VYPR

rpm package

almalinux/kernel-uki-virt-addons

pkg:rpm/almalinux/kernel-uki-virt-addons

Vulnerabilities (507)

  • CVE-2025-38159HigJul 3, 2025
    affected < 5.14.0-570.35.1.el9_6fixed 5.14.0-570.35.1.el9_6

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], &para[1])', which reads 5 bytes:

  • CVE-2025-38141HigJul 3, 2025
    affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that md->zone_revalidate_map will change while calling this function. Only read it on

  • CVE-2025-38129HigJul 3, 2025
    affected < 5.14.0-611.35.1.el9_7fixed 5.14.0-611.35.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of

  • CVE-2025-38124MedJul 3, 2025
    affected < 5.14.0-570.35.1.el9_6fixed 5.14.0-570.35.1.el9_6

    In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 ("net: gso: fix udp gso fraglist segmentation after pull from frag_list") detected invalid geometry in frag_list skbs and redirects the

  • CVE-2025-38116HigJul 3, 2025
    affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix uaf in ath12k_core_init() When the execution of ath12k_core_hw_group_assign() or ath12k_core_hw_group_create() fails, the registered notifier chain is not unregistered properly. Its memory is

  • CVE-2025-38110HigJul 3, 2025
    affected < 5.14.0-570.30.1.el9_6fixed 5.14.0-570.30.1.el9_6

    In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via C45 (clause 45) mdiobus, t

  • CVE-2025-38109HigJul 3, 2025
    affected < 5.14.0-611.47.1.el9_7fixed 5.14.0-611.47.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix ECVF vports unload on shutdown flow Fix shutdown flow UAF when a virtual function is created on the embedded chip (ECVF) of a BlueField device. In such case the vport acl ingress table is not prop

  • CVE-2025-38106HigJul 3, 2025
    affected < 5.14.0-611.38.1.el9_7fixed 5.14.0-611.38.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60 Read of size 8 at addr ffff88810de2d2c8 by task a.out/304 CPU:

  • CVE-2025-38097MedJul 3, 2025
    affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to reference leaks when we try to delete the netns. The reference chain is: xfrm_state ->

  • CVE-2025-38089MedJun 30, 2025
    affected < 5.14.0-570.28.1.el9_6fixed 5.14.0-570.28.1.el9_6

    In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC rep

  • CVE-2025-38087HigJun 30, 2025
    affected < 5.14.0-570.32.1.el9_6fixed 5.14.0-570.32.1.el9_6

    In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in taprio_dev_notifier Since taprio’s taprio_dev_notifier() isn’t protected by an RCU read-side critical section, a race with advance_sched() can lead to a use-after-free. Adding

  • CVE-2025-38086MedJun 28, 2025
    affected < 5.14.0-570.30.1.el9_6fixed 5.14.0-570.30.1.el9_6

    In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called "buff"

  • CVE-2025-38085MedJun 28, 2025
    affected < 5.14.0-570.35.1.el9_6fixed 5.14.0-570.35.1.el9_6

    In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table us

  • CVE-2025-38084MedJun 28, 2025
    affected < 5.14.0-570.35.1.el9_6fixed 5.14.0-570.35.1.el9_6

    In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA lock and rmap locks are take

  • CVE-2022-50087HigJun 18, 2025
    affected < 5.14.0-570.55.1.el9_6fixed 5.14.0-570.55.1.el9_6

    In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it

  • CVE-2025-38079HigJun 18, 2025
    affected < 5.14.0-570.33.2.el9_6fixed 5.14.0-570.33.2.el9_6

    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_relea

  • CVE-2025-38052HigJun 18, 2025
    affected < 5.14.0-570.32.1.el9_6fixed 5.14.0-570.32.1.el9_6

    In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG:

  • CVE-2025-38024HigJun 18, 2025
    affected < 5.14.0-611.30.1.el9_7fixed 5.14.0-611.30.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120 print_address_description mm/kasan/

  • CVE-2025-38022HigJun 18, 2025
    affected < 5.14.0-611.30.1.el9_7fixed 5.14.0-611.30.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description

  • CVE-2025-38015MedJun 18, 2025
    affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs during idxd_alloc(). To fix it, free the allocated memory in the reverse order of

Page 13 of 26