_7 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted (e.g. because kafs saw a signal) between it being queued for connection and the I/O thread picking up the call, the abort will be prioriti | |
| CVE-2024-50275 | Hig | 7.0 | < 5.14.0-503.22.1.el9_5 | 5.14.0-503.22.1.el9_5 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and | |
| CVE-2024-50264 | Hig | 7.8 | < 5.14.0-503.31.1.el9_5 | 5.14.0-503.31.1.el9_5 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. T | |
| CVE-2024-50262 | Hig | 7.8 | < 5.14.0-503.19.1.el9_5 | 5.14.0-503.19.1.el9_5 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths | |
| CVE-2024-50255 | Med | 5.5 | < 5.14.0-503.19.1.el9_5 | 5.14.0-503.19.1.el9_5 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Fix __hci_cmd_sync_sk() to return not NULL for unknown opcodes. __hci_cmd_sync_sk() returns NULL if a command returns a status event. However, it | |
| CVE-2024-50252 | Med | 5.5 | < 5.14.0-503.21.1.el9_5 | 5.14.0-503.21.1.el9_5 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address The device stores IPv6 addresses that are used for encapsulation in linear memory that is managed by the driver. Changing the remote addr | |
| CVE-2024-50251 | Med | 6.2 | < 5.14.0-503.16.1.el9_5 | 5.14.0-503.16.1.el9_5 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally | |
| CVE-2024-50226 | Hig | 7.8 | < 5.14.0-503.15.1.el9_5 | 5.14.0-503.15.1.el9_5 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown In support of investigating an initialization failure report [1], cxl_test was updated to register mock memory-devices after the mock root-port | |
| CVE-2024-50223 | Med | 5.5 | < 5.14.0-503.19.1.el9_5 | 5.14.0-503.19.1.el9_5 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: sched/numa: Fix the potential null pointer dereference in task_numa_work() When running stress-ng-vm-segv test, we found a null pointer dereference error in task_numa_work(). Here is the backtrace: [323676.0 | |
| CVE-2024-50208 | Med | 5.5 | < 5.14.0-503.21.1.el9_5 | 5.14.0-503.21.1.el9_5 | Nov 8, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Avoid memory corruption while setting up Level-2 PBL pages for the non MR resources when num_pages > 256K. There will be a single PDE page address (co | |
| CVE-2024-50195 | Med | 5.5 | < 5.14.0-611.5.1.el9_7 | 5.14.0-611.5.1.el9_7 | Nov 8, 2024 | In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pc_clock_settime() As Andrew pointed out, it will make sense that the PTP core checked timespec64 struct's tv_sec and tv_nsec range before calling ptp->info->settime | |
| CVE-2024-50192 | Med | 4.7 | < 5.14.0-503.19.1.el9_5 | 5.14.0-503.19.1.el9_5 | Nov 8, 2024 | In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE Kunkun Jiang reported that there is a small window of opportunity for userspace to force a change of affinity for a VPE while the VPE has already been unmapped | |
| CVE-2024-50154 | Hig | 7.0 | < 5.14.0-503.22.1.el9_5 | 5.14.0-503.22.1.el9_5 | Nov 7, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Martin KaFai Lau reported use-after-free [0] in reqsk_timer_handler(). """ We are seeing a use-after-free from a bpf prog attached to trace_tc | |
| CVE-2024-50148 | Med | 5.5 | < 5.14.0-503.19.1.el9_5 | 5.14.0-503.19.1.el9_5 | Nov 7, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in proto_unregister There's issue as follows: KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f] CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G | |
| CVE-2024-50142 | Med | 5.5 | < 5.14.0-503.19.1.el9_5 | 5.14.0-503.19.1.el9_5 | Nov 7, 2024 | In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a ("xfrm: Validate address prefix lengths in the xfrm selector.") syzbot c | |
| CVE-2024-50125 | Hig | 7.8 | < 5.14.0-503.19.1.el9_5 | 5.14.0-503.19.1.el9_5 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list. | |
| CVE-2024-50124 | Hig | 7.8 | < 5.14.0-503.19.1.el9_5 | 5.14.0-503.19.1.el9_5 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list. | |
| CVE-2024-50115 | Hig | 7.1 | < 5.14.0-503.19.1.el9_5 | 5.14.0-503.19.1.el9_5 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforc | |
| CVE-2024-50110 | Med | 5.5 | < 5.14.0-503.19.1.el9_5 | 5.14.0-503.19.1.el9_5 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram |
- affected < 5.14.0-570.51.1.el9_6fixed 5.14.0-570.51.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36 BUG: KASAN: slab-out-of-bounds in uid_eq
- affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted (e.g. because kafs saw a signal) between it being queued for connection and the I/O thread picking up the call, the abort will be prioriti
- affected < 5.14.0-503.22.1.el9_5fixed 5.14.0-503.22.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and
- affected < 5.14.0-503.31.1.el9_5fixed 5.14.0-503.31.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. T
- affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths
- affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Fix __hci_cmd_sync_sk() to return not NULL for unknown opcodes. __hci_cmd_sync_sk() returns NULL if a command returns a status event. However, it
- affected < 5.14.0-503.21.1.el9_5fixed 5.14.0-503.21.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address The device stores IPv6 addresses that are used for encapsulation in linear memory that is managed by the driver. Changing the remote addr
- affected < 5.14.0-503.16.1.el9_5fixed 5.14.0-503.16.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally
- affected < 5.14.0-503.15.1.el9_5fixed 5.14.0-503.15.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown In support of investigating an initialization failure report [1], cxl_test was updated to register mock memory-devices after the mock root-port
- affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: sched/numa: Fix the potential null pointer dereference in task_numa_work() When running stress-ng-vm-segv test, we found a null pointer dereference error in task_numa_work(). Here is the backtrace: [323676.0
- affected < 5.14.0-503.21.1.el9_5fixed 5.14.0-503.21.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Avoid memory corruption while setting up Level-2 PBL pages for the non MR resources when num_pages > 256K. There will be a single PDE page address (co
- affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pc_clock_settime() As Andrew pointed out, it will make sense that the PTP core checked timespec64 struct's tv_sec and tv_nsec range before calling ptp->info->settime
- affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE Kunkun Jiang reported that there is a small window of opportunity for userspace to force a change of affinity for a VPE while the VPE has already been unmapped
- affected < 5.14.0-503.22.1.el9_5fixed 5.14.0-503.22.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Martin KaFai Lau reported use-after-free [0] in reqsk_timer_handler(). """ We are seeing a use-after-free from a bpf prog attached to trace_tc
- affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in proto_unregister There's issue as follows: KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f] CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G
- affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a ("xfrm: Validate address prefix lengths in the xfrm selector.") syzbot c
- affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list.
- affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list.
- affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforc
- affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram
Page 24 of 42