CLSA-2026-1770140694
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1770140694.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CLSA-2026-1770140694
- Upstream
- Published
- 2026-02-05T17:54:32Z
- Modified
- 2026-05-27T11:34:25.930724850Z
- Summary
- kernel-uek: Fix of 43 CVEs
- Details
-
- crypto: afalg - Fix incorrect boolean values in afalg_ctx {CVE-2025-40022}
- arm64: pensando: Must boot Ortano kernel with spin-table
- net/sched: adjust device watchdog timer to detect stopped queue at right time
- net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change
- infiniband/xsigo: Replace BUGON with WARNON_ONCE.
- infiniband/xsigo: xsvnic_main: Remove unused functions
- infiniband/xsigo: xve_cm: Fix mixed code warning
- infiniband/xsigo: xve_ethtool: Remove unused variable 'priv'
- infiniband/xsigo: xve_ib: Fix misleading indentation
- infiniband/xsigo: xve_ib: Fix mixed code warning
- infiniband/xsigo: xveverbs: Remove unused label 'outfree_pd'
- infiniband/xsigo: xvemain: Remove unused function 'xvenapi_del'
- infiniband/xsigo: xve_main: Fix mixed code warning
- infiniband/xsigo: xve_main: Fix misleading indentation
- inifinibad/xsigo: xsvnicmain: Remove unused variable 'xsvnicethtool_ops'
- infiniband/xsigo: xscoreimpl: Remove unused label 'errpd'
- rds: Fix jiffies type in struct rdsconnpath
- kernel: sysctl: Remove unused variable 'zero'
- crypto: afalg - Disallow concurrent writes in afalg_sendmsg {CVE-2025-39964}
- RDMA/cm: Base cm_id destruction timeout on CMA values
- x86/its: Build fails with CONFIGMITIGATIONITS=n
- LTS tag: v5.4.302
- Input: pegasus-notetaker - fix potential out-of-bounds access {CVE-2025-68217}
- Input: remove third argument of usb_maxpacket()
- usb: deprecate the third argument of usb_maxpacket()
- fs/proc: fix uaf in procreaddirde() {CVE-2025-40271}
- pmdomain: imx: Fix reference count leak in imxgpcremove
- pmdomain: arm: scmi: Fix genpd leak on provider registration failure {CVE-2025-68204}
- net: netpoll: fix incorrect refcount handling causing incorrect cleanup {CVE-2025-68245}
- net: qede: Initialize qedellops with designated initializer
- net: ethernet: ti: netcp: Standardize knavdmaopen_channel to return NULL on error {CVE-2025-68220}
- ALSA: usb-audio: fix uac2 clock source at terminal parser
- mm/pagealloc: fix hash table order logging in alloclargesystemhash()
- kconfig/nconf: Initialize the default locale at startup
- kconfig/mconf: Initialize the default locale at startup
- vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248}
- s390/ctcm: Fix double-kfree {CVE-2025-40253}
- net: openvswitch: remove never-working support for setting nsh fields {CVE-2025-40254}
- mlxsw: spectrum: Fix memory leak in mlxswspflower_stats()
- MIPS: Malta: Fix !EVA SOC-it PCI MMIO
- scsi: target: tcmloop: Fix segfault in tcmlooptpgaddress_show() {CVE-2025-68229}
- scsi: sg: Do not sleep in atomic context {CVE-2025-40259}
- Input: croseckeyb - fix an invalid memory access {CVE-2025-40263}
- be2net: pass wrb_params in case of OS2BMC {CVE-2025-40264}
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() {CVE-2025-68734}
- EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection
- EDAC/altera: Handle OCRAM ECC enable after warm reset
- spi: Try to get ACPI GPIO IRQ earlier
- ipv4: route: Prevent rtbindexception() from rebinding stale fnhe {CVE-2025-68241}
- strparser: Fix signed/unsigned mismatch bug
- gcov: add support for GCC 15
- mm/ksm: fix flag-dropping behavior in ksm_madvise {CVE-2025-40040}
- ALSA: usb-audio: Fix NULL pointer dereference in sndusbmixercontrolsbadd {CVE-2025-40275}
- drm/vmwgfx: Validate command header size against SVGACMDMAX_DATASIZE {CVE-2025-40277}
- ASoC: cs4271: Fix regulator leak on probe failure
- regulator: fixed: fix GPIO descriptor leak on register failure
- regulator: fixed: use deverrprobe for register
- Bluetooth: L2CAP: export l2capchanhold for modules
- netsched: limit trybulkdequeueskb() batches
- netsched: remove needresched() from qdisc_run()
- net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps
- net/mlx5e: Fix maxrate wraparound in threshold between units
- net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak {CVE-2025-40278}
- wifi: mac80211: skip rate verification for not captured PSDUs
- net: mdio: fix resource leak in mdiobusregisterdevice()
- tipc: Fix use-after-free in tipcmonreinit_self(). {CVE-2025-40280}
- tipc: simplify the finalize work queue
- sctp: prevent possible shift-out-of-bounds in sctptransportupdate_rto {CVE-2025-40281}
- sctp: get netns from asoc and ep base
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
- Bluetooth: 6lowpan: fix BDADDRLE vs ADDRLE_DEV address type confusion
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path {CVE-2025-40282}
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF {CVE-2025-40283}
- net: fec: correct rx_bytes statistic for the case SHIFT16 is set
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
- NFS4: Fix state renewals missing after boot
- compiler_types: Move unused static inline functions warning to W=2
- extcon: adc-jack: Cleanup wakeup source only if it was enabled
- tracing: Fix memory leaks in createfieldvar()
- net: usb: qmiwwan: initialize MAC header offset in qmimuxrx_fixup {CVE-2025-68192}
- sctp: Prevent TOCTOU out-of-bounds write {CVE-2025-40331}
- sctp: Hold RCU read lock while iterating over address list
- net: dsa: b53: stop reading ARL entries if search is done
- net: dsa: b53: fix enabling ip multicast
- net: dsa: b53: fix resetting speed and pause on forced link
- net: dsa: b53: prevent GMIIPORTOVERRIDE_CTRL access on BCM5325
- net: dsa/b53: change b53forceport_config() pause argument
- net: vlan: sync VLAN features with lower device
- ceph: add checking of waitforcompletion_killable() return value
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds {CVE-2025-40304}
- ACPI: property: Return present device nodes only on fwnode interface
- 9p: sysfs_init: don't hardcode error to ENOMEM
- 9p: fix /sys/fs/9p/caches overwriting itself
- fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink
- ACPICA: Update dsmethod.c to get rid of unused variable warning
- orangefs: fix xattr related buffer overflow... {CVE-2025-40306}
- page_pool: Clamp pool size to max 16K pages
- Bluetooth: bcsp: receive data only if registered {CVE-2025-40308}
- Bluetooth: SCO: Fix UAF on scoconnfree {CVE-2025-40309}
- net: macb: avoid dealing with endianness in macbsethwaddr()
- nfs4setupreaddir(): insufficient locking for ->dparent->dinode dereferencing {CVE-2025-68185}
- NFSv4.1: fix mount hang after CREATE_SESSION failure
- NFSv4: handle ERR_GRACE on delegation recalls
- remoteproc: qcom: q6v5: Avoid handling handover twice
- sparc/module: Add RSPARCUA64 relocation handling
- net: intel: fm10k: Fix parameter idx set but not used
- jfs: fix uninitialized waitqueue in transaction manager {CVE-2025-68168}
- jfs: Verify inode mode when loading from disk {CVE-2025-40312}
- ipv6: np->rxpmtu race annotation
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs
- allow finishnoopen(file, ERR_PTR(-E...))
- scsi: lpfc: Define size of debugfs entry for xri rebalancing
- scsi: lpfc: Check return status of lpfcresetflushiocontext during TGT_RESET
- selftests/Makefile: include $(INSTALLDEPTARGETS) in clean target to clean net/lib dependency
- net/clscgroup: Fix taskget_classid() during qdisc run
- selftests: Replace sleep with slowwait
- selftests: Disable dad for ipv6 in fcnal-test.sh
- media: redrat3: use int type to store negative error codes
- net: sh_eth: Disable WoL if system can not suspend
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy
- usb: gadget: f_hid: Fix zero length packet transfer
- net: call cond_resched() less often in _releasesock()
- ALSA: usb-audio: apply quirk for MOONDROP Quark2
- net: nfc: nci: Increase NCIDATATIMEOUT to 3000 ms
- dmaengine: dw-edma: Set status for callback_result
- dmaengine: mvxor: match allocwc and free_wc
- dmaengine: sh: setup_xref error handling
- scsi: pm8001: Use int instead of u32 to store error codes
- mips: lantiq: xway: sysctrl: rename stp clock
- mips: lantiq: danube: add missing device_type in pci node
- mips: lantiq: danube: add missing properties to cpu node
- media: fix uninitialized symbol warnings
- drm/amdkfd: Tie UNMAPLATENCY to queuepreemption
- extcon: adc-jack: Fix wakeup source leaks on device unbind
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call
- net: Call tracesockexceedbuflimit() for memcg failure with SKMEMRECV.
- net: When removing nexthops, don't call synchronize_net if it is not necessary
- char: misc: Does not request module for miscdevice with dynamic minor
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet
- iio: adc: spearadc: mask SPEARADC_STATUS channel and avg sample before setting register
- media: imon: make send_packet() more robust {CVE-2025-68194}
- net: ipv6: fix field-spanning memcpy warning in AH output {CVE-2025-40363}
- bridge: Redirect to backup port when port is administratively down
- powerpc/eeh: Use result of error_detected() in uevent
- x86/vsyscall: Do not require X86PFINSTR to emulate vsyscall
- media: pci: ivtv: Don't create fake v4l2_fh
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs
- selftests/net: Ensure assert() triggers in psock_tpacket.c
- selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8
- PCI: Disable MSI on RDC PCI to PCIe bridges
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf()
- mfd: madera: Work around false-positive -Wininitialized warning
- mfd: stmpe-i2c: Add missing MODULE_LICENSE
- mfd: stmpe: Remove IRQ domain upon removal
- tools/power x86energyperf_policy: Prefer driver HWP limits
- tools/power x86energyperf_policy: Enhance HWP enable
- tools/cpupower: Fix incorrect size in cpuidlestatedisable()
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040
- uprobe: Do not emulate/sstep original instruction when ip is changed
- clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556
- tee: allow a driver to allocate a tee_device without a pool
- ACPICA: dispatcher: Use acpidsclearoperands() in acpidscallcontrol_method()
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card
- irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment
- arc: Fix __fls() const-foldability via _builtinclzl()
- cpufreq/longhaul: handle NULL policy in longhaul_exit {CVE-2025-68177}
- selftests/bpf: Fix bpfprogdetach2 usage in testlircmode2
- ACPI: video: force native for Lenovo 82K8
- memstick: Add timeout to prevent indefinite waiting
- mmc: host: renesas_sdhi: Fix the actual clock
- bpf: Don't use %pK through printk
- spi: loopback-test: Don't use %pK through printk
- soc: qcom: smem: Fix endian-unaware access of num_entries
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable. {CVE-2025-40315}
- serial: 8250_dw: handle reset control deassert error
- serial: 8250dw: Use devmaddactionor_reset()
- serial: 8250dw: Use devmclkgetoptional() to get the input clock
- can: gsusb: increase max interface to U8MAX
- devcoredump: Fix circular locking dependency with devcd->mutex.
- net: ravb: Enforce descriptor type ordering
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode {CVE-2025-40321}
- net: phy: dp83867: Disable EEE support as not implemented
- regmap: slimbus: fix bus_context pointer in regmap init calls {CVE-2025-40317}
- drm/etnaviv: fix flush sequence logic
- usbnet: Prevents free active kevent {CVE-2025-68312}
- wifi: ath10k: Fix memory leak on unsupported WMI command
- ASoC: qdsp6: q6asm: do not sleep while atomic
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init
- fbdev: pvr2fb: Fix leftover reference to ONCHIPNRDMA_CHANNELS
- fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322}
- ACPI: video: Fix use-after-free in acpivideoswitch_brightness() {CVE-2025-40211}
- fbdev: atyfb: Check if pllops->initpll failed
- net: usb: asixdevices: Check return value of usbnetget_endpoints
- btrfs: use smpmbafteratomic() when forcing COW in creatependingsnapshot()
- x86/bugs: Fix reporting of LFENCE retpoline
- net/sched: schqfq: Fix null-deref in aggdequeue {CVE-2025-40083}
- RDMA/cm: Rate limit destroy CM ID timeout error message
- soc/pensando: giglio: hack dts to make things right
- soc/pensando: Add AMD Pensando Giglio SoC support
- soc/pensando: psci support
- soc/pensando: Giglio SoC eMMC interrupt driver
- Reapply "cpuidle: menu: Avoid discarding useful information"
- fbcon: fix integer overflow in font allocation
- uek-rpm: Introduce check function for uek-rpm/tools/kabi
- rds: Add smprmb before reading cdestroyinprog
- uiohvgeneric: Set event for all channels on the device
- ata: libata-scsi: Fix system suspend for a security locked drive
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155
- scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt
- References