rpm package
almalinux/kernel-tools
pkg:rpm/almalinux/kernel-tools
Vulnerabilities (1,153)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-27022 | Hig | 7.8 | < 5.14.0-427.37.1.el9_4 | 5.14.0-427.37.1.el9_4 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole | |
| CVE-2024-27020 | Hig | 7.0 | < 5.14.0-427.33.1.el9_4 | 5.14.0-427.33.1.el9_4 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions li | |
| CVE-2024-27013 | Med | 5.5 | < 4.18.0-553.22.1.el8_10 | 4.18.0-553.22.1.el8_10 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents. Whe | |
| CVE-2024-26993 | Med | 5.5 | < 4.18.0-553.5.1.el8_10 | 4.18.0-553.5.1.el8_10 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn | |
| CVE-2024-26982 | Hig | 7.1 | < 5.14.0-427.28.1.el9_4 | 5.14.0-427.28.1.el9_4 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero Syskiller has produced an out of bounds access in fill_meta_index(). That out of bounds access is ultimately caused because the inode has an in | |
| CVE-2024-26974 | Hig | 7.0 | < 4.18.0-553.8.1.el8_10 | 4.18.0-553.8.1.el8_10 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race condition during AER recovery During the PCI AER system's error recovery process, the kernel driver may encounter a race condition with freeing the reset_data structure's memory. If t | |
| CVE-2024-26973 | Med | 5.5 | < 4.18.0-553.5.1.el8_10 | 4.18.0-553.5.1.el8_10 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must | |
| CVE-2024-26961 | Hig | 7.8 | < 5.14.0-427.42.1.el9_4 | 5.14.0-427.42.1.el9_4 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154_llsec_key_del mac802154_llsec_key_del() can free resources of a key directly without following the RCU rules for waiting before the end of a grace period. | |
| CVE-2024-26960 | Med | 5.5 | < 4.18.0-553.16.1.el8_10 | 4.18.0-553.16.1.el8_10 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was runni | |
| CVE-2024-26935 | Med | 5.5 | < 5.14.0-427.42.1.el9_4 | 5.14.0-427.42.1.el9_4 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name} directory earlier") fixed a bug related to modules loading/unloading, by adding a | |
| CVE-2024-26934 | Hig | 7.8 | < 4.18.0-553.5.1.el8_10 | 4.18.0-553.5.1.el8_10 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device l | |
| CVE-2024-27019 | — | < 5.14.0-427.33.1.el9_4 | 5.14.0-427.33.1.el9_4 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() nft_unregister_obj() can concurrent with __nft_obj_type_get(), and there is not any protection when iterate over nf_tables_objects list in _ | ||
| CVE-2024-27017 | — | < 4.18.0-553.27.1.el8_10 | 4.18.0-553.27.1.el8_10 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view | ||
| CVE-2024-27016 | — | < 5.14.0-427.33.1.el9_4 | 5.14.0-427.33.1.el9_4 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access p | ||
| CVE-2024-27010 | — | < 4.18.0-553.16.1.el8_10 | 4.18.0-553.16.1.el8_10 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to self we hit a qdisc lock deadlock. See trace below. [..... | ||
| CVE-2024-26991 | — | < 5.14.0-427.37.1.el9_4 | 5.14.0-427.37.1.el9_4 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes Fix KVM_SET_MEMORY_ATTRIBUTES to not overflow lpage_info array and trigger KASAN splat, as seen in the private_mem_conversions_test selftest | ||
| CVE-2024-26984 | — | < 4.18.0-553.117.1.el8_10 | 4.18.0-553.117.1.el8_10 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, ad | ||
| CVE-2024-26976 | — | < 4.18.0-553.27.1.el8_10 | 4.18.0-553.27.1.el8_10 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async #PF workqueue when vCPU is being destroyed Always flush the per-vCPU async #PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed | ||
| CVE-2024-26964 | — | < 4.18.0-553.5.1.el8_10 | 4.18.0-553.5.1.el8_10 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Add error handling in xhci_map_urb_for_dma Currently xhci_map_urb_for_dma() creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzalloc_node() fails, then the follo | ||
| CVE-2024-26947 | — | < 5.14.0-427.37.1.el9_4 | 5.14.0-427.37.1.el9_4 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 ("arm: extend pfn_valid to take into account freed memory map alignment") changes the semantics of pfn_valid |
- affected < 5.14.0-427.37.1.el9_4fixed 5.14.0-427.37.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole
- affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions li
- affected < 4.18.0-553.22.1.el8_10fixed 4.18.0-553.22.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents. Whe
- affected < 4.18.0-553.5.1.el8_10fixed 4.18.0-553.5.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn
- affected < 5.14.0-427.28.1.el9_4fixed 5.14.0-427.28.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero Syskiller has produced an out of bounds access in fill_meta_index(). That out of bounds access is ultimately caused because the inode has an in
- affected < 4.18.0-553.8.1.el8_10fixed 4.18.0-553.8.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race condition during AER recovery During the PCI AER system's error recovery process, the kernel driver may encounter a race condition with freeing the reset_data structure's memory. If t
- affected < 4.18.0-553.5.1.el8_10fixed 4.18.0-553.5.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must
- affected < 5.14.0-427.42.1.el9_4fixed 5.14.0-427.42.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154_llsec_key_del mac802154_llsec_key_del() can free resources of a key directly without following the RCU rules for waiting before the end of a grace period.
- affected < 4.18.0-553.16.1.el8_10fixed 4.18.0-553.16.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was runni
- affected < 5.14.0-427.42.1.el9_4fixed 5.14.0-427.42.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name} directory earlier") fixed a bug related to modules loading/unloading, by adding a
- affected < 4.18.0-553.5.1.el8_10fixed 4.18.0-553.5.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device l
- CVE-2024-27019May 1, 2024affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() nft_unregister_obj() can concurrent with __nft_obj_type_get(), and there is not any protection when iterate over nf_tables_objects list in _
- CVE-2024-27017May 1, 2024affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view
- CVE-2024-27016May 1, 2024affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access p
- CVE-2024-27010May 1, 2024affected < 4.18.0-553.16.1.el8_10fixed 4.18.0-553.16.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to self we hit a qdisc lock deadlock. See trace below. [.....
- CVE-2024-26991May 1, 2024affected < 5.14.0-427.37.1.el9_4fixed 5.14.0-427.37.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes Fix KVM_SET_MEMORY_ATTRIBUTES to not overflow lpage_info array and trigger KASAN splat, as seen in the private_mem_conversions_test selftest
- CVE-2024-26984May 1, 2024affected < 4.18.0-553.117.1.el8_10fixed 4.18.0-553.117.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, ad
- CVE-2024-26976May 1, 2024affected < 4.18.0-553.27.1.el8_10fixed 4.18.0-553.27.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async #PF workqueue when vCPU is being destroyed Always flush the per-vCPU async #PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed
- CVE-2024-26964May 1, 2024affected < 4.18.0-553.5.1.el8_10fixed 4.18.0-553.5.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Add error handling in xhci_map_urb_for_dma Currently xhci_map_urb_for_dma() creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzalloc_node() fails, then the follo
- CVE-2024-26947May 1, 2024affected < 5.14.0-427.37.1.el9_4fixed 5.14.0-427.37.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 ("arm: extend pfn_valid to take into account freed memory map alignment") changes the semantics of pfn_valid
Page 37 of 58