VYPR

rpm package

almalinux/kernel-tools-libs-devel

pkg:rpm/almalinux/kernel-tools-libs-devel

Vulnerabilities (1,303)

  • CVE-2020-12659May 5, 2020
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.

  • CVE-2020-12655May 5, 2020
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767.

  • CVE-2020-12114May 4, 2020
    affected < 4.18.0-305.el8fixed 4.18.0-305.el8

    A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.

  • CVE-2020-12465Apr 29, 2020
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.

  • CVE-2020-12464Apr 29, 2020
    affected < 4.18.0-305.el8fixed 4.18.0-305.el8

    usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.

  • CVE-2020-11668Apr 9, 2020
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.

  • CVE-2019-20636Apr 8, 2020
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

  • CVE-2020-11608Apr 7, 2020
    affected < 4.18.0-305.el8fixed 4.18.0-305.el8

    An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.

  • CVE-2020-11565Apr 6, 2020
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this

  • CVE-2020-10942Mar 24, 2020
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.

  • CVE-2020-8647Feb 6, 2020
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.

  • CVE-2020-8648Feb 6, 2020
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

  • CVE-2020-8649Feb 6, 2020
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

  • CVE-2019-19332Jan 9, 2020
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access t

  • CVE-2019-20054Dec 28, 2019
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.

  • CVE-2019-19767Dec 12, 2019
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.

  • CVE-2019-19770Dec 12, 2019
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux

  • CVE-2019-19447Dec 8, 2019
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.

  • CVE-2019-19543Dec 3, 2019
    affected < 4.18.0-240.el8fixed 4.18.0-240.el8

    In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.

  • CVE-2019-19523Dec 3, 2019
    affected < 4.18.0-305.el8fixed 4.18.0-305.el8

    In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.

Page 64 of 66