rpm package
almalinux/rv
pkg:rpm/almalinux/rv
Vulnerabilities (669)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-26640 | — | < 5.14.0-427.42.1.el9_4 | 5.14.0-427.42.1.el9_4 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page mu | ||
| CVE-2024-26633 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->hea | ||
| CVE-2023-52610 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, the last frag's reference is reset in: inet_frag_reasm_prepare skb_morph w | ||
| CVE-2023-28746 | Med | 6.5 | < 5.14.0-427.40.1.el9_4 | 5.14.0-427.40.1.el9_4 | Mar 14, 2024 | Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2024-26630 | — | < 5.14.0-427.35.1.el9_4 | 5.14.0-427.35.1.el9_4 | Mar 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not | ||
| CVE-2024-26629 | Med | 5.5 | < 5.14.0-427.35.1.el9_4 | 5.14.0-427.35.1.el9_4 | Mar 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kd | |
| CVE-2023-52581 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak when more than 255 elements expired When more than 255 elements expired we're supposed to switch to a new gc container structure. This never happens: u8 type will wrap before | ||
| CVE-2023-52580 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/core: Fix ETH_P_1588 flow dissector When a PTP ethernet raw frame with a size of more than 256 bytes followed by a 0xff pattern is sent to __skb_flow_dissect, nhoff value calculation is wrong. For example: | ||
| CVE-2023-52578 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEV_STATS_INC() syzbot/KCSAN reported data-races in br_handle_frame_finish() [1] This function can run from multiple cpus without mutual exclusion. Adopt SMP safe DEV_STATS_INC() to update dev | ||
| CVE-2023-52574 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel NULL pointer dereference, address: 0000000000000228 ... RIP: 0010:vlan_dev_hard_he | ||
| CVE-2023-52529 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: HID: sony: Fix a potential memory leak in sony_probe() If an error occurs after a successful usb_alloc_urb() call, usb_free_urb() should be called. | ||
| CVE-2023-52522 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: fix possible store tearing in neigh_periodic_work() While looking at a related syzbot report involving neigh_periodic_work(), I found that I forgot to add an annotation when deleting an RCU protected item | ||
| CVE-2022-48627 | — | < 5.14.0-427.26.1.el9_4 | 5.14.0-427.26.1.el9_4 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to m | ||
| CVE-2024-26615 | — | < 5.14.0-503.16.1.el9_5 | 5.14.0-503.16.1.el9_5 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 1 | ||
| CVE-2023-52490 | — | < 5.14.0-503.26.1.el9_5 | 5.14.0-503.26.1.el9_5 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual | ||
| CVE-2023-52489 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memory_section->usage The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that [ZONE_NORMA | ||
| CVE-2023-52476 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: perf/x86/lbr: Filter vsyscall addresses We found that a panic can occur when a vsyscall is made while LBR sampling is active. If the vsyscall is interrupted (NMI) for perf sampling, this call sequence can occur | ||
| CVE-2023-51779 | Hig | 7.0 | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Feb 29, 2024 | bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition. | |
| CVE-2024-26602 | — | < 5.14.0-427.13.1.el9_4 | 5.14.0-427.13.1.el9_4 | Feb 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize | ||
| CVE-2024-26600 | — | < 5.14.0-427.31.1.el9_4 | 5.14.0-427.31.1.el9_4 | Feb 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Et |
- CVE-2024-26640Mar 18, 2024affected < 5.14.0-427.42.1.el9_4fixed 5.14.0-427.42.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page mu
- CVE-2024-26633Mar 18, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->hea
- CVE-2023-52610Mar 18, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, the last frag's reference is reset in: inet_frag_reasm_prepare skb_morph w
- affected < 5.14.0-427.40.1.el9_4fixed 5.14.0-427.40.1.el9_4
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2024-26630Mar 13, 2024affected < 5.14.0-427.35.1.el9_4fixed 5.14.0-427.35.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not
- affected < 5.14.0-427.35.1.el9_4fixed 5.14.0-427.35.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kd
- CVE-2023-52581Mar 2, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak when more than 255 elements expired When more than 255 elements expired we're supposed to switch to a new gc container structure. This never happens: u8 type will wrap before
- CVE-2023-52580Mar 2, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net/core: Fix ETH_P_1588 flow dissector When a PTP ethernet raw frame with a size of more than 256 bytes followed by a 0xff pattern is sent to __skb_flow_dissect, nhoff value calculation is wrong. For example:
- CVE-2023-52578Mar 2, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEV_STATS_INC() syzbot/KCSAN reported data-races in br_handle_frame_finish() [1] This function can run from multiple cpus without mutual exclusion. Adopt SMP safe DEV_STATS_INC() to update dev
- CVE-2023-52574Mar 2, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel NULL pointer dereference, address: 0000000000000228 ... RIP: 0010:vlan_dev_hard_he
- CVE-2023-52529Mar 2, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: HID: sony: Fix a potential memory leak in sony_probe() If an error occurs after a successful usb_alloc_urb() call, usb_free_urb() should be called.
- CVE-2023-52522Mar 2, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: net: fix possible store tearing in neigh_periodic_work() While looking at a related syzbot report involving neigh_periodic_work(), I found that I forgot to add an annotation when deleting an RCU protected item
- CVE-2022-48627Mar 2, 2024affected < 5.14.0-427.26.1.el9_4fixed 5.14.0-427.26.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to m
- CVE-2024-26615Feb 29, 2024affected < 5.14.0-503.16.1.el9_5fixed 5.14.0-503.16.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 1
- CVE-2023-52490Feb 29, 2024affected < 5.14.0-503.26.1.el9_5fixed 5.14.0-503.26.1.el9_5
In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual
- CVE-2023-52489Feb 29, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memory_section->usage The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that [ZONE_NORMA
- CVE-2023-52476Feb 29, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: perf/x86/lbr: Filter vsyscall addresses We found that a panic can occur when a vsyscall is made while LBR sampling is active. If the vsyscall is interrupted (NMI) for perf sampling, this call sequence can occur
- affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.
- CVE-2024-26602Feb 24, 2024affected < 5.14.0-427.13.1.el9_4fixed 5.14.0-427.13.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize
- CVE-2024-26600Feb 24, 2024affected < 5.14.0-427.31.1.el9_4fixed 5.14.0-427.31.1.el9_4
In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Et
Page 31 of 34