CLSA-2026-1771239384
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1771239384.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CLSA-2026-1771239384
- Upstream
- Published
- 2026-02-16T10:56:28Z
- Modified
- 2026-05-27T11:33:10.478496696Z
- Summary
- kernel: Fix of 75 CVEs
- Details
-
- net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit {CVE-2025-39766}
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL {CVE-2023-53680}
- scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow() {CVE-2023-53676}
- KVM: x86: use arrayindexnospec with indices that come from guest {CVE-2025-39823}
- ftrace: Also allocate and copy hash for reading of filter files {CVE-2025-39689}
- ext4: improve error handling from ext4_dirhash() {CVE-2023-53473}
- rcu: Protect ->deferqsiw_pending from data race {CVE-2025-39749}
- ring-buffer: Fix deadloop issue on reading trace_pipe {CVE-2023-53668}
- fs/proc: fix uaf in procreaddirde() {CVE-2025-40271}
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer {CVE-2025-40269}
- Bluetooth: ISO: Fix possible UAF on isoconnfree {CVE-2025-40141}
- pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574}
- lib: cpu_rmap: Avoid use after free on rmap->obj array entries {CVE-2023-53484}
- ipv6: reject malicious packets in ipv6gsosegment() {CVE-2025-38572}
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit {CVE-2025-38685}
- fbdev: fix potential buffer overflow in doregisterframebuffer() {CVE-2025-38702}
- i40e: fix IRQ freeing in i40evsirequestirqmsix error path {CVE-2025-39911}
- libceph: fix invalid accesses to cephconnectionv1_info {CVE-2025-39880}
- bus: mhi: host: Detect events pointing to unexpected TREs {CVE-2025-39790}
- nvmet: fix out-of-bounds access in nvmetenableport {CVE-2025-37825}
- net: core: remove unnecessary framesz check in bpfxdpadjusttail() {CVE-2023-54155}
- wifi: mwifiex: Initialize the chan_stats array to zero {CVE-2025-39891}
- i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853}
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvcparseformat() {CVE-2025-38680}
- fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691}
- net/mlx5: Devcom, fix error flow in mlx5devcomregister_device {CVE-2023-54015}
- x86/sev: Make encdechypercall() accept a size instead of npages {CVE-2023-53996}
- pagepool: Fix use-after-free in pagepoolrecyclein_ring {CVE-2025-38129}
- pagepool: fix inconsistency for pagepoolring[un]lock()
- net: pagepool: use insoftirq() instead {CVE-2025-38129}
- vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248}
- vsock: avoid to close connected socket after the timeout {CVE-2025-40248}
- sctp: avoid NULL dereference when chunk data buffer is missing {CVE-2025-40240}
- smb: client: let recvdone verify dataoffset, datalength and remainingdata_length {CVE-2025-39933}
- net: phylink: add lock for serializing concurrent pl->phydev writes with resolver {CVE-2025-39905}
- i40e: validate ring_len parameter against hardware-specific values
- i40e: add validation for ring_len param {CVE-2025-39973}
- i40e: increase max descriptors for XL710
- i40e: remove read access to debugfs files {CVE-2025-39901}
- mm/memory-failure: fix VMBUGON_PAGE(PagePoisoned(page)) when unpoison memory {CVE-2025-39883}
- wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work {CVE-2025-39863}
- i2c: tegra: check msg length in SMBUS block read {CVE-2025-38425}
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods {CVE-2025-38395}
- virtio-net: ensure the received length does not exceed allocated size {CVE-2025-38375}
- VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify {CVE-2025-38102}
- vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403}
- can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004}
- scsi: lpfc: Prevent lpfcdebugfslockstat_write() buffer overflow {CVE-2023-54102}
- tcp: fix a signed-integer-overflow bug in tcpaddbacklog() {CVE-2022-50865}
- tcp: minor optimization in tcpaddbacklog() {CVE-2022-50865}
- block, bfq: fix uaf for bfqq in bicsetbfqq() {CVE-2023-52983}
- block, bfq: replace 0/1 with false/true in bic apis
- block, bfq: fix uaf for bfqq in bfqexiticq_bfqq {CVE-2022-50329}
- block, bfq: fix possible uaf for 'bfqq->bic' {CVE-2022-50488}
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729}
- Squashfs: check return result of sbminblocksize {CVE-2025-38415}
- ftrace: Fix UAF when lookup kallsym after ftrace disabled {CVE-2025-38346}
- arm64/ptrace: Fix stack-out-of-bounds read in regsgetkernelstacknth() {CVE-2025-38320}
- ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212}
- net/mdiobus: Fix potential out-of-bounds read/write access {CVE-2025-38111}
- net: mdio: C22 is now optional, EOPNOTSUPP if not provided
- net: atm: fix /proc/net/atm/lec handling {CVE-2025-38180}
- net: atm: add lec_mutex {CVE-2025-38323}
- Bluetooth: hci_sync: always check if connection is alive before deleting
- Bluetooth: hcisync: Fix UAF in hcidisconnectallsync {CVE-2023-53762}
- Bluetooth: hcisync: Fix UAF on hciabortconnsync
- Bluetooth: MGMT: Fix UAF on mgmtremoveadvmonitorcomplete {CVE-2025-38118}
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmtremoveadvmonitorsync {CVE-2024-58013}
- netsched: remove qdisctreeflushbacklog()
- netsched: ets: fix a race in etsqdisc_change() {CVE-2025-38107}
- netsched: tbf: fix a race in tbfchange()
- netsched: prio: fix a race in priotune() {CVE-2025-38083}
- net_sched: red: fix a race in _redchange() {CVE-2025-38108}
- HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() {CVE-2025-38103}
- smb: client: Fix use-after-free in cifsfilldirent {CVE-2025-38051}
- wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157}
- wifi: mac80211: Set nchannels after allocating struct cfg80211scan_request {CVE-2025-38013}
- libceph: fix potential use-after-free in havemonandosdmap() {CVE-2025-68285}
- VMCI: check context->notifypage after call to getuserpagesfast() to avoid GPF {CVE-2023-53259}
- mptcp: fix race condition in mptcpschedulework() {CVE-2025-40258}
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping {CVE-2025-40154}
- wifi: ath10k: Delay the unmapping of the buffer {CVE-2022-50700}
- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind {CVE-2025-68305}
- ALSA: pcm: Fix potential data race at PCM memory allocation helpers {CVE-2023-54072}
- drm/amd/display: fix FCLK pstate change underflow {CVE-2023-53780}
- drm/vmwgfx: Validate command header size against SVGACMDMAX_DATASIZE {CVE-2025-40277}
- atm: Release atmdevmutex after removing procfs in atmdevderegister(). {CVE-2025-38245}
- References