rpm package

almalinux/kernel-uki-virt-addons

pkg:rpm/almalinux/kernel-uki-virt-addons

Vulnerabilities (400)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-46858		—	< 5.14.0-503.14.1.el9_5	5.14.0-503.14.1.el9_5	Sep 27, 2024	In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action
CVE-2024-46824		—	< 5.14.0-503.14.1.el9_5	5.14.0-503.14.1.el9_5	Sep 27, 2024	In the Linux kernel, the following vulnerability has been resolved: iommufd: Require drivers to supply the cache_invalidate_user ops If drivers don't do this then iommufd will oops invalidation ioctls with something like: Unable to handle kernel NULL pointer dereference at v
CVE-2024-46744	Hig	7.8	< 5.14.0-611.5.1.el9_7	5.14.0-611.5.1.el9_7	Sep 18, 2024	In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read
CVE-2024-46713		—	< 5.14.0-503.21.1.el9_5	5.14.0-503.21.1.el9_5	Sep 13, 2024	In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment th
CVE-2024-46697		—	< 5.14.0-503.19.1.el9_5	5.14.0-503.19.1.el9_5	Sep 13, 2024	In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4_fattr_args.context is zeroed out If nfsd4_encode_fattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk o
CVE-2024-46695		—	< 5.14.0-503.16.1.el9_5	5.14.0-503.16.1.el9_5	Sep 13, 2024	In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inode_setsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exporte
CVE-2024-46689		—	< 5.14.0-611.5.1.el9_7	5.14.0-611.5.1.el9_7	Sep 13, 2024	In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into
CVE-2024-45018	Med	5.5	< 5.14.0-503.16.1.el9_5	5.14.0-503.16.1.el9_5	Sep 11, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload.
CVE-2024-45020		—	< 5.14.0-503.19.1.el9_5	5.14.0-503.19.1.el9_5	Sep 11, 2024	In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a kernel verifier crash in stacksafe() Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksaf
CVE-2024-44994		—	< 5.14.0-503.16.1.el9_5	5.14.0-503.16.1.el9_5	Sep 4, 2024	In the Linux kernel, the following vulnerability has been resolved: iommu: Restore lost return in iommu_report_device_fault() When iommu_report_device_fault gets called with a partial fault it is supposed to collect the fault into the group and then return. Instead the return
CVE-2024-43854		—	< 5.14.0-503.16.1.el9_5	5.14.0-503.16.1.el9_5	Aug 17, 2024	In the Linux kernel, the following vulnerability has been resolved: block: initialize integrity buffer to zero before writing it to media Metadata added by bio_integrity_prep is using plain kmalloc, which leads to random kernel memory being written media. For PI metadata this
CVE-2024-42283	Med	5.5	< 5.14.0-503.14.1.el9_5	5.14.0-503.14.1.el9_5	Aug 17, 2024	In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthop_grp contains two reserved fields that are not initialized by nla_put_nh_group(), and carry garbage. This can be observed e.g. with strace (e
CVE-2024-42244		—	< 5.14.0-503.15.1.el9_5	5.14.0-503.15.1.el9_5	Aug 7, 2024	In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation
CVE-2024-41009		—	< 5.14.0-503.15.1.el9_5	5.14.0-503.15.1.el9_5	Jul 17, 2024	In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer coun
CVE-2022-48830		—	< 5.14.0-611.5.1.el9_7	5.14.0-611.5.1.el9_7	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix potential CAN frame reception race in isotp_rcv() When receiving a CAN frame the current code logic does not consider concurrently receiving processes which do not show up in real world usage.
CVE-2024-38564		—	< 5.14.0-503.19.1.el9_5	5.14.0-503.19.1.el9_5	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE bpf_prog_attach uses attach_type_to_prog_type to enforce proper attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses bpf_prog_g
CVE-2024-27399		—	< 5.14.0-503.19.1.el9_5	5.14.0-503.19.1.el9_5	May 13, 2024	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del(). When we use l2cap_chan_del() to delete the channel, the chan->conn will be
CVE-2024-26615		—	< 5.14.0-503.16.1.el9_5	5.14.0-503.16.1.el9_5	Feb 29, 2024	In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 1
CVE-2023-52490		—	< 5.14.0-503.26.1.el9_5	5.14.0-503.26.1.el9_5	Feb 29, 2024	In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual
CVE-2022-3424		—	< 5.14.0-570.19.1.el9_6	5.14.0-570.19.1.el9_6	Mar 6, 2023	A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate

CVE-2024-46858Sep 27, 2024
affected < 5.14.0-503.14.1.el9_5fixed 5.14.0-503.14.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action
CVE-2024-46824Sep 27, 2024
affected < 5.14.0-503.14.1.el9_5fixed 5.14.0-503.14.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: iommufd: Require drivers to supply the cache_invalidate_user ops If drivers don't do this then iommufd will oops invalidation ioctls with something like: Unable to handle kernel NULL pointer dereference at v
CVE-2024-46744HigSep 18, 2024
affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read
CVE-2024-46713Sep 13, 2024
affected < 5.14.0-503.21.1.el9_5fixed 5.14.0-503.21.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment th
CVE-2024-46697Sep 13, 2024
affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4_fattr_args.context is zeroed out If nfsd4_encode_fattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk o
CVE-2024-46695Sep 13, 2024
affected < 5.14.0-503.16.1.el9_5fixed 5.14.0-503.16.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inode_setsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exporte
CVE-2024-46689Sep 13, 2024
affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into
CVE-2024-45018MedSep 11, 2024
affected < 5.14.0-503.16.1.el9_5fixed 5.14.0-503.16.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload.
CVE-2024-45020Sep 11, 2024
affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a kernel verifier crash in stacksafe() Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksaf
CVE-2024-44994Sep 4, 2024
affected < 5.14.0-503.16.1.el9_5fixed 5.14.0-503.16.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: iommu: Restore lost return in iommu_report_device_fault() When iommu_report_device_fault gets called with a partial fault it is supposed to collect the fault into the group and then return. Instead the return
CVE-2024-43854Aug 17, 2024
affected < 5.14.0-503.16.1.el9_5fixed 5.14.0-503.16.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: block: initialize integrity buffer to zero before writing it to media Metadata added by bio_integrity_prep is using plain kmalloc, which leads to random kernel memory being written media. For PI metadata this
CVE-2024-42283MedAug 17, 2024
affected < 5.14.0-503.14.1.el9_5fixed 5.14.0-503.14.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthop_grp contains two reserved fields that are not initialized by nla_put_nh_group(), and carry garbage. This can be observed e.g. with strace (e
CVE-2024-42244Aug 7, 2024
affected < 5.14.0-503.15.1.el9_5fixed 5.14.0-503.15.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation
CVE-2024-41009Jul 17, 2024
affected < 5.14.0-503.15.1.el9_5fixed 5.14.0-503.15.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer coun
CVE-2022-48830Jul 16, 2024
affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix potential CAN frame reception race in isotp_rcv() When receiving a CAN frame the current code logic does not consider concurrently receiving processes which do not show up in real world usage.
CVE-2024-38564Jun 19, 2024
affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE bpf_prog_attach uses attach_type_to_prog_type to enforce proper attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses bpf_prog_g
CVE-2024-27399May 13, 2024
affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del(). When we use l2cap_chan_del() to delete the channel, the chan->conn will be
CVE-2024-26615Feb 29, 2024
affected < 5.14.0-503.16.1.el9_5fixed 5.14.0-503.16.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 1
CVE-2023-52490Feb 29, 2024
affected < 5.14.0-503.26.1.el9_5fixed 5.14.0-503.26.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual
CVE-2022-3424Mar 6, 2023
affected < 5.14.0-570.19.1.el9_6fixed 5.14.0-570.19.1.el9_6
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate

Page 20 of 20