CLSA-2026:1771239384

[CLSA-2026:1771239384] kernel: Fix of 75 CVEs

Type:

security

Severity:

Important

Release date:

2026-02-16 10:56:28 UTC

Description:

- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit {CVE-2025-39766}
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL {CVE-2023-53680}
- scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() {CVE-2023-53676}
- KVM: x86: use array_index_nospec with indices that come from guest {CVE-2025-39823}
- ftrace: Also allocate and copy hash for reading of filter files {CVE-2025-39689}
- ext4: improve error handling from ext4_dirhash() {CVE-2023-53473}
- rcu: Protect ->defer_qs_iw_pending from data race {CVE-2025-39749}
- ring-buffer: Fix deadloop issue on reading trace_pipe {CVE-2023-53668}
- fs/proc: fix uaf in proc_readdir_de() {CVE-2025-40271}
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer {CVE-2025-40269}
- Bluetooth: ISO: Fix possible UAF on iso_conn_free {CVE-2025-40141}
- pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574}
- lib: cpu_rmap: Avoid use after free on rmap->obj array entries {CVE-2023-53484}
- ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572}
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit {CVE-2025-38685}
- fbdev: fix potential buffer overflow in do_register_framebuffer() {CVE-2025-38702}
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path {CVE-2025-39911}
- libceph: fix invalid accesses to ceph_connection_v1_info {CVE-2025-39880}
- bus: mhi: host: Detect events pointing to unexpected TREs {CVE-2025-39790}
- nvmet: fix out-of-bounds access in nvmet_enable_port {CVE-2025-37825}
- net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail() {CVE-2023-54155}
- wifi: mwifiex: Initialize the chan_stats array to zero {CVE-2025-39891}
- i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853}
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() {CVE-2025-38680}
- fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691}
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device {CVE-2023-54015}
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages {CVE-2023-53996}
- page_pool: Fix use-after-free in page_pool_recycle_in_ring {CVE-2025-38129}
- page_pool: fix inconsistency for page_pool_ring_[un]lock()
- net: page_pool: use in_softirq() instead {CVE-2025-38129}
- vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248}
- vsock: avoid to close connected socket after the timeout {CVE-2025-40248}
- sctp: avoid NULL dereference when chunk data buffer is missing {CVE-2025-40240}
- smb: client: let recv_done verify data_offset, data_length and remaining_data_length {CVE-2025-39933}
- net: phylink: add lock for serializing concurrent pl->phydev writes with resolver {CVE-2025-39905}
- i40e: validate ring_len parameter against hardware-specific values
- i40e: add validation for ring_len param {CVE-2025-39973}
- i40e: increase max descriptors for XL710
- i40e: remove read access to debugfs files {CVE-2025-39901}
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory {CVE-2025-39883}
- wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work {CVE-2025-39863}
- i2c: tegra: check msg length in SMBUS block read {CVE-2025-38425}
- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods {CVE-2025-38395}
- virtio-net: ensure the received length does not exceed allocated size {CVE-2025-38375}
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify {CVE-2025-38102}
- vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403}
- can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004}
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow {CVE-2023-54102}
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() {CVE-2022-50865}
- tcp: minor optimization in tcp_add_backlog() {CVE-2022-50865}
- block, bfq: fix uaf for bfqq in bic_set_bfqq() {CVE-2023-52983}
- block, bfq: replace 0/1 with false/true in bic apis
- block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq {CVE-2022-50329}
- block, bfq: fix possible uaf for 'bfqq->bic' {CVE-2022-50488}
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729}
- Squashfs: check return result of sb_min_blocksize {CVE-2025-38415}
- ftrace: Fix UAF when lookup kallsym after ftrace disabled {CVE-2025-38346}
- arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() {CVE-2025-38320}
- ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212}
- net/mdiobus: Fix potential out-of-bounds read/write access {CVE-2025-38111}
- net: mdio: C22 is now optional, EOPNOTSUPP if not provided
- net: atm: fix /proc/net/atm/lec handling {CVE-2025-38180}
- net: atm: add lec_mutex {CVE-2025-38323}
- Bluetooth: hci_sync: always check if connection is alive before deleting
- Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync {CVE-2023-53762}
- Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync
- Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete {CVE-2025-38118}
- Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync {CVE-2024-58013}
- net_sched: remove qdisc_tree_flush_backlog()
- net_sched: ets: fix a race in ets_qdisc_change() {CVE-2025-38107}
- net_sched: tbf: fix a race in tbf_change()
- net_sched: prio: fix a race in prio_tune() {CVE-2025-38083}
- net_sched: red: fix a race in __red_change() {CVE-2025-38108}
- HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() {CVE-2025-38103}
- smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051}
- wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157}
- wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request {CVE-2025-38013}
- libceph: fix potential use-after-free in have_mon_and_osd_map() {CVE-2025-68285}
- VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF {CVE-2023-53259}
- mptcp: fix race condition in mptcp_schedule_work() {CVE-2025-40258}
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping {CVE-2025-40154}
- wifi: ath10k: Delay the unmapping of the buffer {CVE-2022-50700}
- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind {CVE-2025-68305}
- ALSA: pcm: Fix potential data race at PCM memory allocation helpers {CVE-2023-54072}
- drm/amd/display: fix FCLK pstate change underflow {CVE-2023-53780}
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE {CVE-2025-40277}
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). {CVE-2025-38245}

Updated packages:

bpftool-7.0.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:9d0dec11305496885ebfe98245d87a806e44fd2b918acc2928fe63155fb31961
kernel-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:b929e93d68449142e5cd2b7ae0056cd3d13d9f50e795a20550c78cdcc3e32117
kernel-abi-stablelists-5.14.0-284.1101.el9_2.tuxcare.7.els28.noarch.rpm
sha:c43afd3b7c4c5624120d2c0f13cfd083b0bf51d1e104bde4869c5c5abb508c8c
kernel-core-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:ab00bed954a28a91a629098a6ff862a9015fb34767b04378218e82c989ed3059
kernel-cross-headers-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:9c54361cf1478262c441e0f3bf36cccf213598160021bc104808910fd402cb93
kernel-debug-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:8d431e7241c7d00b8466aa31690e94e1fab43be93fab22451910b325a5cc8457
kernel-debug-core-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:5f5326dc5682c5ca89b67df6727b83cdaff30e8326696ef7bf563d2e392367b7
kernel-debug-devel-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:b586595de3caf978118c743735c08d51b07c96eaaf46c0e6faae927ea151b6ae
kernel-debug-devel-matched-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:88e4084e9521708d61a5c687eb7d34760e684a39a54e5dafc7e819d345297f47
kernel-debug-modules-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:5c7067a3bf037de53bac3be8441186db178869904658c74a1f9a7ea9cd2fb54a
kernel-debug-modules-core-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:2d19b5be4bae379c5e500d3e95bdb06ddbc842fe4e65e0929127c42c1ea47dac
kernel-debug-modules-extra-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:008f5fc9ebc938d2d100e54108ec7c4af1055a764433c5957acdb99fa5a494ce
kernel-debug-modules-internal-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:8e71690aa484b63eb9a82c253f7e03070ee54154cc8f72a0d0f0595cbfd56eae
kernel-debug-modules-partner-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:6d84efe1aebcc636825874b382cd73a9de9398a5de03d12c4ae67de5ab0b79e6
kernel-debug-uki-virt-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:87ebfee2036c1b7517f1df5c115e46f5dbd010eedac27d30c9f7182563ecc427
kernel-devel-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:0a1a9089ecb76617b50c9e40793bcbf0b161a5c458fd544376284657f60147e4
kernel-devel-matched-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:c4c4f576db809e514e90a81ff435f815c79ba2bdb166d610d99de5364e91eac0
kernel-doc-5.14.0-284.1101.el9_2.tuxcare.7.els28.noarch.rpm
sha:e4662fb7c6b13aaa8e09c261b0fbfc0766166711e2810bb611c535c086084210
kernel-headers-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:0beebf253eb36a59869203433396cdd429f2af6c06e6b54c7f26d030c3468177
kernel-ipaclones-internal-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:00c8846c7ca6aa14bdf122b164fb82d50d2caf52facd5fb70e923cfcfe6928e2
kernel-modules-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:1652cfa0f3b07ce661dbefe8f9db02a9e2b3ba6ec1299be3ef26942193419c50
kernel-modules-core-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:388f2f3829f874c159cbe028062b4cdbf94d21c89748477847b9681af42e7b47
kernel-modules-extra-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:60ba3d4194e25ea3ebe36d42f94749447810ba20ee8b9c8e75da6f8cd8f2b0c9
kernel-modules-internal-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:efa1acc2745e708c8477ff25b1e0ae30d70feb76eaf266d36946aae030f5d590
kernel-modules-partner-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:2ae2b55bc6d0047df13f5da9df69fec8963afdf6e369ab04f0d9fe3933c37eed
kernel-selftests-internal-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:da1c51bc0441408b3b4a8c100bcba11281290b66131a647fe67a45ff26274495
kernel-tools-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:8c56f466d482d358bb85b50952122bb6dc18b3d005b890fba82fce77adda2523
kernel-tools-libs-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:988a0c8a85a95e9eb23fc9b8b058821a20e20093abcba839e9a608c199ce991f
kernel-tools-libs-devel-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:7cd650acc6fbf347a0bfc95519093d4d6a0ec85b662df698993942cfe2fd3351
kernel-uki-virt-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:3af5ef8b11abf6ac87c6ebdc95f056b23ab9097efff41a3588ae0ce3b1352d64
libbpf-1.0.0-2.el9_2.tuxcare.7.els28.i686.rpm
sha:fd953dc8ba41e89f4891f7bfc4b8d82bbcd1f6bcd0e00cfed5bc5cd2f87005cb
libbpf-1.0.0-2.el9_2.tuxcare.7.els28.x86_64.rpm
sha:d79f7bad5468a3757fbce48c8799cb39e3e9f6370c29e51c1ebd57d8a2bd5634
libbpf-devel-1.0.0-2.el9_2.tuxcare.7.els28.i686.rpm
sha:a19267b6c9aa1a92cc31ffae6c20eebc66fa4db618bd47252212068997ba723f
libbpf-devel-1.0.0-2.el9_2.tuxcare.7.els28.x86_64.rpm
sha:a0f50d4cf424992f5a396cf67427a2a5b7f1836dcdcb598ffb800003aa12f924
libbpf-static-1.0.0-2.el9_2.tuxcare.7.els28.i686.rpm
sha:fa490cf0483cd0b8f2c6624b9f0805dc4b62ba258c22d75cf509cf829edd41c3
libbpf-static-1.0.0-2.el9_2.tuxcare.7.els28.x86_64.rpm
sha:22c3f3d3602e095ec7e525d1bec0c0f0362ede51b1a1026dac8cbb46deec015d
perf-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:82d5dfa84d67ba1864ad9a2519d77410981b1cb0499da2f4b5e0f17c63bd8060
python3-perf-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:9ae771097ea9d895e16e96e6b34c0cff476287382d74ae1c94388134a61ae874
rtla-5.14.0-284.1101.el9_2.tuxcare.7.els28.x86_64.rpm
sha:8e975968b04e7d18fdb58e6aa4d310afe914cfc23bee3a08507cd430ef2cb99a

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.