rpm package
almalinux/kernel-tools
pkg:rpm/almalinux/kernel-tools
Vulnerabilities (1,153)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38449 | — | < 5.14.0-570.42.2.el9_6 | 5.14.0-570.42.2.el9_6 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/gem: Acquire references on GEM handles for framebuffers A GEM handle can be released while the GEM buffer object is attached to a DRM framebuffer. This leads to the release of the dma-buf backing the buffer | ||
| CVE-2025-38417 | — | < 5.14.0-570.37.1.el9_6 | 5.14.0-570.37.1.el9_6 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario Add simple eswitch mode checker in attaching VF procedure and allocate required port representor memory structures only in switchdev mode. The reset flows tri | ||
| CVE-2025-38415 | — | < 4.18.0-553.100.1.el8_10 | 4.18.0-553.100.1.el8_10 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, is | ||
| CVE-2025-38412 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content. | ||
| CVE-2025-38403 | — | < 5.14.0-611.30.1.el9_7 | 5.14.0-611.30.1.el9_7 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left i | ||
| CVE-2025-38396 | — | < 5.14.0-611.5.1.el9_7 | 5.14.0-611.5.1.el9_7 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create anonymous inodes with proper security context. This replaces the c | ||
| CVE-2025-38392 | — | < 5.14.0-570.41.1.el9_6 | 5.14.0-570.41.1.el9_6 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated on module load: [ 324.701677] BUG: sleeping function called from invalid context at ker | ||
| CVE-2025-38383 | — | < 6.12.0-124.29.1.el10_1 | 6.12.0-124.29.1.el10_1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix data race in show_numa_info() The following data-race was found in show_numa_info(): ================================================================== BUG: KCSAN: data-race in vmalloc_info_sho | ||
| CVE-2025-38369 | — | < 6.12.0-124.8.1.el10_1 | 6.12.0-124.8.1.el10_1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic wh | ||
| CVE-2025-38352 | — | KEV | < 4.18.0-553.74.1.el8_10 | 4.18.0-553.74.1.el8_10 | Jul 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be | |
| CVE-2025-38351 | — | < 5.14.0-570.51.1.el9_6 | 5.14.0-570.51.1.el9_6 | Jul 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX allow | ||
| CVE-2025-38350 | Hig | 7.8 | < 5.14.0-570.39.1.el9_6 | 5.14.0-570.39.1.el9_6 | Jul 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thu | |
| CVE-2025-38349 | — | < 5.14.0-611.26.1.el9_7 | 5.14.0-611.26.1.el9_7 | Jul 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is decrementing the ep refcount and then doing a mutex_unlock(&ep->mtx); afterwards. That's very wro | ||
| CVE-2025-38332 | — | < 4.18.0-553.72.1.el8_10 | 4.18.0-553.72.1.el8_10 | Jul 10, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway | ||
| CVE-2025-38292 | — | < 5.14.0-570.33.2.el9_6 | 5.14.0-570.33.2.el9_6 | Jul 10, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid access to memory In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean is_continuation is part of rxcb. Currently, after freeing the skb, the rxcb->is_continuation acce | ||
| CVE-2025-38250 | — | < 4.18.0-553.70.1.el8_10 | 4.18.0-553.70.1.el8_10 | Jul 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor while its device was being use | ||
| CVE-2025-38248 | — | < 4.18.0-553.107.1.el8_10 | 4.18.0-553.107.1.el8_10 | Jul 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a multicast router resides. The list is consulted during forwarding to ensure multicas | ||
| CVE-2024-36357 | Med | 5.6 | < 5.14.0-570.62.1.el9_6 | 5.14.0-570.62.1.el9_6 | Jul 8, 2025 | A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries. | |
| CVE-2024-36350 | Med | 5.6 | < 5.14.0-570.62.1.el9_6 | 5.14.0-570.62.1.el9_6 | Jul 8, 2025 | A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. | |
| CVE-2025-38211 | — | < 4.18.0-553.72.1.el8_10 | 4.18.0-553.72.1.el8_10 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") simplified cm_id resource management by freeing cm_id once all ref |
- CVE-2025-38449Jul 25, 2025affected < 5.14.0-570.42.2.el9_6fixed 5.14.0-570.42.2.el9_6
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Acquire references on GEM handles for framebuffers A GEM handle can be released while the GEM buffer object is attached to a DRM framebuffer. This leads to the release of the dma-buf backing the buffer
- CVE-2025-38417Jul 25, 2025affected < 5.14.0-570.37.1.el9_6fixed 5.14.0-570.37.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario Add simple eswitch mode checker in attaching VF procedure and allocate required port representor memory structures only in switchdev mode. The reset flows tri
- CVE-2025-38415Jul 25, 2025affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sb_min_blocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, is
- CVE-2025-38412Jul 25, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content.
- CVE-2025-38403Jul 25, 2025affected < 5.14.0-611.30.1.el9_7fixed 5.14.0-611.30.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left i
- CVE-2025-38396Jul 25, 2025affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create anonymous inodes with proper security context. This replaces the c
- CVE-2025-38392Jul 25, 2025affected < 5.14.0-570.41.1.el9_6fixed 5.14.0-570.41.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated on module load: [ 324.701677] BUG: sleeping function called from invalid context at ker
- CVE-2025-38383Jul 25, 2025affected < 6.12.0-124.29.1.el10_1fixed 6.12.0-124.29.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix data race in show_numa_info() The following data-race was found in show_numa_info(): ================================================================== BUG: KCSAN: data-race in vmalloc_info_sho
- CVE-2025-38369Jul 25, 2025affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic wh
- affected < 4.18.0-553.74.1.el8_10fixed 4.18.0-553.74.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be
- CVE-2025-38351Jul 19, 2025affected < 5.14.0-570.51.1.el9_6fixed 5.14.0-570.51.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX allow
- affected < 5.14.0-570.39.1.el9_6fixed 5.14.0-570.39.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thu
- CVE-2025-38349Jul 18, 2025affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is decrementing the ep refcount and then doing a mutex_unlock(&ep->mtx); afterwards. That's very wro
- CVE-2025-38332Jul 10, 2025affected < 4.18.0-553.72.1.el8_10fixed 4.18.0-553.72.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway
- CVE-2025-38292Jul 10, 2025affected < 5.14.0-570.33.2.el9_6fixed 5.14.0-570.33.2.el9_6
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid access to memory In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean is_continuation is part of rxcb. Currently, after freeing the skb, the rxcb->is_continuation acce
- CVE-2025-38250Jul 9, 2025affected < 4.18.0-553.70.1.el8_10fixed 4.18.0-553.70.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor while its device was being use
- CVE-2025-38248Jul 9, 2025affected < 4.18.0-553.107.1.el8_10fixed 4.18.0-553.107.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a multicast router resides. The list is consulted during forwarding to ensure multicas
- affected < 5.14.0-570.62.1.el9_6fixed 5.14.0-570.62.1.el9_6
A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
- affected < 5.14.0-570.62.1.el9_6fixed 5.14.0-570.62.1.el9_6
A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
- CVE-2025-38211Jul 4, 2025affected < 4.18.0-553.72.1.el8_10fixed 4.18.0-553.72.1.el8_10
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") simplified cm_id resource management by freeing cm_id once all ref
Page 8 of 58