rpm package

almalinux/kernel-zfcpdump-modules-core

pkg:rpm/almalinux/kernel-zfcpdump-modules-core

Vulnerabilities (729)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-35797		—	< 5.14.0-427.35.1.el9_4	5.14.0-427.35.1.el9_4	May 17, 2024	In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix two shmem bugs When cachestat on shmem races with swapping and invalidation, there are two possible bugs: 1) A swapin error can have resulted in a poisoned swap entry in the shmem inode's
CVE-2024-35789	Hig	7.8	< 5.14.0-427.31.1.el9_4	5.14.0-427.31.1.el9_4	May 17, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can c
CVE-2024-35791		—	< 5.14.0-427.35.1.el9_4	5.14.0-427.35.1.el9_4	May 17, 2024	In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->lock to fix use-after-free issues where regi
CVE-2024-27435		—	< 5.14.0-427.26.1.el9_4	5.14.0-427.26.1.el9_4	May 17, 2024	In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After di
CVE-2024-27434		—	< 5.14.0-427.31.1.el9_4	5.14.0-427.31.1.el9_4	May 17, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We
CVE-2023-52658		—	< 5.14.0-427.40.1.el9_4	5.14.0-427.40.1.el9_4	May 17, 2024	In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b. The revert is required due to the suspicion it is not good for anything and c
CVE-2024-27417		—	< 5.14.0-427.31.1.el9_4	5.14.0-427.31.1.el9_4	May 17, 2024	In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID value but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr() returns -EINV
CVE-2024-27415		—	< 5.14.0-427.33.1.el9_4	5.14.0-427.33.1.el9_4	May 17, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast)
CVE-2024-27403		—	< 5.14.0-427.40.1.el9_4	5.14.0-427.40.1.el9_4	May 17, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_flow_offload: reset dst in route object after setting up flow dst is transferred to the flow object, route object does not own it anymore. Reset dst in route object, otherwise if flow_offload_ad
CVE-2024-21823	Hig	7.5	< 5.14.0-427.31.1.el9_4	5.14.0-427.31.1.el9_4	May 16, 2024	Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access
CVE-2024-25743	Hig	7.1	< 5.14.0-427.16.1.el9_4	5.14.0-427.16.1.el9_4	May 15, 2024	In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES.
CVE-2024-27397	Hig	7.0	< 5.14.0-427.26.1.el9_4	5.14.0-427.26.1.el9_4	May 14, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate
CVE-2024-27399		—	< 5.14.0-503.19.1.el9_5	5.14.0-503.19.1.el9_5	May 13, 2024	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del(). When we use l2cap_chan_del() to delete the channel, the chan->conn will be
CVE-2024-27393		—	< 5.14.0-427.24.1.el9_4	5.14.0-427.24.1.el9_4	May 9, 2024	In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed
CVE-2024-27065	Hig	7.8	< 5.14.0-427.31.1.el9_4	5.14.0-427.31.1.el9_4	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags.
CVE-2024-27052	Hig	7.4	< 5.14.0-427.31.1.el9_4	5.14.0-427.31.1.el9_4	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().
CVE-2024-27049		—	< 5.14.0-427.31.1.el9_4	5.14.0-427.31.1.el9_4	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event af
CVE-2024-27046		—	< 5.14.0-427.28.1.el9_4	5.14.0-427.28.1.el9_4	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handle acti_netdevs allocation failure The kmalloc_array() in nfp_fl_lag_do_work() will return null, if the physical memory has run out. As a result, if we dereference the acti_netdevs, the null po
CVE-2024-27030		—	< 5.14.0-427.28.1.el9_4	5.14.0-427.28.1.el9_4	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Use separate handlers for interrupts For PF to AF interrupt vector and VF to AF vector same interrupt handler is registered which is causing race condition. When two interrupts are raised to two C
CVE-2024-27022	Hig	7.8	< 5.14.0-427.37.1.el9_4	5.14.0-427.37.1.el9_4	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole

CVE-2024-35797May 17, 2024
affected < 5.14.0-427.35.1.el9_4fixed 5.14.0-427.35.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix two shmem bugs When cachestat on shmem races with swapping and invalidation, there are two possible bugs: 1) A swapin error can have resulted in a poisoned swap entry in the shmem inode's
CVE-2024-35789HigMay 17, 2024
affected < 5.14.0-427.31.1.el9_4fixed 5.14.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can c
CVE-2024-35791May 17, 2024
affected < 5.14.0-427.35.1.el9_4fixed 5.14.0-427.35.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->lock to fix use-after-free issues where regi
CVE-2024-27435May 17, 2024
affected < 5.14.0-427.26.1.el9_4fixed 5.14.0-427.26.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After di
CVE-2024-27434May 17, 2024
affected < 5.14.0-427.31.1.el9_4fixed 5.14.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We
CVE-2023-52658May 17, 2024
affected < 5.14.0-427.40.1.el9_4fixed 5.14.0-427.40.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b. The revert is required due to the suspicion it is not good for anything and c
CVE-2024-27417May 17, 2024
affected < 5.14.0-427.31.1.el9_4fixed 5.14.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID value but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr() returns -EINV
CVE-2024-27415May 17, 2024
affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast)
CVE-2024-27403May 17, 2024
affected < 5.14.0-427.40.1.el9_4fixed 5.14.0-427.40.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_flow_offload: reset dst in route object after setting up flow dst is transferred to the flow object, route object does not own it anymore. Reset dst in route object, otherwise if flow_offload_ad
CVE-2024-21823HigMay 16, 2024
affected < 5.14.0-427.31.1.el9_4fixed 5.14.0-427.31.1.el9_4
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access
CVE-2024-25743HigMay 15, 2024
affected < 5.14.0-427.16.1.el9_4fixed 5.14.0-427.16.1.el9_4
In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES.
CVE-2024-27397HigMay 14, 2024
affected < 5.14.0-427.26.1.el9_4fixed 5.14.0-427.26.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate
CVE-2024-27399May 13, 2024
affected < 5.14.0-503.19.1.el9_5fixed 5.14.0-503.19.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del(). When we use l2cap_chan_del() to delete the channel, the chan->conn will be
CVE-2024-27393May 9, 2024
affected < 5.14.0-427.24.1.el9_4fixed 5.14.0-427.24.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed
CVE-2024-27065HigMay 1, 2024
affected < 5.14.0-427.31.1.el9_4fixed 5.14.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags.
CVE-2024-27052HigMay 1, 2024
affected < 5.14.0-427.31.1.el9_4fixed 5.14.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().
CVE-2024-27049May 1, 2024
affected < 5.14.0-427.31.1.el9_4fixed 5.14.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event af
CVE-2024-27046May 1, 2024
affected < 5.14.0-427.28.1.el9_4fixed 5.14.0-427.28.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handle acti_netdevs allocation failure The kmalloc_array() in nfp_fl_lag_do_work() will return null, if the physical memory has run out. As a result, if we dereference the acti_netdevs, the null po
CVE-2024-27030May 1, 2024
affected < 5.14.0-427.28.1.el9_4fixed 5.14.0-427.28.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Use separate handlers for interrupts For PF to AF interrupt vector and VF to AF vector same interrupt handler is registered which is causing race condition. When two interrupts are raised to two C
CVE-2024-27022HigMay 1, 2024
affected < 5.14.0-427.37.1.el9_4fixed 5.14.0-427.37.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole

Page 28 of 37