almalinux/kernel-zfcpdump-modules

Vulnerabilities (1,170)

• CVE-2025-38159Jul 3, 2025
  affected < 4.18.0-553.69.1.el8_10fixed 4.18.0-553.69.1.el8_10

  In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], &para[1])', which reads 5 bytes:

• CVE-2025-38141Jul 3, 2025
  affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7

  In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that md->zone_revalidate_map will change while calling this function. Only read it on

• CVE-2025-38129Jul 3, 2025
  affected < 5.14.0-611.35.1.el9_7fixed 5.14.0-611.35.1.el9_7

  In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of

• CVE-2025-38116Jul 3, 2025
  affected < 6.12.0-124.8.1.el10_1fixed 6.12.0-124.8.1.el10_1

  In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix uaf in ath12k_core_init() When the execution of ath12k_core_hw_group_assign() or ath12k_core_hw_group_create() fails, the registered notifier chain is not unregistered properly. Its memory is

• CVE-2025-38110Jul 3, 2025
  affected < 5.14.0-570.30.1.el9_6fixed 5.14.0-570.30.1.el9_6

  In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via C45 (clause 45) mdiobus, t

• CVE-2025-38109Jul 3, 2025
  affected < 5.14.0-611.47.1.el9_7fixed 5.14.0-611.47.1.el9_7

  In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix ECVF vports unload on shutdown flow Fix shutdown flow UAF when a virtual function is created on the embedded chip (ECVF) of a BlueField device. In such case the vport acl ingress table is not prop

• CVE-2025-38106Jul 3, 2025
  affected < 5.14.0-611.38.1.el9_7fixed 5.14.0-611.38.1.el9_7

  In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60 Read of size 8 at addr ffff88810de2d2c8 by task a.out/304 CPU:

• CVE-2025-38097Jul 3, 2025
  affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2

  In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to reference leaks when we try to delete the netns. The reference chain is: xfrm_state ->

• CVE-2025-38089Jun 30, 2025
  affected < 5.14.0-570.28.1.el9_6fixed 5.14.0-570.28.1.el9_6

  In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC rep

• CVE-2025-38087Jun 30, 2025
  affected < 5.14.0-570.32.1.el9_6fixed 5.14.0-570.32.1.el9_6

  In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in taprio_dev_notifier Since taprio’s taprio_dev_notifier() isn’t protected by an RCU read-side critical section, a race with advance_sched() can lead to a use-after-free. Adding

• CVE-2025-38086Jun 28, 2025
  affected < 4.18.0-553.63.1.el8_10fixed 4.18.0-553.63.1.el8_10

  In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called "buff"

• CVE-2025-38085Jun 28, 2025
  affected < 4.18.0-553.69.1.el8_10fixed 4.18.0-553.69.1.el8_10

  In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table us

• CVE-2025-38084Jun 28, 2025
  affected < 5.14.0-570.35.1.el9_6fixed 5.14.0-570.35.1.el9_6

  In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA lock and rmap locks are take

• CVE-2022-50228Jun 18, 2025
  affected < 4.18.0-553.79.1.el8_10fixed 4.18.0-553.79.1.el8_10

  In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVM_SET_VCPU_EVENTS (

• CVE-2022-50087Jun 18, 2025
  affected < 4.18.0-553.77.1.el8_10fixed 4.18.0-553.77.1.el8_10

  In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it

• CVE-2022-50020Jun 18, 2025
  affected < 4.18.0-553.66.1.el8_10fixed 4.18.0-553.66.1.el8_10

  In the Linux kernel, the following vulnerability has been resolved: ext4: avoid resizing to a partial cluster size This patch avoids an attempt to resize the filesystem to an unaligned cluster boundary. An online resize to a size that is not integral to cluster size results in

• CVE-2022-49985Jun 18, 2025
  affected < 4.18.0-553.74.1.el8_10fixed 4.18.0-553.74.1.el8_10

  In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnum_range on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-

• CVE-2022-49977Jun 18, 2025
  affected < 4.18.0-553.64.1.el8_10fixed 4.18.0-553.64.1.el8_10

  In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead ftrace_startup does not remove ops from ftrace_ops_list when ftrace_startup_enable fails: register_ftrace_function ftrace_star

• CVE-2025-38079HigJun 18, 2025
  affected < 4.18.0-553.66.1.el8_10fixed 4.18.0-553.66.1.el8_10

  In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_relea

• CVE-2025-38052Jun 18, 2025
  affected < 5.14.0-570.32.1.el9_6fixed 5.14.0-570.32.1.el9_6

  In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: