VYPR

rpm package

almalinux/kernel-zfcpdump-modules-core

pkg:rpm/almalinux/kernel-zfcpdump-modules-core

Vulnerabilities (729)

  • CVE-2024-26600Feb 24, 2024
    affected < 5.14.0-427.31.1.el9_4fixed 5.14.0-427.31.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Et

  • CVE-2023-52458MedFeb 23, 2024
    affected < 5.14.0-427.28.1.el9_4fixed 5.14.0-427.28.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If th

  • CVE-2023-52463Feb 23, 2024
    affected < 5.14.0-427.35.1.el9_4fixed 5.14.0-427.35.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as

  • CVE-2024-26593Feb 23, 2024
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to t

  • CVE-2023-52448Feb 22, 2024
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Syzkaller has reported a NULL pointer dereference when accessing rgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating rgd->rd_gl fails in r

  • CVE-2024-26586Feb 22, 2024
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn,

  • CVE-2024-26585Feb 21, 2024
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling

  • CVE-2024-26584Feb 21, 2024
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRES

  • CVE-2024-26583Feb 21, 2024
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touch

  • CVE-2024-26582Feb 21, 2024
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-a

  • CVE-2023-52439Feb 20, 2024
    affected < 5.14.0-427.37.1.el9_4fixed 5.14.0-427.37.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_device uio_open idev = idr_find() device_unregister(&idev->dev) put_device(&idev-

  • CVE-2023-52434Feb 20, 2024
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2_parse_contexts() Validate offsets and lengths before dereferencing create contexts in smb2_parse_contexts(). This fixes following oops when accessing invalid create cont

  • CVE-2024-26581Feb 20, 2024
    affected < 5.14.0-427.33.1.el9_4fixed 5.14.0-427.33.1.el9_4

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not

  • CVE-2023-6240Feb 4, 2024
    affected < 5.14.0-427.16.1.el9_4fixed 5.14.0-427.16.1.el9_4

    A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.

  • CVE-2024-1086KEVJan 31, 2024
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cau

  • CVE-2024-1085Jan 31, 2024
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the

  • CVE-2024-0841Jan 28, 2024
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

  • CVE-2023-51043Jan 23, 2024
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.

  • CVE-2023-6531Jan 21, 2024
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

  • CVE-2024-0565Jan 15, 2024
    affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4

    An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

Page 32 of 37