[CLSA-2026:1783791447] kernel: Fix of 305 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-11 21:13:40 UTC
Description:
- gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully {CVE-2022-48660} - ipv4: check for NULL idev in ip_route_use_hint() {CVE-2024-36008} - KEYS: trusted: Do not use WARN when encode fails {CVE-2024-36975} - Fix userfaultfd_api to return EINVAL as expected {CVE-2024-41027} - xhci: Fix null pointer dereference when host dies {CVE-2023-52898} - sctp: sysctl: auth_enable: avoid using current->nsproxy {CVE-2025-21638} - blk-mq: fix IO hang from sbitmap wakeup race {CVE-2024-26671} - net: openvswitch: fix flow memory leak in ovs_flow_cmd_new {CVE-2023-52977} - gpiolib: fix memory leak in gpiochip_setup_dev() {CVE-2022-48975} - HID: betop: check shape of output reports {CVE-2023-53015} - mm/swapfile: add cond_resched() in get_swap_pages() {CVE-2023-52932} - HV: hv_balloon: fix memory leak with using debugfs_lookup() {CVE-2023-52937} - drm/i915: Fix a memory leak with reused mmap_offset {CVE-2023-53002} - ptdma: pt_core_execute_cmd() should use spinlock {CVE-2023-53013} - RDMA/core: Fix ib block iterator counter overflow {CVE-2023-53026} - Bluetooth: hci_conn: Fix memory leaks {CVE-2023-53018} - scsi: target: pscsi: Fix bio_put() for error case {CVE-2024-26760} - sctp: Prevent TOCTOU out-of-bounds write {CVE-2025-40331} - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() {CVE-2026-23038} - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() {CVE-2025-40194} - ALSA: hda/cs8409: Fix possible NULL dereference {CVE-2024-50160} - nbd: don't allow reconnect after disconnect {CVE-2025-21731} - openvswitch: fix lockup on tx to unregistering netdev with carrier {CVE-2025-21681} - ext4: detect invalid INLINE_DATA + EXTENTS flag combination {CVE-2025-40167} - ext4: xattr: fix null pointer deref in ext4_raw_inode() {CVE-2025-68820} - net: fix memory leak in skb_segment_list for GRO packets {CVE-2026-22979} - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode {CVE-2025-40321} - ipvs: fix ipv4 null-ptr-deref in route error path {CVE-2025-68813} - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping {CVE-2025-40121} - i40e: Fix macvlan leak by synchronizing access to mac_filter_hash {CVE-2024-50041} - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() {CVE-2024-50000} - bpf: Fix reference count leak in bpf_prog_test_run_xdp() {CVE-2026-22994} - xsk: check IFF_UP earlier in Tx path {CVE-2023-53240} - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers {CVE-2024-41038} - virtgpu: don't reset on shutdown {CVE-2025-38064} - xen/netfront: fix crash when removing device {CVE-2022-48969} - mptcp: do not fallback when OoO is present {CVE-2024-50185} - can: j1939: add missing calls in NETDEV_UNREGISTER notification handler {CVE-2025-39925} - netfilter: nf_tables: remove redundant chain validation on register store {CVE-2025-71160} - xfs: fix use-after-free in xattr node block inactivation {CVE-2026-43053} - ext4: fix racy may inline data check in dio write {CVE-2023-52786} - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini {CVE-2023-52738} - macsec: fix UAF bug for real_dev {CVE-2022-49390} - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation {CVE-2024-42259} - mm/shmem: disable PMD-sized page cache if needed {CVE-2024-42241} - driver: iio: add missing checks on iio_info's callback access {CVE-2024-46715} - udmabuf: fix memory leak on last export_udmabuf() error path {CVE-2024-56712} - ALSA: control: Avoid WARN() for symlink errors {CVE-2024-56657} - mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM {CVE-2024-56611} - eth: bnxt: always recalculate features after XDP clearing, fix null-deref {CVE-2025-21682} - net: annotate data-races around sk->sk_{data_ready,write_space} {CVE-2026-23302} - udmabuf: change folios array from kmalloc to kvmalloc {CVE-2024-56544} - RDMA/mlx5: Move events notifier registration to be after device registration {CVE-2024-53224} - dlm: fix possible lkb_resource null dereference {CVE-2024-47809} - ACPI: battery: Fix possible crash when unregistering a battery hook {CVE-2024-49955} - ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params {CVE-2024-58012} - tpm: Change to kvalloc() in eventlog/acpi.c {CVE-2024-58005} - net_sched: sch_sfq: move the limit validation {CVE-2025-37752} - usb: xhci: Fix NULL pointer dereference on certain command aborts {CVE-2024-57981} - mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() {CVE-2025-21861} - bpf: avoid holding freeze_mutex during mmap operation {CVE-2025-21853} - acct: perform last write from workqueue {CVE-2025-21846} - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() {CVE-2025-21959} - ipvlan: ensure network headers are in skb linear part {CVE-2025-21891} - wifi: iwlwifi: mvm: fix 6 GHz scan construction {CVE-2024-53055} - signal: restore the override_rlimit logic {CVE-2024-50271} - thermal: core: Reference count the zone in thermal_zone_get_by_id() {CVE-2024-50028} - block: fix potential invalid pointer dereference in blk_add_partition {CVE-2024-47705} - userfaultfd: fix checks for huge PMDs {CVE-2024-46787} - mptcp: pm: only mark 'subflow' endp as available {CVE-2024-45010} - mptcp: pm: re-using ID of unused flushed subflows {CVE-2024-45010} - eth: bnxt: fix truesize for mb-xdp-pass case {CVE-2025-21961} - driver core: fix potential NULL pointer dereference in dev_uevent() {CVE-2025-37800} - virtio_net: Fix napi_skb_cache_put warning {CVE-2024-43835} - cgroup: fix race between task migration and iteration {CVE-2026-43439} - bpf: Fix wrong reg type conversion in release_reference() {CVE-2022-49873} - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error {CVE-2025-21732} - serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN {CVE-2026-23472} - drm/amdgpu: Limit BO list entry count to prevent resource exhaustion {CVE-2026-23468} - net: add proper RCU protection to /proc/net/ptype {CVE-2026-23255} - tcp: secure_seq: add back ports to TS offset {CVE-2026-23247} - RDMA/mlx5: Fix a WARN during dereg_mr for DM type {CVE-2025-21888} - list: fix a data-race around ep->rdllist {CVE-2022-49443} - can: isotp: sanitize CAN ID checks in isotp_bind() {CVE-2022-49269} - rxrpc: Fix recv-recv race of completed call {CVE-2025-38524} - sched/rt: Fix race in push_rt_task {CVE-2025-38234} - NFSD: fix race between nfsd registration and exports_proc {CVE-2025-38232} - virtio: break and reset virtio devices on device_shutdown() {CVE-2025-38064} - block: fix resource leak in blk_register_queue() error path {CVE-2025-37980} - xsk: Fix race condition in AF_XDP generic RX path {CVE-2025-37920} - mm/vmscan: don't try to reclaim hwpoison folio {CVE-2025-37834} - nouveau: offload fence uevents work to workqueue {CVE-2024-26719} - bpf: Fix kmemleak warning for percpu hashmap {CVE-2025-37807} - x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() {CVE-2024-26906} - x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h {CVE-2024-26906} - net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket {CVE-2024-42246} - quota: Fix potential NULL pointer dereference {CVE-2024-26878} - arp: Prevent overflow in arp_req_get(). {CVE-2024-26733} - ALSA: Fix deadlocks with kctl removals at disconnection {CVE-2024-38600} - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values {CVE-2024-42114} - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() {CVE-2024-41063} - fsnotify: clear PARENT_WATCHED flags lazily {CVE-2024-47660} - mm: use memalloc_nofs_save() in page_cache_ra_order() {CVE-2024-36882} - mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled {CVE-2024-26987} - net: esp: fix bad handling of pages from page_pool {CVE-2024-26953} - virtio/vsock: Fix accept_queue memory leak {CVE-2024-53119} - netfilter: nft_payload: sanitize offset and length before calling skb_checksum() {CVE-2024-50251} - fs/proc: fix softlockup in __read_vmcore (part 2) {CVE-2025-21694} - drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability {CVE-2024-53051} - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. {CVE-2025-23143} - x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() {CVE-2025-22090} - net: decrease cached dst counters in dst_release {CVE-2025-22057} - nfsd: put dl_stid if fail to queue dl_recall {CVE-2025-22025} - nfsd: make nfsd4_run_cb a bool return function {CVE-2025-22025} - usb: gadget: core: flush gadget workqueue after device removal {CVE-2025-21838} - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 {CVE-2025-21831} - media: uvcvideo: Fix crash during unbind if gpio unit is in use {CVE-2024-58079} - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() {CVE-2023-52877} - ext4: filesystems without casefold feature cannot be mounted with siphash {CVE-2024-49968} - padata: use integer wrap around to prevent deadlock on seq_nr overflow {CVE-2024-47739} - bpf, lsm: Add check for BPF LSM return value {CVE-2024-47703} - sched/smt: Fix unbalance sched_smt_present dec/inc {CVE-2024-44958} - xen-netfront: Fix NULL sring after live migration {CVE-2022-48969} - dlm: prevent NPD when writing a positive value to event_done {CVE-2025-23131} - udp: Deal with race between UDP socket address change and rehash {CVE-2024-57974} - bpf: sync_linked_regs() must preserve subreg_def {CVE-2024-53125} - mptcp: handle consistently DSS corruption {CVE-2024-50185} - null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' {CVE-2024-36478} - net: tunnels: annotate lockless accesses to dev->needed_headroom {CVE-2023-53109} - net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled {CVE-2025-38039} - uprobes: Reject the shared zeropage in uprobe_write_opcode() {CVE-2025-21881} - mm: slub: avoid wake up kswapd in set_track_prepare {CVE-2025-39843} - mm/smaps: fix race between smaps_hugetlb_range and migration {CVE-2025-39754} - bpf: Reject narrower access to pointer ctx fields {CVE-2025-38591} - net: clear the dst when changing skb protocol {CVE-2025-38192} - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() {CVE-2025-23144} - RDMA/core: Don't expose hw_counters outside of init net namespace {CVE-2025-22089} - can: j1939: implement NETDEV_UNREGISTER notification handler {CVE-2025-39925} - net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. {CVE-2025-22111} - vxlan: Fix NPD when refreshing an FDB entry with a nexthop object {CVE-2025-39851} - loop: Avoid updating block size under exclusive owner {CVE-2025-38709} - wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() {CVE-2025-38643} - net_sched: sch_sfq: reject invalid perturb period {CVE-2025-38193} - net: phy: mscc: Fix memory leak when using one step timestamping {CVE-2025-38148} - espintcp: remove encap socket caching to avoid reference leak {CVE-2025-38097} - rseq: Fix segfault on registration when rseq_cs is non-zero {CVE-2025-38067} - serial: mctrl_gpio: split disable_ms into sync and no_sync APIs {CVE-2025-38040} - usb: typec: ucsi: displayport: Fix deadlock {CVE-2025-37967} - ipvs: fix uninit-value for saddr in do_output_route4 {CVE-2025-37961} - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item {CVE-2025-68211} - bpf: Scrub packet on bpf_redirect_peer {CVE-2025-37959} - tracing: Verify event formats that have "%*p.." {CVE-2025-37938} - iommu/amd/pgtbl: Fix possible race while increase page table level {CVE-2025-39961} - net/mlx5e: Harden uplink netdev access against device unbind {CVE-2025-39947} - dm-stripe: fix a possible integer overflow {CVE-2025-39940} - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer {CVE-2025-39937} - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode {CVE-2025-38665} - net/mlx5e: Fix crash on profile change rollback failure {CVE-2026-23000} - netfilter: nft_set_pipapo: prevent overflow in lookup table allocation {CVE-2025-38162} - tracing: Add recursion protection in kernel stack trace recording {CVE-2026-23138} - rxrpc: Fix recvmsg() unconditional requeue {CVE-2026-23066} - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts {CVE-2026-22997} - net: can: j1939: recover socket queue on CAN bus error during BAM transmission {CVE-2026-22997} - dm-verity: disable recursive forward error correction {CVE-2025-71161} - netfilter: nf_tables: avoid chain re-validation if possible {CVE-2025-71160} - KEYS: trusted: Fix a memory leak in tpm2_load_cmd {CVE-2025-71147} - vsock/virtio: fix potential underflow in virtio_transport_get_credit() {CVE-2026-23069} - net: fix segmentation of forwarding fraglist GRO {CVE-2026-23154} - ice: Don't process extts if PTP is disabled {CVE-2024-42107} - drm/i915/dpt: Make DPT object unshrinkable {CVE-2024-40924} - drm/i915/dpt: Treat the DPT BO as a framebuffer {CVE-2024-40924} - bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx {CVE-2024-53091} - pipe: wakeup wr_wait after setting max_usage {CVE-2023-52672} - bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails {CVE-2023-53103} - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check {CVE-2024-57993} - drm/amdkfd: debugfs hang_hws skip GPU with MES {CVE-2025-37853} - leds: mlxreg: Use devm_mutex_init() for mutex initialization {CVE-2024-42129} - drm/amd/display: fix a Null pointer dereference vulnerability {CVE-2025-39705} - gfs2: Validate i_depth for exhash directories {CVE-2025-38710} - drm/scheduler: signal scheduled fence when kill job {CVE-2025-38436} - drm/amdgpu: Add basic validation for RAS header {CVE-2025-38426} - mptcp: fix NULL pointer in can_accept_new_subflow {CVE-2025-23145} - bpf: bpf_sk_storage: Fix invalid wait context lockdep report {CVE-2023-53857} - nvme-core: fix memory leak in dhchap_secret_store {CVE-2023-53852} - virtio_net: Fix error unwinding of XDP initialization {CVE-2023-53499} - nvme-core: fix memory leak in dhchap_ctrl_secret {CVE-2023-53792} - ceph: fix race condition validating r_parent before applying state {CVE-2025-39927} - x86/MCE: Always save CS register on AMD Zen IF Poison errors {CVE-2023-53438} - genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() {CVE-2023-53332} - nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net {CVE-2023-54276} - blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init {CVE-2023-54271} - net/mlx5e: TC, Fix internal port memory leak {CVE-2023-53999} - tipc: do not update mtu if msg_max is too small in mtu negotiation {CVE-2023-53517} - tipc: add tipc_bearer_min_mtu to calculate min mtu {CVE-2023-53517} - tun: Fix memory leak for detached NAPI queue. {CVE-2023-53685} - net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize {CVE-2023-53667} - start_kernel: Add __no_stack_protector function attribute {CVE-2023-53491} - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb {CVE-2023-53548} - sched/psi: use kernfs polling functions for PSI trigger polling {CVE-2023-54019} - cxl/pmem: Fix nvdimm registration races {CVE-2023-54323} - drm/radeon: delete radeon_fence_process in is_signaled, no deadlock {CVE-2025-68223} - dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() {CVE-2026-23004} - wifi: mac80211: don't WARN for connections on invalid channels {CVE-2025-71227} - md: suspend array while updating raid_disks via sysfs {CVE-2025-71225} - net: stmmac: fix the crash issue for zero copy XDP_TX action {CVE-2025-71095} - drm/ttm: Don't leak a resource on eviction error {CVE-2023-54254} - firmware: arm_sdei: Fix sleep from invalid context BUG {CVE-2023-54160} - iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter {CVE-2023-54057} - net: usb: asix: validate PHY address before use {CVE-2025-71094} - tty: fix deadlock caused by calling printk() under tty_port->lock {CVE-2022-49441} - KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE {CVE-2026-23401} - blktrace: fix __this_cpu_read/write in preemptible context {CVE-2026-23374} - x86/CPU: Fix FPDSS on Zen1 {CVE-2025-54505} - ice: Fix PTP NULL pointer dereference during VSI rebuild {CVE-2026-23210} - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() {CVE-2026-23169} - gfs2: No more self recovery {CVE-2025-38659} - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() {CVE-2022-49891} - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() {CVE-2022-49796} - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() {CVE-2022-49797} - netlink: Bounds-check struct nlmsgerr creation {CVE-2022-49766} - bpf: Prevent bpf program recursion for raw tracepoint probes {CVE-2022-49764} - i2c: designware: use casting of u64 in clock multiplication to avoid overflow {CVE-2022-49749} - futex: Clear stale exiting pointer in futex_lock_pi() retry path {CVE-2026-31555} - ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() {CVE-2026-31531} - netfilter: ctnetlink: use netlink policy range checks {CVE-2026-31495} - tracing: Fix potential deadlock in cpu hotplug with osnoise {CVE-2026-31480} - esp: fix skb leak with espintcp and async crypto {CVE-2026-31518} - xfs: factor out xfs_attr3_leaf_init {CVE-2026-43053} - xfs: factor out xfs_attr3_node_entry_remove {CVE-2026-43053} - ALSA: ctxfi: Check the error for index mapping {CVE-2026-31777} - bridge: br_nd_send: validate ND option lengths {CVE-2026-31752} - rtnetlink: add missing netlink_ns_capable() check for peer netns {CVE-2026-31692} - crypto: af_alg - limit RX SG extraction by receive buffer budget {CVE-2026-31677} - APEI/GHES: ensure that won't go past CPER allocated record {CVE-2026-43277} - ceph: supply snapshot context in ceph_zero_partial_object() {CVE-2026-43273} - team: avoid NETDEV_CHANGEMTU event when unregistering slave {CVE-2026-43234} - wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() {CVE-2025-71297} - EFI/CPER: don't go past the ARM processor CPER record buffer {CVE-2026-43266} - net: bridge: switchdev: Skip MDB replays of deferred events on offload {CVE-2024-26837} - can: mcp251xfd: fix infinite loop when xmit fails {CVE-2024-41088} - ipvlan: Make the addrs_lock be per port {CVE-2026-23103} - netem: fix return value if duplicate enqueue fails {CVE-2024-45016} - USB: serial: mos7840: fix crash on resume {CVE-2024-42244} - crypto: null - Use spin lock instead of mutex {CVE-2025-37808} - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly {CVE-2025-71096} - bpf: Fix overrunning reservations in ringbuf {CVE-2024-41009} - bpf: Fix bpf_sk_select_reuseport() memory leak {CVE-2025-21683} - drm/i915: Fix request ref counting during error capture & debugfs dump {CVE-2023-52981} - netfilter: conntrack: fix wrong ct->timeout value {CVE-2023-53635} - drop_monitor: replace spin_lock by raw_spin_lock {CVE-2024-40980} - net: bonding: fix NULL deref in bond_debug_rlb_hash_show {CVE-2026-31546} - serial: protect uart_port_dtr_rts() in uart_shutdown() too {CVE-2024-50058} - wifi: mac80211: Fix static_branch_dec() underflow for aql_disable. {CVE-2026-31551} - ipv6: Fix signed integer overflow in __ip6_append_data {CVE-2022-49728} - selinux: avoid dereference of garbage after mount failure {CVE-2024-35904} - fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name {CVE-2024-49934} - tracing: Do not let histogram values have some modifiers {CVE-2023-53093} - ice: Add netif_device_attach/detach into PF reset flow {CVE-2024-46770} - bpf: Fix deadlock between rcu_tasks_trace and event_mutex. {CVE-2025-37884} - fbmon: prevent division by zero in fb_videomode_from_videomode() {CVE-2024-35922} - drm/amdgpu: Fix the null pointer dereference to ras_manager {CVE-2024-43908} - tracing: Ensure visibility when inserting an element into tracing_map {CVE-2024-26645} - drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func {CVE-2024-47720} - phy: mdio: fix memory leak {CVE-2021-47416} - ipv4: Fix reference count leak when using error routes with nexthop objects {CVE-2025-71097} - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() {CVE-2024-50046} - packet: annotate data-races around ignore_outgoing {CVE-2024-26862} - md: fix resync softlockup when bitmap size is less than array size {CVE-2024-38598} - wireguard: receive: annotate data-race around receiving_counter.counter {CVE-2024-26861} - netfs: Only call folio_start_fscache() one time for each folio {CVE-2023-52582} - usb: xhci: tegra: fix sleep in atomic call {CVE-2023-53475} - ACPI: PAD: fix crash in exit_round_robin() {CVE-2024-49935} - locking/rtmutex: Skip remove_waiter() when waiter is not enqueued {CVE-2026-43499} - rtmutex: Use waiter::task instead of current in remove_waiter() {CVE-2026-43499} - netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() {CVE-2024-50256} - Bluetooth: ISO: Fix multiple init when debugfs is disabled {CVE-2024-50077} - hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio {CVE-2025-21931} - RDMA/core: Silence oversized kvmalloc() warning {CVE-2025-37867} - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() {CVE-2024-26663} - net: let net.core.dev_weight always be non-zero {CVE-2025-21806} - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() {CVE-2022-48961} - eth: alx: take rtnl_lock on resume {CVE-2022-50498} - ata: libata-transport: fix error handling in ata_tlink_add() {CVE-2022-49824} - ata: libata-transport: fix error handling in ata_tport_add() {CVE-2022-49825} - netfilter: br_netfilter: fix panic with metadata_dst skb {CVE-2024-50045} - net: fix NULL pointer in skb_segment_list {CVE-2023-52991} - hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove {CVE-2024-26698} - scsi: qla2xxx: validate nvme_local_port correctly {CVE-2024-42286} - rcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale {CVE-2023-53291} - wifi: mac80211: Discard Beacon frames to non-broadcast address {CVE-2025-71127} - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() {CVE-2024-46755} - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy {CVE-2025-21640} - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes {CVE-2024-41089} - tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING {CVE-2023-52845} - bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets {CVE-2023-52523} - Bluetooth: Fix not cleanup led when bt_init fails {CVE-2022-48971} - netfilter: nf_conntrack_h323: Add protection for bmp length out of range {CVE-2024-26851} - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() {CVE-2024-53680} - ppp_async: limit MRU to 64K {CVE-2024-26675} - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages {CVE-2024-40904} - ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work {CVE-2024-26631} - xfrm: fix one more kernel-infoleak in algo dumping {CVE-2024-50110} - xdp: fix invalid wait context of page_pool_destroy() {CVE-2024-43834} - fs/netfs/fscache_cookie: add missing "n_accesses" check {CVE-2024-45000} - mac802154: check local interfaces before deleting sdata list {CVE-2024-57948} - usbnet: gl620a: fix endpoint checking in genelink_bind() {CVE-2025-21877} - IB/core: Fix ib_cache_setup_one error flow cleanup {CVE-2024-47693} - can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate {CVE-2021-4454} - vfs: fix race between evice_inodes() and find_inode()&iput() {CVE-2024-47679} - scsi: storvsc: Fix handling of virtual Fibre Channel timeouts {CVE-2023-53245} - iavf: fix off-by-one issues in iavf_config_rss_reg() {CVE-2025-71087} - cachefiles: fix memory leak in cachefiles_add_cache() {CVE-2024-26840} - ext4: fix access to uninitialised lock in fc replay path {CVE-2024-50014} - net: hns3: fix kernel crash when 1588 is sent on HIP08 devices {CVE-2025-21649} - ftrace: Fix regression with module command in stack_trace_filter {CVE-2024-56569} - ipv6: sr: fix invalid unregister error path {CVE-2024-38612} - crypto: pcrypt - Fix handling of MAY_BACKLOG requests {CVE-2026-43493} - netfilter: flowtable: strictly check for maximum number of actions {CVE-2026-43329} - ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() {CVE-2026-43038}
CVEs fixed:
Updated packages:
  • bpftool-7.0.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:849a5451408b0f5adb390250ea3af80688af832c65f00c8a2cb603ee34b0e76f
  • kernel-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:1017984f0a7a3953168e58f14c8c73ae3b15a5e731f07d4c0c8cad2edae19556
  • kernel-abi-stablelists-5.14.0-284.1101.el9_2.tuxcare.11.els8.noarch.rpm
    sha:9b9d1771266352591b1c2cd6464fc385b6f239411ea667fa0e90bddefc180cbf
  • kernel-core-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:073a6b2a9fea66eaf93993457085cc40e6e150e599a0915163b62a98cddf0b0c
  • kernel-cross-headers-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:039596bf197f1e16fe1bd5605f4c15bedf39cba0bc204ea94db68d9a4fe1b2af
  • kernel-debug-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:c947148c1f46b6118c3e21ea1aa9798a94beb2293e42fdc1ec1ce5291bf0389e
  • kernel-debug-core-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:803dd946e63fe066e3c2a38050d5a7465a89408aadbae6971ff881de77aabba1
  • kernel-debug-devel-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:a5cf578d60df105b0c019e8d51102eda8de832fede6ef4d6c8da9908ca8c5651
  • kernel-debug-devel-matched-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:b6ac8ac3ef87bc0a698e7ab38bf6b74b8a2821b831c8858d32aa097c38db5308
  • kernel-debug-modules-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:c09f54bff9fd27cb54417a7ba7827528f807f2336fd41d2db3cb060782c0e738
  • kernel-debug-modules-core-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:a8b999b8e5816dc04a6a3f2ebdd33de4356884f0339452d2f03e9d5efd6705c6
  • kernel-debug-modules-extra-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:e45102afcfe7a60b095af838e54704e3c7618d840e82b8743fba10ac92352ae5
  • kernel-debug-modules-internal-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:3e44e863b11e23c5fe607dfb988ef5a072ccc734b3d101d21ce8f6218b8e2542
  • kernel-debug-modules-partner-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:baac9ca4e195b840bf7fb4c9208d873a94f3fc4c51237c4afe30e9c50a841091
  • kernel-debug-uki-virt-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:2a6e0fb8332136588d9747f515b21372c80ac9e3d79d7844c7373f01affda5eb
  • kernel-devel-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:f71a7f8820e1a745b8ac332b9820c89d7d5af87bd1a346750af8264cd3603505
  • kernel-devel-matched-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:19f06a6bb27cfcd2e8a284bd04b57ee785e29ce62ad9c246d375317082bb3b49
  • kernel-doc-5.14.0-284.1101.el9_2.tuxcare.11.els8.noarch.rpm
    sha:437acddd5ec02817c035f1267520c1e47b495512b05fe76b8f32493d6615f27b
  • kernel-headers-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:d5094b5daafd7cb9a24ba952fd5e92d68bbdaa4f6205c3c00e42c20898e38006
  • kernel-ipaclones-internal-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:d9365dca9b9144a227b6ddd35d7393d18130c3b785f6a77441e9ad5070cbeecb
  • kernel-modules-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:ede0612e0e31689ffb9ef99dbde1d6fc8763c52065d101ad2c328fe7d49afa0e
  • kernel-modules-core-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:2d92cf1d80e7cf4b7b9a9b25565f116582d5b798feed2b57a7ced6b7c01ac490
  • kernel-modules-extra-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:74083130d3e93807815f5410308acdc80bf7a9fb7d6f436fb31f162641f70432
  • kernel-modules-internal-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:a59f8e4ff4430f53401aca18bc31c9d88127ecc6dcab7b6c0459cfe4a36bcfa9
  • kernel-modules-partner-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:600f6e309a6a905af36fb3059672f62ec00a0f52bea2ce360b094900f5175fdd
  • kernel-selftests-internal-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:6f95f23771ac81bd59f2852f604a57b613d3a7c8f16f015ff7e4f95e2d438a25
  • kernel-tools-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:1306ac56ba0c5b15eb3e55ebee4a0d6cbb4e1d8cd2eda6b2c2eef13f5855ecfc
  • kernel-tools-libs-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:eec856b22b3f47f4956553fb3584df112bfd718dae3642e05e3bd92733f40850
  • kernel-tools-libs-devel-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:2e09e887b94683743aa40f026f8f615d1126a56b2988792f27ba4ec920def88b
  • kernel-uki-virt-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:04690439ce3bc6eacf5c8a46053dbb5a1c7d215fc0cd250e7ead7caf94485b0c
  • libbpf-1.0.0-2.el9_2.tuxcare.11.els8.i686.rpm
    sha:289f5c72cc30fb71326071e2d1ca440e2c8f9b6489733be5827271da46a0cb7d
  • libbpf-1.0.0-2.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:3d3d753b355b92fed92d17d20fd0f1655892cbd9cc56b1e8e319a1aefc4bfd31
  • libbpf-devel-1.0.0-2.el9_2.tuxcare.11.els8.i686.rpm
    sha:131e12d3d480f6864428090ca4367e75d56eaa23a374038ea823c36f61e14b00
  • libbpf-devel-1.0.0-2.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:6621f9c5a6f90e629ea0e9a02c2ce12919881d8826602ed712b455d5645eb7ff
  • libbpf-static-1.0.0-2.el9_2.tuxcare.11.els8.i686.rpm
    sha:73239883d515f473e8306ca3aa021370fb89443f1dd05ba4f70132b81fe673bd
  • libbpf-static-1.0.0-2.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:6627299a2ca317ac2092653c05fdfa78d2158a426ac44dff21b7309fab6d37a1
  • perf-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:3f307d75caf3a3d484bc5c7609954be9eb620732b212da98f2513b025c12b0aa
  • python3-perf-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:c08024c7bf1600f783be8c75c6cc68f0f26ca7a2a0f305eb64abc10bcb0f4eee
  • rtla-5.14.0-284.1101.el9_2.tuxcare.11.els8.x86_64.rpm
    sha:cae044dfc16677d82a76a25a9fd1796b6b3cfddbf50ae5b7c92fdfb8ddca430a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.