rpm package

almalinux/kernel-zfcpdump-modules-extra

pkg:rpm/almalinux/kernel-zfcpdump-modules-extra

Vulnerabilities (1,110)

CVE	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2023-28464	—		< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Mar 31, 2023	hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
CVE-2022-4744	—		< 5.14.0-162.22.2.el9_1	5.14.0-162.22.2.el9_1	Mar 30, 2023	A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the
CVE-2023-28866	—		< 5.14.0-427.13.1.el9_4	5.14.0-427.13.1.el9_4	Mar 27, 2023	In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.
CVE-2023-1637	—		< 5.14.0-284.30.1.el9_2	5.14.0-284.30.1.el9_2	Mar 27, 2023	A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unaut
CVE-2023-1079	—		< 4.18.0-513.5.1.el8_9	4.18.0-513.5.1.el8_9	Mar 27, 2023	A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct
CVE-2023-1075	—		< 4.18.0-513.5.1.el8_9	4.18.0-513.5.1.el8_9	Mar 27, 2023	A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.
CVE-2023-1074	—		< 4.18.0-513.5.1.el8_9	4.18.0-513.5.1.el8_9	Mar 27, 2023	A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.
CVE-2023-1073	—		< 4.18.0-513.5.1.el8_9	4.18.0-513.5.1.el8_9	Mar 27, 2023	A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2023-0179	—		< 5.14.0-162.18.1.el9_1	5.14.0-162.18.1.el9_1	Mar 27, 2023	A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
CVE-2023-28772	—		< 4.18.0-513.5.1.el8_9	4.18.0-513.5.1.el8_9	Mar 23, 2023	An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
CVE-2023-1252	—		< 4.18.0-513.5.1.el8_9	4.18.0-513.5.1.el8_9	Mar 23, 2023	A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a254403760
CVE-2023-0590	—		< 5.14.0-284.11.1.el9_2	5.14.0-284.11.1.el9_2	Mar 23, 2023	A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
CVE-2023-1281	—		< 4.18.0-477.21.1.el8_8	4.18.0-477.21.1.el8_8	Mar 22, 2023	Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A l
CVE-2023-0386	—	KEV	< 4.18.0-425.19.2.el8_7	4.18.0-425.19.2.el8_7	Mar 22, 2023	A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a loca
CVE-2023-28466	—		< 5.14.0-284.18.1.el9_2	5.14.0-284.18.1.el9_2	Mar 15, 2023	do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
CVE-2022-3707	—		< 5.14.0-284.11.1.el9_2	5.14.0-284.11.1.el9_2	Mar 6, 2023	A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.
CVE-2022-3424	—		< 5.14.0-570.19.1.el9_6	5.14.0-570.19.1.el9_6	Mar 6, 2023	A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate
CVE-2023-1118	—		< 4.18.0-513.5.1.el8_9	4.18.0-513.5.1.el8_9	Mar 2, 2023	A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVE-2023-0461	—		< 5.14.0-284.11.1.el9_2	5.14.0-284.11.1.el9_2	Feb 28, 2023	There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege
CVE-2023-26545	—		< 4.18.0-513.5.1.el8_9	4.18.0-513.5.1.el8_9	Feb 25, 2023	In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

CVE-2023-28464Mar 31, 2023
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
CVE-2022-4744Mar 30, 2023
affected < 5.14.0-162.22.2.el9_1fixed 5.14.0-162.22.2.el9_1
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the
CVE-2023-28866Mar 27, 2023
affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.
CVE-2023-1637Mar 27, 2023
affected < 5.14.0-284.30.1.el9_2fixed 5.14.0-284.30.1.el9_2
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unaut
CVE-2023-1079Mar 27, 2023
affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct
CVE-2023-1075Mar 27, 2023
affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.
CVE-2023-1074Mar 27, 2023
affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.
CVE-2023-1073Mar 27, 2023
affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2023-0179Mar 27, 2023
affected < 5.14.0-162.18.1.el9_1fixed 5.14.0-162.18.1.el9_1
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
CVE-2023-28772Mar 23, 2023
affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
CVE-2023-1252Mar 23, 2023
affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a254403760
CVE-2023-0590Mar 23, 2023
affected < 5.14.0-284.11.1.el9_2fixed 5.14.0-284.11.1.el9_2
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
CVE-2023-1281Mar 22, 2023
affected < 4.18.0-477.21.1.el8_8fixed 4.18.0-477.21.1.el8_8
Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A l
CVE-2023-0386KEVMar 22, 2023
affected < 4.18.0-425.19.2.el8_7fixed 4.18.0-425.19.2.el8_7
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a loca
CVE-2023-28466Mar 15, 2023
affected < 5.14.0-284.18.1.el9_2fixed 5.14.0-284.18.1.el9_2
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
CVE-2022-3707Mar 6, 2023
affected < 5.14.0-284.11.1.el9_2fixed 5.14.0-284.11.1.el9_2
A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.
CVE-2022-3424Mar 6, 2023
affected < 5.14.0-570.19.1.el9_6fixed 5.14.0-570.19.1.el9_6
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate
CVE-2023-1118Mar 2, 2023
affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVE-2023-0461Feb 28, 2023
affected < 5.14.0-284.11.1.el9_2fixed 5.14.0-284.11.1.el9_2
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege
CVE-2023-26545Feb 25, 2023
affected < 4.18.0-513.5.1.el8_9fixed 4.18.0-513.5.1.el8_9
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

Page 50 of 56