rpm package
almalinux/rv
pkg:rpm/almalinux/rv
Vulnerabilities (776)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40134 | — | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before t | ||
| CVE-2025-40133 | — | < 6.12.0-124.35.1.el10_1 | 6.12.0-124.35.1.el10_1 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). mptcp_active_enable() is called from subflow_finish_connect(), which is icsk->icsk_af_ops->sk_rx_dst_set() and it's not always under RCU. U | ||
| CVE-2025-40096 | — | < 5.14.0-611.45.1.el9_7 | 5.14.0-611.45.1.el9_7 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies When adding dependencies with drm_sched_job_add_dependency(), that function consumes the fence reference both on success and failure, | ||
| CVE-2025-40064 | — | < 5.14.0-611.34.1.el9_7 | 5.14.0-611.34.1.el9_7 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in __pnet_find_base_ndev(). syzbot reported use-after-free of net_device in __pnet_find_base_ndev(), which was called during connect(). [0] smc_pnet_find_ism_resource() fetches sk_dst_g | ||
| CVE-2025-40058 | — | < 5.14.0-611.11.1.el9_7 | 5.14.0-611.11.1.el9_7 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent page walk Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation to succeed, the paging- st | ||
| CVE-2025-40047 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress, | ||
| CVE-2025-40034 | — | < 6.12.0-211.7.1.el10_2 | 6.12.0-211.7.1.el10_2 | Oct 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn' | ||
| CVE-2025-39984 | — | < 6.12.0-124.21.1.el10_1 | 6.12.0-124.21.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi->skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skb_reset_mac_header include/linux/skbuff.h:3150 [inline] BUG: KASAN: slab-use-after-free in n | ||
| CVE-2025-39983 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not properly locking hdev when processing HCI_EV_NUM_COMP_PKTS: BUG: KASAN: slab-use-after-free in hci_conn_tx_dequeu | ||
| CVE-2025-39982 | — | < 6.12.0-124.20.1.el10_1 | 6.12.0-124.20.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connection still pending is command submission (conn->state == BT_OPEN) maybe freed, al | ||
| CVE-2025-39981 | — | < 5.14.0-611.11.1.el9_7 | 5.14.0-611.11.1.el9_7 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is intr | ||
| CVE-2025-39979 | — | < 5.14.0-611.13.1.el9_7 | 5.14.0-611.13.1.el9_7 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace [1] caused by releasing an HWS action of a local flow counter in mlx5_cmd_hws_delete_fte(), where the HWS action refcount and mutex were not init | ||
| CVE-2025-39971 | — | < 6.12.0-124.16.1.el10_1 | 6.12.0-124.16.1.el10_1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg(). | ||
| CVE-2025-39966 | Hig | 7.0 | < 5.14.0-611.16.1.el9_7 | 5.14.0-611.16.1.el9_7 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, it puts the file on a work queue and it will be released eventually. This is normally f | |
| CVE-2025-39955 | Hig | 7.8 | < 5.14.0-611.11.1.el9_7 | 5.14.0-611.11.1.el9_7 | Oct 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Ope | |
| CVE-2025-39933 | Med | 5.5 | < 5.14.0-611.24.1.el9_7 | 5.14.0-611.24.1.el9_7 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes. | |
| CVE-2023-53494 | Hig | 7.8 | < 5.14.0-570.60.1.el9_6 | 5.14.0-570.60.1.el9_6 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: xts - Handle EBUSY correctly As it is xts only handles the special return value of EINPROGRESS, which means that in all other cases it will free data related to the request. However, as the caller of x | |
| CVE-2025-39925 | Med | 5.5 | < 5.14.0-611.13.1.el9_7 | 5.14.0-611.13.1.el9_7 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UNREGISTER notification handler syzbot is reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have NETDEV_UNREG | |
| CVE-2025-39918 | Med | 5.5 | < 5.14.0-611.11.1.el9_7 | 5.14.0-611.11.1.el9_7 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix linked list corruption Never leave scheduled wcid entries on the temporary on-stack list | |
| CVE-2025-39905 | Hig | 7.0 | < 6.12.0-124.27.1.el10_1 | 6.12.0-124.27.1.el10_1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Currently phylink_resolve() protects itself against concurrent phylink_bringup_phy() or phylink_disconnect_phy() calls which mod |
- CVE-2025-40134Nov 12, 2025affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before t
- CVE-2025-40133Nov 12, 2025affected < 6.12.0-124.35.1.el10_1fixed 6.12.0-124.35.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). mptcp_active_enable() is called from subflow_finish_connect(), which is icsk->icsk_af_ops->sk_rx_dst_set() and it's not always under RCU. U
- CVE-2025-40096Oct 30, 2025affected < 5.14.0-611.45.1.el9_7fixed 5.14.0-611.45.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies When adding dependencies with drm_sched_job_add_dependency(), that function consumes the fence reference both on success and failure,
- CVE-2025-40064Oct 28, 2025affected < 5.14.0-611.34.1.el9_7fixed 5.14.0-611.34.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in __pnet_find_base_ndev(). syzbot reported use-after-free of net_device in __pnet_find_base_ndev(), which was called during connect(). [0] smc_pnet_find_ism_resource() fetches sk_dst_g
- CVE-2025-40058Oct 28, 2025affected < 5.14.0-611.11.1.el9_7fixed 5.14.0-611.11.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent page walk Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation to succeed, the paging- st
- CVE-2025-40047Oct 28, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress,
- CVE-2025-40034Oct 28, 2025affected < 6.12.0-211.7.1.el10_2fixed 6.12.0-211.7.1.el10_2
In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn'
- CVE-2025-39984Oct 15, 2025affected < 6.12.0-124.21.1.el10_1fixed 6.12.0-124.21.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi->skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skb_reset_mac_header include/linux/skbuff.h:3150 [inline] BUG: KASAN: slab-use-after-free in n
- CVE-2025-39983Oct 15, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not properly locking hdev when processing HCI_EV_NUM_COMP_PKTS: BUG: KASAN: slab-use-after-free in hci_conn_tx_dequeu
- CVE-2025-39982Oct 15, 2025affected < 6.12.0-124.20.1.el10_1fixed 6.12.0-124.20.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connection still pending is command submission (conn->state == BT_OPEN) maybe freed, al
- CVE-2025-39981Oct 15, 2025affected < 5.14.0-611.11.1.el9_7fixed 5.14.0-611.11.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is intr
- CVE-2025-39979Oct 15, 2025affected < 5.14.0-611.13.1.el9_7fixed 5.14.0-611.13.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace [1] caused by releasing an HWS action of a local flow counter in mlx5_cmd_hws_delete_fte(), where the HWS action refcount and mutex were not init
- CVE-2025-39971Oct 15, 2025affected < 6.12.0-124.16.1.el10_1fixed 6.12.0-124.16.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg().
- affected < 5.14.0-611.16.1.el9_7fixed 5.14.0-611.16.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, it puts the file on a work queue and it will be released eventually. This is normally f
- affected < 5.14.0-611.11.1.el9_7fixed 5.14.0-611.11.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Ope
- affected < 5.14.0-611.24.1.el9_7fixed 5.14.0-611.24.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes.
- affected < 5.14.0-570.60.1.el9_6fixed 5.14.0-570.60.1.el9_6
In the Linux kernel, the following vulnerability has been resolved: crypto: xts - Handle EBUSY correctly As it is xts only handles the special return value of EINPROGRESS, which means that in all other cases it will free data related to the request. However, as the caller of x
- affected < 5.14.0-611.13.1.el9_7fixed 5.14.0-611.13.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UNREGISTER notification handler syzbot is reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 problem, for j1939 protocol did not have NETDEV_UNREG
- affected < 5.14.0-611.11.1.el9_7fixed 5.14.0-611.11.1.el9_7
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix linked list corruption Never leave scheduled wcid entries on the temporary on-stack list
- affected < 6.12.0-124.27.1.el10_1fixed 6.12.0-124.27.1.el10_1
In the Linux kernel, the following vulnerability has been resolved: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Currently phylink_resolve() protects itself against concurrent phylink_bringup_phy() or phylink_disconnect_phy() calls which mod
Page 8 of 39