rpm package

almalinux/kernel-uki-virt-addons

pkg:rpm/almalinux/kernel-uki-virt-addons

Vulnerabilities (400)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2025-38396		—		< 5.14.0-611.5.1.el9_7	5.14.0-611.5.1.el9_7	Jul 25, 2025	In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create anonymous inodes with proper security context. This replaces the c
CVE-2025-38392		—		< 5.14.0-570.41.1.el9_6	5.14.0-570.41.1.el9_6	Jul 25, 2025	In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated on module load: [ 324.701677] BUG: sleeping function called from invalid context at ker
CVE-2025-38383		—		< 6.12.0-124.29.1.el10_1	6.12.0-124.29.1.el10_1	Jul 25, 2025	In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix data race in show_numa_info() The following data-race was found in show_numa_info(): ================================================================== BUG: KCSAN: data-race in vmalloc_info_sho
CVE-2025-38369		—		< 6.12.0-124.8.1.el10_1	6.12.0-124.8.1.el10_1	Jul 25, 2025	In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic wh
CVE-2025-38352		—	KEV	< 5.14.0-570.42.2.el9_6	5.14.0-570.42.2.el9_6	Jul 22, 2025	In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be
CVE-2025-38351		—		< 5.14.0-570.51.1.el9_6	5.14.0-570.51.1.el9_6	Jul 19, 2025	In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX allow
CVE-2025-38350	Hig	7.8		< 5.14.0-570.39.1.el9_6	5.14.0-570.39.1.el9_6	Jul 19, 2025	In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thu
CVE-2025-38349		—		< 5.14.0-611.26.1.el9_7	5.14.0-611.26.1.el9_7	Jul 18, 2025	In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is decrementing the ep refcount and then doing a mutex_unlock(&ep->mtx); afterwards. That's very wro
CVE-2025-38332		—		< 5.14.0-570.42.2.el9_6	5.14.0-570.42.2.el9_6	Jul 10, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway
CVE-2025-38292		—		< 5.14.0-570.33.2.el9_6	5.14.0-570.33.2.el9_6	Jul 10, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid access to memory In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean is_continuation is part of rxcb. Currently, after freeing the skb, the rxcb->is_continuation acce
CVE-2025-38250		—		< 5.14.0-570.35.1.el9_6	5.14.0-570.35.1.el9_6	Jul 9, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor while its device was being use
CVE-2024-36357	Med	5.6		< 5.14.0-570.62.1.el9_6	5.14.0-570.62.1.el9_6	Jul 8, 2025	A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
CVE-2024-36350	Med	5.6		< 5.14.0-570.62.1.el9_6	5.14.0-570.62.1.el9_6	Jul 8, 2025	A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
CVE-2025-38211		—		< 5.14.0-570.39.1.el9_6	5.14.0-570.39.1.el9_6	Jul 4, 2025	In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") simplified cm_id resource management by freeing cm_id once all ref
CVE-2025-38206		—		< 5.14.0-611.35.1.el9_7	5.14.0-611.35.1.el9_7	Jul 4, 2025	In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : fre
CVE-2025-38200		—		< 5.14.0-570.39.1.el9_6	5.14.0-570.39.1.el9_6	Jul 4, 2025	In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer unde
CVE-2025-38180		—		< 5.14.0-611.45.1.el9_7	5.14.0-611.45.1.el9_7	Jul 4, 2025	In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF.
CVE-2025-38124	Med	5.5		< 5.14.0-570.35.1.el9_6	5.14.0-570.35.1.el9_6	Jul 3, 2025	In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 ("net: gso: fix udp gso fraglist segmentation after pull from frag_list") detected invalid geometry in frag_list skbs and redirects the
CVE-2025-38172		—		< 6.12.0-124.38.1.el10_1	6.12.0-124.38.1.el10_1	Jul 3, 2025	In the Linux kernel, the following vulnerability has been resolved: erofs: avoid using multiple devices with different type For multiple devices, both primary and extra devices should be the same type. `erofs_init_device` has already guaranteed that if the primary is a file-bac
CVE-2025-38159		—		< 5.14.0-570.35.1.el9_6	5.14.0-570.35.1.el9_6	Jul 3, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], &para[1])', which reads 5 bytes:

CVE-2025-38396Jul 25, 2025
affected < 5.14.0-611.5.1.el9_7fixed 5.14.0-611.5.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create anonymous inodes with proper security context. This replaces the c
CVE-2025-38392Jul 25, 2025
affected < 5.14.0-570.41.1.el9_6fixed 5.14.0-570.41.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated on module load: [ 324.701677] BUG: sleeping function called from invalid context at ker
CVE-2025-38383Jul 25, 2025
affected < 6.12.0-124.29.1.el10_1fixed 6.12.0-124.29.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix data race in show_numa_info() The following data-race was found in show_numa_info(): ================================================================== BUG: KCSAN: data-race in vmalloc_info_sho
CVE-2025-38369Jul 25, 2025
affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic wh
CVE-2025-38352KEVJul 22, 2025
affected < 5.14.0-570.42.2.el9_6fixed 5.14.0-570.42.2.el9_6
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be
CVE-2025-38351Jul 19, 2025
affected < 5.14.0-570.51.1.el9_6fixed 5.14.0-570.51.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST and HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST_EX allow
CVE-2025-38350HigJul 19, 2025
affected < 5.14.0-570.39.1.el9_6fixed 5.14.0-570.39.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thu
CVE-2025-38349Jul 18, 2025
affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: eventpoll: don't decrement ep refcount while still holding the ep mutex Jann Horn points out that epoll is decrementing the ep refcount and then doing a mutex_unlock(&ep->mtx); afterwards. That's very wro
CVE-2025-38332Jul 10, 2025
affected < 5.14.0-570.42.2.el9_6fixed 5.14.0-570.42.2.el9_6
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Use memcpy() for BIOS version The strlcat() with FORTIFY support is triggering a panic because it thinks the target buffer will overflow although the correct target buffer size is passed in. Anyway
CVE-2025-38292Jul 10, 2025
affected < 5.14.0-570.33.2.el9_6fixed 5.14.0-570.33.2.el9_6
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid access to memory In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean is_continuation is part of rxcb. Currently, after freeing the skb, the rxcb->is_continuation acce
CVE-2025-38250Jul 9, 2025
affected < 5.14.0-570.35.1.el9_6fixed 5.14.0-570.35.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor while its device was being use
CVE-2024-36357MedJul 8, 2025
affected < 5.14.0-570.62.1.el9_6fixed 5.14.0-570.62.1.el9_6
A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.
CVE-2024-36350MedJul 8, 2025
affected < 5.14.0-570.62.1.el9_6fixed 5.14.0-570.62.1.el9_6
A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
CVE-2025-38211Jul 4, 2025
affected < 5.14.0-570.39.1.el9_6fixed 5.14.0-570.39.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") simplified cm_id resource management by freeing cm_id once all ref
CVE-2025-38206Jul 4, 2025
affected < 5.14.0-611.35.1.el9_7fixed 5.14.0-611.35.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : fre
CVE-2025-38200Jul 4, 2025
affected < 5.14.0-570.39.1.el9_6fixed 5.14.0-570.39.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer unde
CVE-2025-38180Jul 4, 2025
affected < 5.14.0-611.45.1.el9_7fixed 5.14.0-611.45.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF.
CVE-2025-38124MedJul 3, 2025
affected < 5.14.0-570.35.1.el9_6fixed 5.14.0-570.35.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 ("net: gso: fix udp gso fraglist segmentation after pull from frag_list") detected invalid geometry in frag_list skbs and redirects the
CVE-2025-38172Jul 3, 2025
affected < 6.12.0-124.38.1.el10_1fixed 6.12.0-124.38.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: erofs: avoid using multiple devices with different type For multiple devices, both primary and extra devices should be the same type. `erofs_init_device` has already guaranteed that if the primary is a file-bac
CVE-2025-38159Jul 3, 2025
affected < 5.14.0-570.35.1.el9_6fixed 5.14.0-570.35.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], &para[1])', which reads 5 bytes:

Page 7 of 20