rpm package

almalinux/kernel-rt

pkg:rpm/almalinux/kernel-rt

Vulnerabilities (1,061)

CVE	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2023-2124	—		< 5.14.0-284.18.1.rt14.303.el9_2	5.14.0-284.18.1.rt14.303.el9_2	May 15, 2023	An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2023-21102	—		< 5.14.0-284.30.1.rt14.315.el9_2	5.14.0-284.30.1.rt14.315.el9_2	May 15, 2023	In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pr
CVE-2023-32233	—		< 4.18.0-477.13.1.rt7.276.el8_8	4.18.0-477.13.1.rt7.276.el8_8	May 8, 2023	In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mis
CVE-2023-2235	—		< 5.14.0-284.18.1.rt14.303.el9_2	5.14.0-284.18.1.rt14.303.el9_2	May 1, 2023	A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it p
CVE-2023-0458	—		< 5.14.0-284.25.1.rt14.310.el9_2	5.14.0-284.25.1.rt14.310.el9_2	Apr 26, 2023	A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 o
CVE-2023-31083	—		< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Apr 24, 2023	An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.
CVE-2023-1998	—		< 5.14.0-284.25.1.rt14.310.el9_2	5.14.0-284.25.1.rt14.310.el9_2	Apr 21, 2023	The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim pr
CVE-2023-2194	—		< 5.14.0-284.18.1.rt14.303.el9_2	5.14.0-284.18.1.rt14.303.el9_2	Apr 20, 2023	An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could al
CVE-2023-1382	—		< 5.14.0-284.11.1.rt14.296.el9_2	5.14.0-284.11.1.rt14.296.el9_2	Apr 19, 2023	A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.
CVE-2023-1829	—		< 4.18.0-477.21.1.rt7.284.el8_8	4.18.0-477.21.1.rt7.284.el8_8	Apr 12, 2023	A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc
CVE-2023-1582	—		< 4.18.0-477.10.1.rt7.274.el8_8	4.18.0-477.10.1.rt7.274.el8_8	Apr 5, 2023	A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.
CVE-2023-28464	—		< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Mar 31, 2023	hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
CVE-2022-4744	—		< 5.14.0-162.22.2.rt21.186.el9_1	5.14.0-162.22.2.rt21.186.el9_1	Mar 30, 2023	A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the
CVE-2023-28866	—		< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Mar 27, 2023	In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.
CVE-2023-1637	—		< 5.14.0-284.30.1.rt14.315.el9_2	5.14.0-284.30.1.rt14.315.el9_2	Mar 27, 2023	A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unaut
CVE-2023-0179	—		< 5.14.0-162.18.1.rt21.181.el9_1	5.14.0-162.18.1.rt21.181.el9_1	Mar 27, 2023	A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
CVE-2023-0590	—		< 5.14.0-284.11.1.rt14.296.el9_2	5.14.0-284.11.1.rt14.296.el9_2	Mar 23, 2023	A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
CVE-2023-1281	—		< 4.18.0-477.21.1.rt7.284.el8_8	4.18.0-477.21.1.rt7.284.el8_8	Mar 22, 2023	Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A l
CVE-2023-0386	—	KEV	< 4.18.0-425.19.2.rt7.230.el8_7	4.18.0-425.19.2.rt7.230.el8_7	Mar 22, 2023	A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a loca
CVE-2023-28466	—		< 5.14.0-284.18.1.rt14.303.el9_2	5.14.0-284.18.1.rt14.303.el9_2	Mar 15, 2023	do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

CVE-2023-2124May 15, 2023
affected < 5.14.0-284.18.1.rt14.303.el9_2fixed 5.14.0-284.18.1.rt14.303.el9_2
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2023-21102May 15, 2023
affected < 5.14.0-284.30.1.rt14.315.el9_2fixed 5.14.0-284.30.1.rt14.315.el9_2
In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pr
CVE-2023-32233May 8, 2023
affected < 4.18.0-477.13.1.rt7.276.el8_8fixed 4.18.0-477.13.1.rt7.276.el8_8
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mis
CVE-2023-2235May 1, 2023
affected < 5.14.0-284.18.1.rt14.303.el9_2fixed 5.14.0-284.18.1.rt14.303.el9_2
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it p
CVE-2023-0458Apr 26, 2023
affected < 5.14.0-284.25.1.rt14.310.el9_2fixed 5.14.0-284.25.1.rt14.310.el9_2
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 o
CVE-2023-31083Apr 24, 2023
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.
CVE-2023-1998Apr 21, 2023
affected < 5.14.0-284.25.1.rt14.310.el9_2fixed 5.14.0-284.25.1.rt14.310.el9_2
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim pr
CVE-2023-2194Apr 20, 2023
affected < 5.14.0-284.18.1.rt14.303.el9_2fixed 5.14.0-284.18.1.rt14.303.el9_2
An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could al
CVE-2023-1382Apr 19, 2023
affected < 5.14.0-284.11.1.rt14.296.el9_2fixed 5.14.0-284.11.1.rt14.296.el9_2
A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.
CVE-2023-1829Apr 12, 2023
affected < 4.18.0-477.21.1.rt7.284.el8_8fixed 4.18.0-477.21.1.rt7.284.el8_8
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc
CVE-2023-1582Apr 5, 2023
affected < 4.18.0-477.10.1.rt7.274.el8_8fixed 4.18.0-477.10.1.rt7.274.el8_8
A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.
CVE-2023-28464Mar 31, 2023
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
CVE-2022-4744Mar 30, 2023
affected < 5.14.0-162.22.2.rt21.186.el9_1fixed 5.14.0-162.22.2.rt21.186.el9_1
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the
CVE-2023-28866Mar 27, 2023
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.
CVE-2023-1637Mar 27, 2023
affected < 5.14.0-284.30.1.rt14.315.el9_2fixed 5.14.0-284.30.1.rt14.315.el9_2
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unaut
CVE-2023-0179Mar 27, 2023
affected < 5.14.0-162.18.1.rt21.181.el9_1fixed 5.14.0-162.18.1.rt21.181.el9_1
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
CVE-2023-0590Mar 23, 2023
affected < 5.14.0-284.11.1.rt14.296.el9_2fixed 5.14.0-284.11.1.rt14.296.el9_2
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
CVE-2023-1281Mar 22, 2023
affected < 4.18.0-477.21.1.rt7.284.el8_8fixed 4.18.0-477.21.1.rt7.284.el8_8
Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A l
CVE-2023-0386KEVMar 22, 2023
affected < 4.18.0-425.19.2.rt7.230.el8_7fixed 4.18.0-425.19.2.rt7.230.el8_7
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a loca
CVE-2023-28466Mar 15, 2023
affected < 5.14.0-284.18.1.rt14.303.el9_2fixed 5.14.0-284.18.1.rt14.303.el9_2
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

Page 48 of 54