[CLSA-2026:1783362244] kernel: Fix of 120 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-06 18:27:36 UTC
Description:
- KVM: x86: Fix shadow paging use-after-free due to unexpected role {CVE-2026-46113} - KVM: x86: Fix shadow paging use-after-free due to unexpected GFN {CVE-2026-46113} - Bluetooth: bcsp: receive data only if registered {CVE-2025-40308} - xen/privcmd: unregister xenstore notifier on module exit {CVE-2026-31788} - xen/privcmd: restrict usage in unprivileged domU {CVE-2026-31788} - USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts {CVE-2026-43429} - net: usb: rtl8150: enable basic endpoint checking {CVE-2025-21708} - net: usb: kaweth: validate USB endpoints {CVE-2026-23312} - net: usb: kalmia: validate USB endpoints {CVE-2026-23365} - net: usb: pegasus: validate USB endpoints {CVE-2026-23290} - net: usb: pegasus: enable basic endpoint checking {CVE-2026-43156} - USB: usbcore: Introduce usb_bulk_msg_killable() {CVE-2026-43429} - USB: core: Add routines for endpoint checks in old drivers {CVE-2026-43156} - nf_tables: nft_dynset: fix possible stateful expression memleak in error path {CVE-2026-23399} - tpm: Cap the number of PCR banks {CVE-2025-71077} - clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() {CVE-2023-53704} - dm: fix a race condition in retrieve_deps {CVE-2023-54324} - ice: fix Tx scheduler error handling in XDP callback {CVE-2025-38127} - mlx5: fix skb leak while fifo resync and push {CVE-2023-54238} - mmc: vub300: fix return value check of mmc_add_host() {CVE-2022-50251} - bonding: annotate data-races around slave->last_rx {CVE-2026-23212} - RDMA/irdma: Fix data race on CQP completion stats {CVE-2023-54302} - bpf: cpumap: Fix memory leak in cpu_map_update_elem {CVE-2023-53441} - fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var {CVE-2025-38215} - trace/fgraph: Fix the warning caused by missing unregister notifier {CVE-2025-39829} - vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects {CVE-2025-39850} - team: prevent adding a device which is already a team device lower {CVE-2024-58071} - net: stmmac: move the EST lock to struct stmmac_priv {CVE-2024-38594} - drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too {CVE-2024-50108} - rxrpc: Fix handling of received connection abort {CVE-2024-58053} - bnxt_en: Fix out-of-bound memcpy() during ethtool -w {CVE-2025-37911} - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service {CVE-2025-21690} - net: atlantic: Fix DMA mapping for PTP hwts ring {CVE-2024-26680} - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() {CVE-2024-47713} - drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) {CVE-2024-49905} - dm: fix NULL pointer dereference in __dm_suspend() {CVE-2025-40134} - smb: client: validate the whole DACL before rewriting it in cifsacl {CVE-2026-31709} - PM: runtime: Fix a race condition related to device removal {CVE-2026-23452} - ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces {CVE-2026-43436} - nvme-pci: Fix race bug in nvme_poll_irqdisable() {CVE-2026-43448} - sctp: add mutual exclusion in proc_sctp_do_udp_port() {CVE-2025-22062} - cachefiles: fix dentry leak in cachefiles_open_file() {CVE-2024-49870} - mm: revert "mm: shmem: fix data-race in shmem_getattr()" {CVE-2024-53136} - memcg: fix soft lockup in the OOM process {CVE-2024-57977} - resource: fix region_intersects() vs add_memory_driver_managed() {CVE-2024-49878} - r8169: add tally counter fields added with RTL8125 {CVE-2024-49973} - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() {CVE-2024-53215} - ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths {CVE-2026-43066} - wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() {CVE-2025-71273} - net: netlink: af_netlink: Prevent empty skb by adding a check on len. {CVE-2021-47606} - extcon: Modify extcon device to be created after driver data is set {CVE-2022-49308} - tick/nohz: unexport __init-annotated tick_nohz_full_setup() {CVE-2022-49675} - bridge: switchdev: Fix memory leaks when changing VLAN protocol {CVE-2022-49812} - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() {CVE-2022-49890} - net: genl: fix error path memory leak in policy dumping {CVE-2022-50042} - kprobes: don't call disarm_kprobe() for disabled kprobes {CVE-2022-50008} - lib/fonts: fix undefined behavior in bit shift for get_default_font {CVE-2022-50511} - net: af_key: zero aligned sockaddr tail in PF_KEY exports {CVE-2026-43088} - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored {CVE-2022-50675} - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect {CVE-2023-52478} - efivarfs: force RO when remounting if SetVariable is not supported {CVE-2023-52463} - Fix page corruption caused by racy check in __free_pages {CVE-2023-52739} - mptcp: deal with large GSO size {CVE-2023-52778} - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new {CVE-2023-52887} - drm/i915/active: Fix misuse of non-idle barriers as fence trackers {CVE-2023-53087} - ext4: fix task hung in ext4_xattr_delete_inode {CVE-2023-53089} - ACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent {CVE-2023-53070} - bnxt_en: Avoid order-5 memory allocation for TPA data {CVE-2023-53134} - tcp: tcp_make_synack() can be called from process context {CVE-2023-53121} - i40e: Fix kernel crash during reboot when adapter is in recovery mode {CVE-2023-53114} - skbuff: Fix a race between coalescing and releasing SKBs {CVE-2023-53186} - blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() {CVE-2023-53421} - arm64: mm: fix VA-range sanity check {CVE-2023-53989} - ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() {CVE-2024-26633} - SUNRPC: double free xprt_ctxt while still in use {CVE-2023-54269} - KVM: Always flush async #PF workqueue when vCPU is being destroyed {CVE-2024-26976} - drm/amdgpu: validate the parameters of bo mapping operations more clearly {CVE-2024-26922} - tracing/trigger: Fix to return error if failed to alloc snapshot {CVE-2024-26920} - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms {CVE-2024-35989} - nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). {CVE-2024-36933} - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files {CVE-2024-41056} - scsi: qla2xxx: During vport delete send async logout explicitly {CVE-2024-42289} - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() {CVE-2022-49731} - ixgbevf: Fix resource leak in ixgbevf_init_module() {CVE-2022-49028} - mmc: core: Avoid bitfield RMW for claim/retune flags {CVE-2026-43484} - Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() {CVE-2026-45835} - cpufreq: Init completion before kobject_init_and_add() {CVE-2022-50473} - USB: gadget: Fix use-after-free during usb config switch {CVE-2022-50704} - IB/mad: Don't call to function that might sleep while in atomic context {CVE-2022-50472} - null_blk: fix poll request timeout handling {CVE-2023-53531} - drm/i915/gvt: fix vgpu debugfs clean in remove {CVE-2023-53625} - mlxsw: spectrum_acl_erp: Fix object nesting warning {CVE-2024-43880} - drm/drm_vma_manager: Add drm_vma_node_allow_once() {CVE-2023-53001} - drm/amd/display: fix mapping to non-allocated address {CVE-2023-53753} - ipv6: Fix an uninit variable access bug in __ip6_make_skb() {CVE-2023-54265} - udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). {CVE-2023-54004} - netlink: terminate outstanding dump on socket close {CVE-2024-53140} - KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN {CVE-2024-53135} - scsi: qla2xxx: Fix use after free on unload {CVE-2024-56623} - net: Fix icmp host relookup triggering ip_rt_bug {CVE-2024-56647} - spi: spi-imx: Add check for spi_imx_setupxfer() {CVE-2025-37801} - netdevsim: fix a race issue related to the operation on bpf_bound_progs list {CVE-2026-23126} - net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop {CVE-2026-23300} - ethtool: check device is present when getting link settings {CVE-2024-46679} - nfsd: return -EINVAL when namelen is 0 {CVE-2024-47692} - x86/ioapic: Handle allocation failures gracefully {CVE-2024-49927} - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error {CVE-2024-49959} - secretmem: disable memfd_secret() if arch cannot set direct map {CVE-2024-50182} - wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures {CVE-2024-53190} - iommu/arm-smmu: Defer probe of clients after smmu device bound {CVE-2024-56568} - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers {CVE-2025-21885} - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs {CVE-2025-37805} - page_pool: avoid infinite loop to schedule delayed worker {CVE-2025-37859} - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() {CVE-2025-38441} - tracing: Add down_write(trace_event_sem) when adding trace event {CVE-2025-38539} - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() {CVE-2025-38681} - ipv6: add NULL checks for idev in SRv6 paths {CVE-2026-23442} - sunrpc: fix cache_request leak in cache_release {CVE-2026-31400} - netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP {CVE-2026-31424} - netfilter: xt_multiport: validate range encoding in checkentry {CVE-2026-31681} - net: sched: act_csum: validate nested VLAN headers {CVE-2026-31684} - vxlan: validate ND option lengths in vxlan_na_create {CVE-2026-31738} - gfs2: fiemap page fault fix {CVE-2026-43262} - e1000/e1000e: Fix leak in DMA error cleanup {CVE-2026-43445} - ALSA: usb-audio: Add sanity check for OOB writes at silencing {CVE-2026-43279}
CVEs fixed:
Updated packages:
  • bpftool-7.0.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:716f93cc611493f68bcc951bf74e286016a5818196e7cd27e5ad5a21131731f9
  • kernel-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:c5d1e18905fdfef844a9597f98196657532b96f9f7980e27dfb6e7069580eb8e
  • kernel-abi-stablelists-5.14.0-284.1101.el9_2.tuxcare.11.els7.noarch.rpm
    sha:81c36c8ce723a00dfca6656b6f86bb4656b9262bb93ebd2c78120cad7e491668
  • kernel-core-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:e7836e812d602b00b403297704d80b13de931da44adb186847c53ecb75f5ef34
  • kernel-cross-headers-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:1b889e11e2dde1636ce5c0872be9b5d669f39ba547a6d42dbe50d4fec978adbd
  • kernel-debug-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:d13abd016c9d8bbec8380627523a034b0f7b8376b32b87f41b483fa9ca7fe818
  • kernel-debug-core-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:3188ab159fd6b7c4162fcfcccdba72db10daabef59ddd4e554a8cbe1f17a58f9
  • kernel-debug-devel-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:c934a4f2a0d0782d0cd953f73990c53580d274c4b8ec2a623c695875dfef9759
  • kernel-debug-devel-matched-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:ca2b761c3b40c87b83ac56db3de6e8fda86772e3cadf62c1445cd98f946e8a18
  • kernel-debug-modules-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:3a79c38d0facad77c7859f3a844a9416e9591aeac2882a82e229ca7d91810a98
  • kernel-debug-modules-core-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:f78ad56fc88f16360c88a4bb750383247cd25a4c2482b2da7093f6be3e692198
  • kernel-debug-modules-extra-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:2a9fb554a53e52f07ca398117574dedbcb7ffb0ab2156ce6cb8f5eb76265a535
  • kernel-debug-modules-internal-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:625ce42eb146578c48e42a7058ecc9c5671a97115701d1cd54eb9cd75b42c6d9
  • kernel-debug-modules-partner-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:5875d27c6f1876e3364efcdd17f6fc370e676993480304d4992af12a32d38abf
  • kernel-debug-uki-virt-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:2564e911c0cec5b86388d776a073d3012a2a672f19dda32bc25082669c85bc8f
  • kernel-devel-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:fd0814b010bbf9430d4d0d139836d17acb573137bdf39f91746f176b894747e2
  • kernel-devel-matched-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:40e9a471352d2b32a14fdeb458a5a9c57e359402242682196ab53ba23441e2e0
  • kernel-doc-5.14.0-284.1101.el9_2.tuxcare.11.els7.noarch.rpm
    sha:11ab01aed4b8005491a320490805eef32d232765aef6ee0b676b5de868b28a7c
  • kernel-headers-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:e9fcb8289424292c8487343008625567dfd466dad478b5828a3b8ada8da095fe
  • kernel-ipaclones-internal-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:4e290bad8e69ff7eefa231a298b4f609544d618b4259130fa8bcd666dc8ef5da
  • kernel-modules-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:c6afd106c83fcdad3678e7cd986c87df495fc097d337b6bd1315eb05f6782a43
  • kernel-modules-core-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:b0a16cff20981e838d26f4e4b8db42a1f04f23d5219411b807901526315bdce0
  • kernel-modules-extra-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:edef3dbf85fa4e2f3fc040acaf49390a87c7ce52c563d583ab341e1c85073e14
  • kernel-modules-internal-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:8b98eef78529e70632b6c4b0d8972a2f606b40adc95c003dc69b4998b0b117bf
  • kernel-modules-partner-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:0b7f5393bb56248b2ce7e5a73d42b0d9e86153d8af9c90251258a6831858132a
  • kernel-selftests-internal-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:cccc11b71a5d33e4cc18d9e5c583ab2a07cf4021d263264ec5b9f84640a4dda0
  • kernel-tools-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:523bf5c05f5dc37b0eaa4e0a820706251515c0005e37563a89bfbec9a8f8c3fc
  • kernel-tools-libs-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:cf7ec60f4061b1f8c72099c5695f50383c4c7296d12ac33a1289da4e927e9ba9
  • kernel-tools-libs-devel-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:26b26a0eb2b7bd6c3cdaad151a8afcf6e559129dad1b9f95f62e62d095b7d870
  • kernel-uki-virt-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:fb90a601c056f6d11750b339f5ad8f0a4714fcbdccc98e87c4c7c90ba28854f0
  • libbpf-1.0.0-2.el9_2.tuxcare.11.els7.i686.rpm
    sha:3158b6b415e4c9af3f442178e18c7f2698df9b3db41117ac3f6a9eacca8b3363
  • libbpf-1.0.0-2.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:2d183386ef0aadb6352c1d7aa6cbb0d9aef837768a7c5756494a0c2c7e8b31f5
  • libbpf-devel-1.0.0-2.el9_2.tuxcare.11.els7.i686.rpm
    sha:4edfb484c37b474f1b17d5011ceb9c48037234b2bd2cc765d30cb275188d74eb
  • libbpf-devel-1.0.0-2.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:0d68011b7b2234a6340123bc4c74d9427f73e8bb2164dad5676757221f18557d
  • libbpf-static-1.0.0-2.el9_2.tuxcare.11.els7.i686.rpm
    sha:9d65b3e7b2867ff7b9ec8aef948488638ad8e9faa8e84fd6feee459dbe39aa21
  • libbpf-static-1.0.0-2.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:03df7436e51af466ec670dc749cf473ad7c8dcc660703f73114751b57cb1aa0c
  • perf-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:d32954857bb92859dc81a6079afe839f576145a55838f05ba95c4ec234ffe367
  • python3-perf-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:94866c04bdb2a45bf342c25389c75fdca977d35ed9004141950d4aaaa139d5de
  • rtla-5.14.0-284.1101.el9_2.tuxcare.11.els7.x86_64.rpm
    sha:5d19cd393e5f7b32cf1f29649b7e50105705e8242822543408ae5e0e4edc17e4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.