CLSA-2025:1757961506

[CLSA-2025:1757961506] kernel: Fix of 26 CVEs

Type:

security

Severity:

Important

Release date:

2025-09-15 18:38:29 UTC

Description:

- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() {CVE-2025-38352}
- xfrm: state: fix out-of-bounds read during lookup {CVE-2024-57982}
- nfsd: fix race between laundromat and free_stateid {CVE-2024-50106}
- nfsd: split sc_status out of sc_type {CVE-2024-50106}
- nfsd: avoid race after unhash_delegation_locked() {CVE-2024-50106}
- nfsd: don't call functions with side-effecting inside WARN_ON() {CVE-2024-50106}
- can: peak_usb: fix use after free bugs {CVE-2021-47670}
- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds {CVE-2025-38159}
- i2c/designware: Fix an initialization issue {CVE-2025-38380}
- RDMA/rxe: Fix error unwind in rxe_create_qp() {CVE-2022-50127}
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200}
- udp: Fix memory accounting leak. {CVE-2025-22058}
- Bluetooth: hci_core: Fix use-after-free in vhci_flush() {CVE-2025-38250}
- net_sched: ets: Fix double list add in class with netem as child qdisc {CVE-2025-38085}
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race {CVE-2025-38085}
- mm/khugepaged: fix GUP-fast interaction by sending IPI {CVE-2025-38085}
- padata: fix UAF in padata_reorder {CVE-2025-21727}
- net/sched: Always pass notifications when child class becomes empty {CVE-2025-38350}
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() {CVE-2025-38177}
- sch_ets: make est_qlen_notify() idempotent {CVE-2025-38177}
- sch_qfq: make qfq_qlen_notify() idempotent {CVE-2025-38177}
- sch_hfsc: make hfsc_qlen_notify() idempotent {CVE-2025-38177}
- sch_drr: make drr_qlen_notify() idempotent {CVE-2025-38177}
- sch_htb: make htb_qlen_notify() idempotent {CVE-2025-38177}
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() {CVE-2025-38000}
- net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477}
- tipc: Fix use-after-free in tipc_conn_close(). {CVE-2025-38464}
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction {CVE-2025-38211}
- scsi: lpfc: Use memcpy() for BIOS version {CVE-2025-38332}
- netfilter: xtables: avoid NFPROTO_UNSPEC where needed {CVE-2024-50038}
- netfilter: xtables: Add snapshot of hardidletimer target {CVE-2024-50038}
- crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079}
- ext4: avoid resizing to a partial cluster size {CVE-2022-50020}
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc {CVE-2025-37890}
- net: tipc: fix refcount warning in tipc_aead_encrypt {CVE-2025-38273}
- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done {CVE-2025-38052}
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove {CVE-2025-22020}

Updated packages:

bpftool-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:5a3d26e352e5a3530fb58daf1e18177366669ecbd5d79ffba4199bdd63ba9f55
kernel-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:a1a295d3204595ef29b88c8650ab62edd655109df3c0ea1599bf0ea8e4254b55
kernel-core-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:6369f40409dbdc4828d2f1187f8b3ec7286489b9dfd703cbbc7fb8de28469ee9
kernel-cross-headers-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:4916494e7edebd335a5dccb28c24053976bda2a7a3c2747c886769c74804727c
kernel-debug-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:b3655bdc3754488516e1f5f16d059ecc0a048fca771e90c37a3e2ab9c2420dfd
kernel-debug-core-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:fe4073b8b8c8e5b46b203a13e4911207baa361c3577d728326ac19099bbf0b58
kernel-debug-devel-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:b68cbed87632113a57c59a3e0f14a5587faf2f8ddfa78ca07879b4d9c5fcc598
kernel-debug-modules-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:0bf955fc3a7cbd9b6ca3b7ccb374c186da3b874160ff167e412087198f79fd1e
kernel-debug-modules-extra-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:5df7c107bebc7575804aeca71ebe711fce1eabb7b4575f5235b174b059a3dd23
kernel-debug-modules-internal-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:637341f4c63c7659a11f7ff68e30088f1f6b5dd165f12d90765b229335f76efc
kernel-devel-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:28ab8ee32764233d6401999d05b8b34139fb04a5e1b739573b957caa430ab082
kernel-headers-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:f60e638a05660bba0a4c6058f6c5736b0261528be627e8aa07cb42dd7607979c
kernel-ipaclones-internal-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:88c96ba7cbbec51a18ec9dbedc9c1845ae8a3cd493b324949c67521024f25e07
kernel-modules-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:d62e774a12e0c1617b2859baa3e5aaa7bcc5800a1652a1b8718b9bc0a65af26b
kernel-modules-extra-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:6b3f2cbf24f517ca204d822b0f2956a0ea7b45fc5af5163a16c1c5e6237b43c8
kernel-modules-internal-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:7c06c83d454fe2c017a13385378f23c19a8536ea9d51784144878eb7c4a969a7
kernel-selftests-internal-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:0a53e8843c2ed7771044c7c1083e6b5815094f9fae20d133467b7b03a78be7e3
kernel-tools-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:41d86e4764e2f62e37146ff4e6e5348032071bb898b53e9e86bc4a37cadc9180
kernel-tools-libs-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:a86cefa0746b0a0b2f20fec0c5a303d0e17710de8af407ec99a45355cced9bca
kernel-tools-libs-devel-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:f860d2bae26460766bdb6981024bfecfa14edd9004a07589c499597ae497a1e4
perf-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:071d62d88f8365288770dad2dfeffa64074da31bf78818d3dfe4f9a8c9ed316f
python3-perf-4.18.0-553.6.1.el8_10.tuxcare.els13.x86_64.rpm
sha:4ac61592802643b703b2a69c1e7bab74014997cb14ecb16e16238a7178615b08

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.