[CLSA-2026:1782151303] kernel: Fix of 150 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-12 00:39:12 UTC
Description:
- spi: spi-fsl-lpspi: fix teardown order issue (UAF) {CVE-2026-31485} - Buffer overflow in drivers/xen/sys-hypervisor.c {CVE-2026-31786} - ip6_tunnel: clear skb2->cb[] in ip4ip6_err() {CVE-2026-43037} - net: bonding: fix use-after-free in bond_xmit_broadcast() {CVE-2026-31419} - bonding: do not set usable_slaves for broadcast mode {CVE-2026-31419} - net: bonding: update the slave array for broadcast mode {CVE-2026-31419} - dlm: validate length in dlm_search_rsb_tree {CVE-2026-43125} - net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check {CVE-2026-23448} - net: Fix an unsafe loop on the list {CVE-2024-50024} - sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy {CVE-2025-21636} - wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx {CVE-2023-54300} - wifi: nl80211: reject cooked mode if it is set along with other flags {CVE-2025-21909} - drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream {CVE-2024-49913} - xfrm: validate new SA's prefixlen using SA family when sel.family is unset {CVE-2024-50142} - serial: imx: Introduce timeout when waiting on transmitter empty {CVE-2024-40967} - iommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind {CVE-2023-53501} - octeontx2-af: Add validation before accessing cgx and lmac {CVE-2023-53654} - sctp: sysctl: rto_min/max: avoid using current->nsproxy {CVE-2025-21639} - net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices {CVE-2023-52984} - sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start {CVE-2024-49944} - netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path {CVE-2026-43451} - thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR {CVE-2022-48703} - x86/mm: Fix pti_clone_pgtable() alignment assumption {CVE-2024-44965} - net: usb: asix_devices: add phy_mask for ax88772 mdio bus {CVE-2025-38725} - ALSA: hda: Do not unset preset when cleaning up codec {CVE-2023-52736} - drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func {CVE-2024-49909} - Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE {CVE-2024-53144} - fuse: Initialize beyond-EOF page contents before setting uptodate {CVE-2024-44947} - sctp: sysctl: udp_port: avoid using current->nsproxy {CVE-2025-21637} - dm stats: check for and propagate alloc_percpu failure {CVE-2023-53044} - netpoll: Fix race condition in netpoll_owner_active {CVE-2024-41005} - tracing: Fix overflow in get_free_elt() {CVE-2024-43890} - mm/slub: avoid accessing metadata when pointer is invalid in object_err() {CVE-2025-39902} - xen/netfront: stop tx queues during live migration {CVE-2022-48969} - Bluetooth: btusb: clamp SCO altsetting table indices {CVE-2026-31497} - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free {CVE-2025-38105} - can: j1939: make j1939_sk_bind() fail if device is no longer registered {CVE-2025-39925} - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() {CVE-2023-52508} - smb: client: Don't log plaintext credentials in cifs_set_cifscreds {CVE-2026-23303} - cifs: Fix integer overflow while processing acdirmax mount option {CVE-2025-21963} - netfilter: nfnetlink_log: account for netlink header size {CVE-2026-31416} - drm/amdgpu/vkms: fix a possible null pointer dereference {CVE-2023-52815} - drm/amd/amdgpu: Check tbo resource pointer {CVE-2024-46807} - bonding: fix null pointer deref in bond_ipsec_offload_ok {CVE-2024-44990} - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower {CVE-2024-50237} - trace_events_hist: add check for return value of 'create_hist_field' {CVE-2023-53005} - drm/amdkfd: Add sync after creating vram bo {CVE-2023-53009} - bpf: Send signals asynchronously if !preemptible {CVE-2025-21728} - drm/client: fix null pointer dereference in drm_client_modeset_probe {CVE-2024-43894} - ext4: correct grp validation in ext4_mb_good_group {CVE-2023-53861} - RDMA/irdma: Initialize free_qp completion before using it {CVE-2026-31492} - usb: udc: remove warning when queue disabled ep {CVE-2024-35822} - bpf: Remove tst_run from lwt_seg6local_prog_ops. {CVE-2024-46754} - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet {CVE-2024-56590} - tls: stop recv() if initial process_rx_list gave us non-DATA {CVE-2024-58239} - iommu/vt-d: Clean up si_domain in the init_dmars() error path {CVE-2022-50482} - ext4: update s_journal_inum if it changes after journal replay {CVE-2023-53091} - cifs: Fix xid leak in cifs_copy_file_range() {CVE-2022-50643} - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit {CVE-2024-49938} - nbd: null check for nla_nest_start {CVE-2024-27025} - netfilter: ipset: Hold module reference while requesting a module {CVE-2024-56637} - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 {CVE-2024-46817} - Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() {CVE-2026-31512} - Bluetooth: MGMT: Add error handling to pair_device() {CVE-2024-43884} - netfilter: nf_conntrack_expect: skip expectations in other netns via proc {CVE-2026-31496} - nvme-pci: fix mempool alloc size {CVE-2022-50756} - fs: fix fd table size alignment properly {CVE-2024-45025} - gpio: sim: fix a memory leak {CVE-2023-52706} - ice: switch: fix potential memleak in ice_add_adv_recipe() {CVE-2022-48709} - netfilter: ebtables: fix memory leak when blob is malformed {CVE-2022-48641} - mfd: syscon: Fix null pointer dereference in of_syscon_register() {CVE-2023-52467} - netfilter: ipset: drop logically empty buckets in mtype_del {CVE-2026-31418} - scsi: megaraid_sas: Fix for a potential deadlock {CVE-2024-57807} - ALSA: hda: Fix possible null-ptr-deref when assigning a stream {CVE-2023-52806} - drm/amd/display: Avoid NULL dereference of timing generator {CVE-2023-52753} - netfilter: nft_socket: fix sk refcount leaks {CVE-2024-46855} - Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken {CVE-2025-38099} - objtool: Fix memory leak in create_static_call_sections() {CVE-2023-53423} - ceph: defer stopping mdsc delayed_work - drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga {CVE-2023-52819} - rethook: fix a potential memleak in rethook_alloc() {CVE-2022-49795} - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() {CVE-2022-49787} - scsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove() {CVE-2023-53132} - cifs: fix small mempool leak in SMB2_negotiate() {CVE-2022-49938} - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() {CVE-2022-50191} - watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource {CVE-2022-50110} - drm/ttm: fix bulk_move corruption when adding a entry {CVE-2023-53444} - clk: Fix memory leak in devm_clk_notifier_register() {CVE-2023-53674} - md: raid1: fix potential OOB in raid1_remove_disk() {CVE-2023-53722} - wifi: mt76: mt7921: fix skb leak by txs missing in AMSDU {CVE-2023-54052} - drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags {CVE-2024-49923} - recordmcount: Fix memory leaks in the uwrite function {CVE-2023-53318} - crypto: cavium - prevent integer overflow loading firmware {CVE-2022-50330} - integrity: Fix memory leakage in keyring allocation error path {CVE-2022-50395} - mmc: toshsd: fix return value check of mmc_add_host() {CVE-2022-50886} - RDMA/efa: Fix wrong resources deallocation order {CVE-2023-54201} - inet: read sk->sk_family once in inet_recv_error() {CVE-2024-26679} - ALSA: pcm: Add sanity NULL check for the default mmap fault handler {CVE-2024-53180} - net_sched: Prevent creation of classes with TC_H_ROOT {CVE-2025-21971} - net: usb: smsc95xx: Limit packet length to skb->len {CVE-2023-53062} - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() {CVE-2024-35930} - devres: Fix memory leakage caused by driver API devm_free_percpu() {CVE-2024-43871} - rdma/cxgb4: Prevent potential integer overflow on 32bit {CVE-2024-57973} - ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects {CVE-2023-53708} - rxrpc: Fix missing locking causing hanging calls {CVE-2024-50294} - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() {CVE-2024-50008} - ELF: fix kernel.randomize_va_space double read {CVE-2024-46826} - crypto: bcm - add error check in the ahash_hmac_init function {CVE-2024-56681} - drm/amd/pm: fix null pointer access {CVE-2025-38705} - ALSA: line6: Fix racy access to midibuf {CVE-2024-44954} - ALSA: us122l: Use snd_card_free_when_closed() at disconnection {CVE-2024-56532} - drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node {CVE-2023-52662} - drm/amd/display: Initialize denominators' default to 1 {CVE-2024-49899} - ipmi: fix use after free in _ipmi_destroy_user() {CVE-2022-50677} - Bluetooth: Fix memory leak in hci_req_sync_complete() {CVE-2024-35978} - null_blk: fix validation of block size {CVE-2024-41077} - ionic: Fix netdev notifier unregister on failure {CVE-2024-56715} - cifs: Fix integer overflow while processing acregmax mount option {CVE-2025-21964} - pm: cpupower: bench: Prevent NULL dereference on malloc failure {CVE-2025-37841} - nvmet-tcp: fix kernel crash if commands allocation fails {CVE-2024-46737} - netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() {CVE-2024-50259} - wireguard: allowedips: avoid unaligned 64-bit memory accesses {CVE-2024-42247} - drm/amd/pm: Prevent division by zero {CVE-2025-37770} - drm/sched: Increment job count before swapping tail spsc queue {CVE-2025-38515} - i2c: qup: jump out of the loop in case of timeout {CVE-2025-38671} - brcmfmac: return error when getting invalid max_flowrings from dongle {CVE-2022-50358} - PNP: fix name memory leak in pnp_alloc_dev() {CVE-2022-50278} - NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN {CVE-2025-38393} - regmap: Fix race condition in hwspinlock irqsave routine {CVE-2026-23071} - drm/amd/pm: Prevent division by zero {CVE-2025-37768} - scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() {CVE-2022-49780} - RDMA/cm: Fix leaking the multicast GID table reference {CVE-2025-71084} - netfilter: ctnetlink: ensure safe access to master conntrack {CVE-2026-43116} - drop_monitor: fix incorrect initialization order {CVE-2025-21862} - wifi: nl80211: disallow setting special AP channel widths {CVE-2024-43912} - net/mlx5: Fix steering rules cleanup {CVE-2023-53079} - usbnet: Fix using smp_processor_id() in preemptible code warnings {CVE-2025-40164} - mptcp: fix slab-use-after-free in __inet_lookup_established {CVE-2026-31669} - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc {CVE-2024-58009} - fs/binfmt_elf: Fix memory leak in load_elf_binary() {CVE-2022-50466} - drm/amdgpu: set the right AMDGPU sg segment limitation {CVE-2024-56594} - bridge: mcast: Fix use-after-free during router port configuration {CVE-2025-38248} - xfrm: hold dev ref until after transport_finish NF_HOOK {CVE-2026-31663} - fuse: reject oversized dirents in page cache {CVE-2026-31694} - drm/amd/display: Do not skip unrelated mode changes in DSC validation {CVE-2026-31488} - net/mlx5: Collect command failures data only for known commands {CVE-2023-53340} - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr {CVE-2025-68183} - scsi: sg: Do not sleep in atomic context {CVE-2025-40259} - scsi: sd: Fix off-by-one error in sd_read_block_characteristics() {CVE-2024-47682} - mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() {CVE-2026-31586} - nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set {CVE-2026-43449} - nbd: fix race between timeout and normal completion {CVE-2024-49855} - iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() {CVE-2025-21724}
CVEs fixed:
Updated packages:
  • bpftool-7.0.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:b4535bbc5aff2d3c150c8f9b756831248ea5388a6732861ff432dcf1756bce72
  • kernel-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:7d32705cb4d67df8606665320c6e024bc6853d047efc335ae5dd3c9143af2578
  • kernel-abi-stablelists-5.14.0-284.1101.el9_2.tuxcare.11.els5.noarch.rpm
    sha:f39ca6411e7f133525d9da1eeee64dc643873834381e3785f125b10c511a2a64
  • kernel-core-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:a5f5995b31d6db87370707abd8c86a38e83177e0cb3f2d9189f066a3ee0ecae1
  • kernel-cross-headers-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:33af5593ab23472a03147a684c1632dfa56b240df443a490b1e2031c5bfcd74b
  • kernel-debug-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:1207cb9109b9fc46187f3116f246e238dd1902dcad73f1fb6721c3a2457b1bf9
  • kernel-debug-core-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:7f394b8f260f84d5b7ebe3ce65b99ac7c8dadc0aea120fea96dd475d0a224049
  • kernel-debug-devel-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:ba76d50ca06564b0776af0283be18db5f17e9b812c43635b2cb267203bc41a48
  • kernel-debug-devel-matched-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:dc08161c2ad9dee7fe2d6faf8bb650d8a96ed49f52635108e87837324d40499a
  • kernel-debug-modules-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:b8bd0f7806d4b85d59c3f332807a87cc495997095b92efd6876874dc265aac4c
  • kernel-debug-modules-core-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:73cb39dbc486e278de1e1f599f32c4529dc409d7853d3f1769de918625348e89
  • kernel-debug-modules-extra-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:e7b80c439148ff3a2bdd37c257d43075d79e73c3b343814a4fcc87dd95dfb041
  • kernel-debug-modules-internal-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:754a0b3fc418f7176b7e0d23297f6d3a6f86287642b9b6398b60a45f85076c18
  • kernel-debug-modules-partner-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:590b1cee35a58b0d60db421ea47ebbbb6f7fced1d6381962913e1c8297aca1f9
  • kernel-debug-uki-virt-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:81d75d6692dc646e1a802e07f0ebec732bc7435dd4e32f114aeaa042964a41de
  • kernel-devel-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:9aab7988ff5ae1aca84f80f9d4988e657053abcf2ee987f4c876675869465a1d
  • kernel-devel-matched-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:2a0d270c6012e9aacf002825399ec20ce11185d6361cc6e220e1c9c57e083f6e
  • kernel-doc-5.14.0-284.1101.el9_2.tuxcare.11.els5.noarch.rpm
    sha:1b5906109100b28de87eebf1282822bb1c36938900096e0363c4693b0547f92d
  • kernel-headers-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:3a2defeb69b5b0edd00344f0794ba55f9e471433a13eaa0a8355909b5861aea6
  • kernel-ipaclones-internal-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:cc873e6ec028c692360586b596ccb4b95634a1f4b588dca726b0a9113b62bd3f
  • kernel-modules-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:0d2d274efb77cf2506ef85c7d3e58a6ea8e5f7df6c1cad11303676dfc0c3c6cd
  • kernel-modules-core-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:8b3820407563a97716302671015c2340d5f008d9f2677a3c5a27f5d72e2f55cb
  • kernel-modules-extra-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:9f06789c61f59229f39bc7a3ea5237db9b03d79c39d51e9219a0a724a96e2b26
  • kernel-modules-internal-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:cb05acf02a482c26871e72274693dca8eec1b86bcd6667634f78cad1e5c096c3
  • kernel-modules-partner-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:edd356f40364f8e1c6fb860f1c227b8102e4dffcfd2fbc94aab39e6e7e4dc160
  • kernel-selftests-internal-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:19ce8e5216f1d86152563f3846d91de992f86f111fd259ce83bb9996539bea27
  • kernel-tools-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:5ee01122884a80e62cc24cff7a8e6e01454a68aa4cd80624c807888773197051
  • kernel-tools-libs-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:ae46d4add8b8575c25367edc03f34f00e2ff80bbbd0bc210c5ff814124b9edac
  • kernel-tools-libs-devel-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:a78e2ff4a34dc6529b1295725edc2fb3691681a2638c615421cdaa44bddd32ed
  • kernel-uki-virt-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:04a38559132e0e4001e7702f12c9c19ddb8a2785d07ea2091af3dea8161c89ed
  • libbpf-1.0.0-2.el9_2.tuxcare.11.els5.i686.rpm
    sha:629a4641f5dc09e1f89424412e5e841c6d375002ebb55e301b33a3208282a2a8
  • libbpf-1.0.0-2.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:54df4152f0d3b6fb75caac0d235f366c5ba0dbd261791fb5dbf8e224aa4b424b
  • libbpf-devel-1.0.0-2.el9_2.tuxcare.11.els5.i686.rpm
    sha:797c062eb227ce840acb65cd98a9216efc3e4175d3440f7a3b6849e435c05b57
  • libbpf-devel-1.0.0-2.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:b6050b9d536ae93b9d20e18a44430eb1a403fd022388703529c41b66f782b7aa
  • libbpf-static-1.0.0-2.el9_2.tuxcare.11.els5.i686.rpm
    sha:a05dd46bf9e3354b21d92dff946d705e3fa28e1e6e81fee69e2d22ed691346d5
  • libbpf-static-1.0.0-2.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:266dbf7ce0282c44bb9f7070da7d5de81219d036481eb4d56bc8d93e14a8f88a
  • perf-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:151979e70e2aab64cfa03f783470d324a38883c1678ebeab367d0b5bddbc94f4
  • python3-perf-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:32cfb3de865742727cc47c487b5281809e2a35b826c8d90a7790c788186af763
  • rtla-5.14.0-284.1101.el9_2.tuxcare.11.els5.x86_64.rpm
    sha:2fc566ea4985858599793f96a67107c5b786c1b620ed11b358a93807bcf241f4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.