rpm package

almalinux/kernel-tools-libs-devel

pkg:rpm/almalinux/kernel-tools-libs-devel

Vulnerabilities (1,303)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-10774		—	< 4.18.0-240.el8	4.18.0-240.el8	May 27, 2021	A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vuln
CVE-2021-33200		—	< 4.18.0-348.el8	4.18.0-348.el8	May 27, 2021	kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular,
CVE-2021-22543		—	< 4.18.0-305.12.1.el8_4	4.18.0-305.12.1.el8_4	May 26, 2021	An issue was discovered in Linux: KVM through Improper handling of VM_IO\|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pag
CVE-2020-26555		—	< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	May 24, 2021	Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
CVE-2021-31440		—	< 4.18.0-348.el8	4.18.0-348.el8	May 21, 2021	This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists withi
CVE-2021-33034		—	< 4.18.0-305.7.1.el8_4	4.18.0-305.7.1.el8_4	May 14, 2021	In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2020-26147	Med	5.4	< 4.18.0-348.el8	4.18.0-348.el8	May 11, 2021	An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends
CVE-2020-26146	Med	5.3	< 4.18.0-348.el8	4.18.0-348.el8	May 11, 2021	An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device
CVE-2020-26145	Med	6.5	< 4.18.0-348.el8	4.18.0-348.el8	May 11, 2021	An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitra
CVE-2020-26144	Med	6.5	< 4.18.0-348.el8	4.18.0-348.el8	May 11, 2021	An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitr
CVE-2020-26143	Med	6.5	< 4.18.0-348.el8	4.18.0-348.el8	May 11, 2021	An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network c
CVE-2020-26141	Med	6.5	< 4.18.0-348.el8	4.18.0-348.el8	May 11, 2021	An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 network
CVE-2020-26140	Med	6.5	< 4.18.0-348.el8	4.18.0-348.el8	May 11, 2021	An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
CVE-2020-26139	Med	5.3	< 4.18.0-348.el8	4.18.0-348.el8	May 11, 2021	An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against c
CVE-2020-24588	Low	3.5	< 4.18.0-348.el8	4.18.0-348.el8	May 11, 2021	The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is manda
CVE-2020-24587		—	< 4.18.0-348.el8	4.18.0-348.el8	May 11, 2021	The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends f
CVE-2020-24586		—	< 4.18.0-348.el8	4.18.0-348.el8	May 11, 2021	The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented
CVE-2021-32399		—	< 4.18.0-305.10.2.el8_4	4.18.0-305.10.2.el8_4	May 10, 2021	net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
CVE-2021-31916		—	< 4.18.0-348.el8	4.18.0-348.el8	May 6, 2021	An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memo
CVE-2021-31829		—	< 4.18.0-348.el8	4.18.0-348.el8	May 6, 2021	kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the B

CVE-2020-10774May 27, 2021
affected < 4.18.0-240.el8fixed 4.18.0-240.el8
A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vuln
CVE-2021-33200May 27, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular,
CVE-2021-22543May 26, 2021
affected < 4.18.0-305.12.1.el8_4fixed 4.18.0-305.12.1.el8_4
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pag
CVE-2020-26555May 24, 2021
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
CVE-2021-31440May 21, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists withi
CVE-2021-33034May 14, 2021
affected < 4.18.0-305.7.1.el8_4fixed 4.18.0-305.7.1.el8_4
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2020-26147MedMay 11, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends
CVE-2020-26146MedMay 11, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device
CVE-2020-26145MedMay 11, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitra
CVE-2020-26144MedMay 11, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitr
CVE-2020-26143MedMay 11, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network c
CVE-2020-26141MedMay 11, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 network
CVE-2020-26140MedMay 11, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.
CVE-2020-26139MedMay 11, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against c
CVE-2020-24588LowMay 11, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is manda
CVE-2020-24587May 11, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends f
CVE-2020-24586May 11, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented
CVE-2021-32399May 10, 2021
affected < 4.18.0-305.10.2.el8_4fixed 4.18.0-305.10.2.el8_4
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
CVE-2021-31916May 6, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memo
CVE-2021-31829May 6, 2021
affected < 4.18.0-348.el8fixed 4.18.0-348.el8
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the B

Page 60 of 66