Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Moderate Release date: 2025-11-19 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: can: isotp: fix potential CAN frame reception race in isotp_rcv() (CVE-2022-48830) * kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB (CVE-2024-46689) * kernel: Squashfs: sanity check symbolic link size (CVE-2024-46744) * kernel: vfs: fix race between evice_inodes() and find_inode()&iput() (CVE-2024-47679) * kernel: x86/tdx: Fix "in-kernel MMIO" check (CVE-2024-47727) * kernel: rxrpc: Fix a race between socket set up and I/O thread creation (CVE-2024-49864) * kernel: io_uring: check if we need to reschedule during overflow flush (CVE-2024-50060) * kernel: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (CVE-2022-49024) * kernel: posix-clock: Fix missing timespec64 check in pc_clock_settime() (CVE-2024-50195) * kernel: rxrpc: Fix missing locking causing hanging calls (CVE-2024-50294) * kernel: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (CVE-2024-53052) * kernel: afs: Fix lock recursion (CVE-2024-53090) * kernel: virtio/vsock: Fix accept_queue memory leak (CVE-2024-53119) * kernel: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (CVE-2024-53135) * kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466) (CVE-2024-53241) * kernel: RDMA/rxe: Fix the qp flush warnings in req (CVE-2024-53229) * kernel: block: fix uaf for flush rq while iterating tags (CVE-2024-53170) * kernel: nfsd: release svc_expkey/svc_export with rcu_work (CVE-2024-53216) * kernel: net: af_can: do not leave a dangling sk pointer in can_create() (CVE-2024-56603) * kernel: blk-cgroup: Fix UAF in blkcg_unpin_online() (CVE-2024-56672) * kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662) * kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (CVE-2024-56675) * kernel: can: j1939: j1939_session_new(): fix skb reference counting (CVE-2024-56645) * kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (CVE-2024-56690) * kernel: io_uring: check if iowq is killed before queuing (CVE-2024-56709) * kernel: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (CVE-2024-56739) * kernel: bpf: put bpf_link's program when link is safe to be deallocated (CVE-2024-56786) * kernel: igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332) * kernel: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (CVE-2024-53680) * kernel: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (CVE-2025-21648) * kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647) * kernel: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (CVE-2025-21631) * kernel: zram: fix potential UAF of zram table (CVE-2025-21671) * kernel: afs: Fix merge preference rule failure condition (CVE-2025-21672) * kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug (CVE-2025-21693) * kernel: cachestat: fix page cache statistics permission checking (CVE-2025-21691) * kernel: mm: clear uffd-wp PTE/PMD state on mremap() (CVE-2025-21696) * kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702) * kernel: usbnet: fix memory leak in error case (CVE-2022-49657) * kernel: powerpc/xics: fix refcount leak in icp_opal_init() (CVE-2022-49432) * kernel: net: tun: unlink NAPI from device on destruction (CVE-2022-49672) * kernel: powerpc/papr_scm: don't requests stats with '0' sized stats buffer (CVE-2022-49353) * kernel: powerpc/xive: Fix refcount leak in xive_spapr_init (CVE-2022-49437) * kernel: ima: Fix potential memory leak in ima_init_crypto() (CVE-2022-49627) * kernel: linux/dim: Fix divide by 0 in RDMA DIM (CVE-2022-49670) * kernel: can: isotp: sanitize CAN ID checks in isotp_bind() (CVE-2022-49269) * kernel: ima: Fix a potential integer overflow in ima_appraise_measurement (CVE-2022-49643) * kernel: powerpc/xive/spapr: correct bitmap allocation size (CVE-2022-49623) * kernel: efi: Do not import certificates from UEFI Secure Boot for T2 Macs (CVE-2022-49357) * kernel: list: fix a data-race around ep->rdllist (CVE-2022-49443) * kernel: tracing/histograms: Fix memory leak problem (CVE-2022-49648) * kernel: Input: synaptics - fix crash when enabling pass-through port (CVE-2025-21746) * kernel: NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795) * kernel: bpf: Send signals asynchronously if !preemptible (CVE-2025-21728) * kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() (CVE-2024-54456) * kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CVE-2024-57987) * kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014) * kernel: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CVE-2024-57988) * kernel: RDMA/mlx5: Fix implicit ODP use after free (CVE-2025-21714) * kernel: drm/xe/tracing: Fix a potential TP_printk UAF (CVE-2024-49570) * kernel: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (CVE-2024-57993) * kernel: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (CVE-2025-21729) * kernel: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links (CVE-2024-57989) * kernel: wifi: ath12k: Fix for out-of bound access error (CVE-2024-58015) * kernel: OPP: add index check to assert to avoid buffer overflow in _read_freq() (CVE-2024-57998) * kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) * kernel: nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796) * kernel: scsi: ufs: core: Fix use-after free in init error and remove paths (CVE-2025-21739) * kernel: workqueue: Put the pwq after detaching the rescuer from the pool (CVE-2025-21786) * kernel: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (CVE-2025-21738) * kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (CVE-2024-57986) * kernel: padata: avoid UAF for reorder_work (CVE-2025-21726) * kernel: vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791) * kernel: team: better TEAM_OPTION_TYPE_STRING validation (CVE-2025-21787) * kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981) * kernel: vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790) * kernel: wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (CVE-2024-57990) * kernel: ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765) * kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (CVE-2024-58012) * kernel: blk-cgroup: Fix class @block_class's subsystem refcount leakage (CVE-2025-21745) * kernel: net: let net.core.dev_weight always be non-zero (CVE-2025-21806) * kernel: wifi: rtlwifi: remove unused check_buddy_priv (CVE-2024-58072) * kernel: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (CVE-2024-58068) * kernel: wifi: iwlwifi: mvm: avoid NULL pointer dereference (CVE-2024-58062) * kernel: idpf: convert workqueues to unbound (CVE-2024-58057) * kernel: wifi: mac80211: don't flush non-uploaded STAs (CVE-2025-21828) * kernel: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (CVE-2024-58083) * kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length (CVE-2025-21826) * kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback (CVE-2024-58077) * kernel: crypto: tegra - do not transfer req when tegra init fails (CVE-2024-58075) * kernel: RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" (CVE-2025-21829) * kernel: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (CVE-2025-21839) * kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time (CVE-2025-21837) * kernel: information leak via transient execution vulnerability in some AMD processors (CVE-2024-36350) * kernel: transient execution vulnerability in some AMD processors (CVE-2024-36357) * kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel (CVE-2025-21851) * kernel: ibmvnic: Don't reference skb after sending to VIOS (CVE-2025-21855) * kernel: smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844) * kernel: bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853) * kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (CVE-2025-21847) * kernel: tcp: drop secpath at the same time as we currently drop dst (CVE-2025-21864) * kernel: bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088) * kernel: acct: perform last write from workqueue (CVE-2025-21846) * kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (CVE-2025-21861) * kernel: io_uring: prevent opcode speculation (CVE-2025-21863) * kernel: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (CVE-2025-21848) * kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056) * kernel: can: j1939: j1939_send_one(): fix missing CAN header initialization (CVE-2022-49845) * kernel: usb: typec: ucsi: displayport: Fix NULL pointer access (CVE-2025-37994) * kernel: wifi: ath12k: fix uaf in ath12k_core_init() (CVE-2025-38116) * kernel: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (CVE-2025-38396) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20518.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team