rpm package
almalinux/kernel-rt-modules-extra
pkg:rpm/almalinux/kernel-rt-modules-extra
Vulnerabilities (1,164)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-39698 | — | < 5.14.0-570.49.1.el9_6 | 5.14.0-570.49.1.el9_6 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure io_futex_wait() cleans up properly on failure The io_futex_data is allocated upfront and assigned to the io_kiocb async_data field, but the request isn't marked with REQ_F_ASYNC_DATA at t | ||
| CVE-2025-38737 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it is given. Setti | ||
| CVE-2025-38731 | — | < 5.14.0-611.26.1.el9_7 | 5.14.0-611.26.1.el9_7 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vm_bind_ioctl double free bug If the argument check during an array bind fails, the bind_ops are freed twice as seen below. Fix this by setting bind_ops to NULL after freeing. ===================== | ||
| CVE-2025-38724 | Hig | 7.8 | < 4.18.0-553.87.1.rt7.428.el8_10 | 4.18.0-553.87.1.rt7.428.el8_10 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM c | |
| CVE-2025-38730 | — | < 5.14.0-611.30.1.el9_7 | 5.14.0-611.30.1.el9_7 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. io_uring deals with this and invalidates them on r | ||
| CVE-2025-38718 | — | < 5.14.0-570.49.1.el9_6 | 5.14.0-570.49.1.el9_6 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti | ||
| CVE-2025-38703 | — | < 5.14.0-611.24.1.el9_7 | 5.14.0-611.24.1.el9_7 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Most notably the timeline name can get freed if userspace closes the associated | ||
| CVE-2025-38653 | — | < 5.14.0-687.12.1.el9_8 | 5.14.0-687.12.1.el9_8 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario. It's a gap in proc_reg_open() after commit 654b33ada4 | ||
| CVE-2025-38614 | Med | 5.5 | < 5.14.0-570.52.1.el9_6 | 5.14.0-570.52.1.el9_6 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some re | |
| CVE-2025-38571 | — | < 5.14.0-570.55.1.el9_6 | 5.14.0-570.55.1.el9_6 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this | ||
| CVE-2025-38568 | — | < 5.14.0-611.27.1.el9_7 | 5.14.0-611.27.1.el9_7 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value TC_QOPT_MAX_QUEUE (16). This | ||
| CVE-2025-38566 | — | < 5.14.0-570.55.1.el9_6 | 5.14.0-570.55.1.el9_6 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implemen | ||
| CVE-2025-38556 | — | < 5.14.0-570.52.1.el9_6 | 5.14.0-570.52.1.el9_6 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. | ||
| CVE-2025-38550 | — | < 5.14.0-570.44.1.el9_6 | 5.14.0-570.44.1.el9_6 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() pmc->idev is still used in ip6_mc_clear_src(), so as mld_clear_delrec() does, the reference should be put after ip6_mc_clear_src() return. | ||
| CVE-2025-38527 | — | < 5.14.0-570.49.1.el9_6 | 5.14.0-570.49.1.el9_6 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leading to a use-after-free of the cinode structure when unmounting: cifs_oplock_break() _cifsFileIn | ||
| CVE-2025-38500 | Hig | 7.8 | < 5.14.0-570.39.1.el9_6 | 5.14.0-570.39.1.el9_6 | Aug 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such in | |
| CVE-2025-38499 | Med | 5.5 | < 5.14.0-611.16.1.el9_7 | 5.14.0-611.16.1.el9_7 | Aug 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be | |
| CVE-2025-38498 | Med | 5.5 | < 5.14.0-570.46.1.el9_6 | 5.14.0-570.46.1.el9_6 | Jul 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w | |
| CVE-2025-38471 | Hig | 7.8 | < 5.14.0-570.35.1.el9_6 | 5.14.0-570.35.1.el9_6 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if | |
| CVE-2025-38470 | Med | 5.5 | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on a net device, the 8021q module will automatically add or remove VLAN 0 when the |
- CVE-2025-39698Sep 5, 2025affected < 5.14.0-570.49.1.el9_6fixed 5.14.0-570.49.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure io_futex_wait() cleans up properly on failure The io_futex_data is allocated upfront and assigned to the io_kiocb async_data field, but the request isn't marked with REQ_F_ASYNC_DATA at t
- CVE-2025-38737Sep 5, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it is given. Setti
- CVE-2025-38731Sep 5, 2025affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vm_bind_ioctl double free bug If the argument check during an array bind fails, the bind_ops are freed twice as seen below. Fix this by setting bind_ops to NULL after freeing. =====================
- affected < 4.18.0-553.87.1.rt7.428.el8_10fixed 4.18.0-553.87.1.rt7.428.el8_10
In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM c
- CVE-2025-38730Sep 4, 2025affected < 5.14.0-611.30.1.el9_7fixed 5.14.0-611.30.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. io_uring deals with this and invalidates them on r
- CVE-2025-38718Sep 4, 2025affected < 5.14.0-570.49.1.el9_6fixed 5.14.0-570.49.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti
- CVE-2025-38703Sep 4, 2025affected < 5.14.0-611.24.1.el9_7fixed 5.14.0-611.24.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Most notably the timeline name can get freed if userspace closes the associated
- CVE-2025-38653Aug 22, 2025affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8
In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario. It's a gap in proc_reg_open() after commit 654b33ada4
- affected < 5.14.0-570.52.1.el9_6fixed 5.14.0-570.52.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some re
- CVE-2025-38571Aug 19, 2025affected < 5.14.0-570.55.1.el9_6fixed 5.14.0-570.55.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this
- CVE-2025-38568Aug 19, 2025affected < 5.14.0-611.27.1.el9_7fixed 5.14.0-611.27.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value TC_QOPT_MAX_QUEUE (16). This
- CVE-2025-38566Aug 19, 2025affected < 5.14.0-570.55.1.el9_6fixed 5.14.0-570.55.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implemen
- CVE-2025-38556Aug 19, 2025affected < 5.14.0-570.52.1.el9_6fixed 5.14.0-570.52.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity.
- CVE-2025-38550Aug 16, 2025affected < 5.14.0-570.44.1.el9_6fixed 5.14.0-570.44.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() pmc->idev is still used in ip6_mc_clear_src(), so as mld_clear_delrec() does, the reference should be put after ip6_mc_clear_src() return.
- CVE-2025-38527Aug 16, 2025affected < 5.14.0-570.49.1.el9_6fixed 5.14.0-570.49.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leading to a use-after-free of the cinode structure when unmounting: cifs_oplock_break() _cifsFileIn
- affected < 5.14.0-570.39.1.el9_6fixed 5.14.0-570.39.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such in
- affected < 5.14.0-611.16.1.el9_7fixed 5.14.0-611.16.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be
- affected < 5.14.0-570.46.1.el9_6fixed 5.14.0-570.46.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w
- affected < 5.14.0-570.35.1.el9_6fixed 5.14.0-570.35.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if
- affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on a net device, the 8021q module will automatically add or remove VLAN 0 when the
Page 11 of 59