VYPR

rpm package

almalinux/kernel

pkg:rpm/almalinux/kernel

Vulnerabilities (1,233)

  • CVE-2022-50865Dec 30, 2025
    affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and in tcp_add_backlog(), the variable limit is caculated by adding sk_rcvbuf, sk_sndbuf an

  • CVE-2025-68741Dec 24, 2025
    affected < 5.14.0-687.10.1.el9_8fixed 5.14.0-687.10.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(). The qla24xx_alloc_pur

  • CVE-2025-68724Dec 24, 2025
    affected < 4.18.0-553.123.1.el8_10fixed 4.18.0-553.123.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_k

  • CVE-2025-68366Dec 24, 2025
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK: nbd_genl_connect nbd_alloc_and_init_config // config_refs=1 nbd_start_devic

  • CVE-2025-68349Dec 24, 2025
    affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs

  • CVE-2025-68347Dec 24, 2025
    affected < 4.18.0-553.126.1.el8_10fixed 4.18.0-553.126.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write more bytes to the user buffer than requested, when a user provides a buffer smaller

  • CVE-2025-68305Dec 16, 2025
    affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind There is a potential race condition between sock bind and socket write iter. bind may free the same cmd via mgmt_pending before write iter se

  • CVE-2025-68301Dec 16, 2025
    affected < 4.18.0-553.94.1.el8_10fixed 4.18.0-553.94.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAX_SKB_FRAGS (17) fragments when handling large multi-descriptor packets. This causes an out-of-b

  • CVE-2025-68287Dec 16, 2025
    affected < 5.14.0-611.24.1.el9_7fixed 5.14.0-611.24.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths This patch addresses a race condition caused by unsynchronized execution of multiple call paths invoking `dwc3_remove_requests(

  • CVE-2025-68285Dec 16, 2025
    affected < 4.18.0-553.92.1.el8_10fixed 4.18.0-553.92.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both

  • CVE-2025-68183Dec 16, 2025
    affected < 5.14.0-687.12.1.el9_8fixed 5.14.0-687.12.1.el9_8

    In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in se

  • CVE-2022-50673Dec 9, 2025
    affected < 4.18.0-553.104.1.el8_10fixed 4.18.0-553.104.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_orphan_cleanup I caught a issue as follows: ================================================================== BUG: KASAN: use-after-free in __list_add_valid+0x28/0x1a0 Read o

  • CVE-2023-53781Dec 9, 2025
    affected < 4.18.0-553.132.1.el8_10fixed 4.18.0-553.132.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcp_write_timer_handler(). With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcp_write_timer_handler() by kernel TCP sockets. [0] If SMC creates a kernel so

  • CVE-2023-53762Dec 8, 2025
    affected < 4.18.0-553.105.1.el8_10fixed 4.18.0-553.105.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync Use-after-free can occur in hci_disconnect_all_sync if a connection is deleted by concurrent processing of a controller event. To prevent this the code n

  • CVE-2025-40322Dec 8, 2025
    affected < 4.18.0-553.100.1.el8_10fixed 4.18.0-553.100.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bit_putcs* bit_putcs_aligned()/unaligned() derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and

  • CVE-2025-40320Dec 8, 2025
    affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential cfid UAF in smb2_query_info_compound When smb2_query_info_compound() retries, a previously allocated cfid may have been freed in the first attempt. Because cfid wasn't reset on replay

  • CVE-2025-40318Dec 8, 2025
    affected < 5.14.0-611.30.1.el9_7fixed 5.14.0-611.30.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once hci_cmd_sync_dequeue_once() does lookup and then cancel the entry under two separate lock sections. Meanwhile, hci_cmd_sync_work() can also delete the

  • CVE-2025-40304Dec 8, 2025
    affected < 4.18.0-553.105.1.el8_10fixed 4.18.0-553.105.1.el8_10

    In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is of

  • CVE-2025-40301Dec 8, 2025
    affected < 6.12.0-124.31.1.el10_1fixed 6.12.0-124.31.1.el10_1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: validate skb length for unknown CC opcode In hci_cmd_complete_evt(), if the command complete event has an unknown opcode, we assume the first byte of the remaining skb->data contains the r

  • CVE-2025-40294Dec 8, 2025
    affected < 5.14.0-611.26.1.el9_7fixed 5.14.0-611.26.1.el9_7

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() In the parse_adv_monitor_pattern() function, the value of the 'length' variable is currently limited to HCI_MAX_EXT_AD_LENGTH(251). The size of the

Page 5 of 62