VYPR

rpm package

almalinux/kernel

pkg:rpm/almalinux/kernel

Vulnerabilities (1,233)

  • CVE-2026-31532HigApr 23, 2026
    affected < 5.14.0-687.10.1.el9_8fixed 5.14.0-687.10.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-after-free in raw_rcv() raw_release() unregisters raw CAN receive filters via can_rx_unregister(), but receiver deletion is deferred with call_rcu(). This leaves a window where raw_rc

  • CVE-2026-31508HigApr 22, 2026
    affected < 5.14.0-687.15.1.el9_8fixed 5.14.0-687.15.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasing netdev before teardown completes The patch cited in the Fixes tag below changed the teardown code for OVS ports to no longer unconditionally take the RTNL. After this change, t

  • CVE-2026-31467HigApr 22, 2026
    affected < 6.12.0-211.22.1.el10_2fixed 6.12.0-211.22.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio completion if needed The bio completion path in the process context (e.g. dm-verity) will directly call into decompression rather than trigger another workqueue context for minima

  • CVE-2026-31431HigKEVApr 22, 2026
    affected < 5.14.0-611.54.1.el9_7fixed 5.14.0-611.54.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the so

  • CVE-2026-31419HigApr 13, 2026
    affected < 6.12.0-211.22.1.el10_2fixed 6.12.0-211.22.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free in bond_xmit_broadcast() bond_xmit_broadcast() reuses the original skb for the last slave (determined by bond_is_last_slave()) and clones it for others. Concurrent slave enslave

  • CVE-2026-31408HigApr 6, 2026
    affected < 6.12.0-211.16.1.el10_2fixed 6.12.0-211.16.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold sco_recv_frame() reads conn->sk under sco_conn_lock() but immediately releases the lock without holding a reference to the socket.

  • CVE-2026-31402CriApr 3, 2026
    affected < 5.14.0-611.54.1.el9_7fixed 5.14.0-611.54.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer (rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses. This size was calculated bas

  • CVE-2026-23455CriApr 3, 2026
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() In DecodeQ931(), the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip the protocol discriminator by

  • CVE-2026-23401MedApr 1, 2026
    affected < 4.18.0-553.123.1.el8_10fixed 4.18.0-553.123.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so *after* dropping/zapping the existing SPTE (if it's shadow-present). While commit a54aa

  • CVE-2026-23392HigMar 25, 2026
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flowtable after rcu grace period on error Call synchronize_rcu() after unregistering the hooks from error path, since a hook that already refers to this flowtable can be already re

  • CVE-2026-23375MedMar 25, 2026
    affected < 6.12.0-211.18.1.el10_2fixed 6.12.0-211.18.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: mm: thp: deny THP for files on anonymous inodes file_thp_enabled() incorrectly allows THP for files on anonymous inodes (e.g. guest_memfd and secretmem). These files are created via alloc_file_pseudo(), which d

  • CVE-2026-23270HigMar 18, 2026
    affected < 5.14.0-611.54.1.el9_7fixed 5.14.0-611.54.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier [1]: "Since the blamed commit below, classify can return TC_ACT_CONSUMED while the current skb being held b

  • CVE-2026-23243HigMar 18, 2026
    affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD header sizes. With a mismatched user MAD header size and RMPP header length, data_len

  • CVE-2025-71238Mar 4, 2026
    affected < 4.18.0-553.117.1.el8_10fixed 4.18.0-553.117.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access

  • CVE-2026-23231HigMar 4, 2026
    affected < 5.14.0-611.47.1.el9_7fixed 5.14.0-611.47.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() nf_tables_addchain() publishes the chain to table->chains via list_add_tail_rcu() (in nft_chain_add()) before registering hooks. If nf_tables_reg

  • CVE-2026-23216Feb 18, 2026
    affected < 5.14.0-687.15.1.el9_8fixed 5.14.0-687.15.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked

  • CVE-2026-23210MedFeb 14, 2026
    affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi->rx_rings. The sequence was: 1. ice_ptp_prepare_for_reset

  • CVE-2026-23209HigFeb 14, 2026
    affected < 4.18.0-553.115.1.el8_10fixed 4.18.0-553.115.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip l

  • CVE-2026-23204HigFeb 14, 2026
    affected < 5.14.0-687.10.1.el9_8fixed 5.14.0-687.10.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro f

  • CVE-2026-23193HigFeb 14, 2026
    affected < 5.14.0-611.45.1.el9_7fixed 5.14.0-611.45.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the connecti

Page 3 of 62