[CLSA-2025:1763722365] kernel: Fix of 62 CVEs
Type:
security
Severity:
Important
Release date:
2025-11-21 10:52:49 UTC
Description:
- wifi: mwifiex: Fix OOB and integer underflow when rx packets {CVE-2023-53226} {CVE-2023-53226} - wifi: mac80211: check S1G action frame size {CVE-2023-53257} {CVE-2023-53257} - wifi: cfg80211: fix use-after-free in cmp_bss() {CVE-2025-39864} {CVE-2025-39864} - partitions: mac: fix handling of bogus partition table {CVE-2025-21772} {CVE-2025-21772} - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() {CVE-2024-58014} {CVE-2024-58014} - wifi: at76c50x: fix use after free access in at76_disconnect {CVE-2025-37796} {CVE-2025-37796} - dma-direct: Leak pages on dma_set_decrypted() failure {CVE-2024-35939} {CVE-2024-35939} - Bluetooth: L2CAP: Fix user-after-free {CVE-2022-50386} {CVE-2022-50386} - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare {CVE-2025-39817} {CVE-2025-39817} - wifi: cfg80211: check A-MSDU format more carefully {CVE-2024-35937} {CVE-2024-35937} - nfs: fix UAF in direct writes {CVE-2024-26958} {CVE-2024-26958} - wifi: iwlwifi: mvm: guard against invalid STA ID on removal {CVE-2024-36921} {CVE-2024-36921} - net/smc: avoid data corruption caused by decline {CVE-2023-52775} {CVE-2023-52775} - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() {CVE-2024-39487} {CVE-2024-39487} - scsi: qedi: Fix crash while reading debugfs attribute {CVE-2024-40978} {CVE-2024-40978} - mac802154: fix llsec key resources release in mac802154_llsec_key_del {CVE-2024-26961} {CVE-2024-26961} - platform/x86: wmi: Fix opening of char device {CVE-2023-52864} {CVE-2023-52864} - net/sched: act_mirred: don't override retval if we already lost the skb {CVE-2024-26739} {CVE-2024-26739} - drm/dp_mst: Fix resetting msg rx state after topology removal {CVE-2024-57876} {CVE-2024-57876} - net/mlx5: Add a timeout to acquire the command queue semaphore {CVE-2024-38556} {CVE-2024-38556} - of: Fix double free in of_parse_phandle_with_args_map {CVE-2023-52679} {CVE-2023-52679} - xhci: Handle TD clearing for multiple streams case {CVE-2024-40927} {CVE-2024-40927} - wifi: mac80211: fix potential key use-after-free {CVE-2023-52530} {CVE-2023-52530} - net: openvswitch: Fix Use-After-Free in ovs_ct_exit {CVE-2024-27395} {CVE-2024-27395} - r8169: Fix possible ring buffer corruption on fragmented Tx packets. {CVE-2024-38586} {CVE-2024-38586} - media: gspca: cpia1: shift-out-of-bounds in set_flicker {CVE-2023-52764} {CVE-2023-52764} - media: bttv: fix use after free error due to btv->timeout timer {CVE-2023-52847} {CVE-2023-52847} - vsock: Fix transport_* TOCTOU {CVE-2025-38461} {CVE-2025-38461} - ppdev: Add an error check in register_device {CVE-2024-36015} {CVE-2024-36015} - HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556} {CVE-2025-38556} - iio: adc: at91: call input_free_device() on allocated iio_dev {CVE-2024-57904} {CVE-2024-57904} - perf/aux: Fix AUX buffer serialization {CVE-2024-46713} {CVE-2024-46713} - net_sched: hfsc: Fix a UAF vulnerability in class handling {CVE-2025-37797} {CVE-2025-37797} - wifi: rtlwifi: remove unused check_buddy_priv {CVE-2024-58072} {CVE-2024-58072} - wifi: rtlwifi: remove unused dualmac control leftovers {CVE-2024-58072} {CVE-2024-58072} - wifi: rtlwifi: remove unused timer and related code {CVE-2024-58072} {CVE-2024-58072} - ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() {CVE-2025-22121} {CVE-2025-22121} - ext4: move where set the MAY_INLINE_DATA flag is set {CVE-2025-22121} {CVE-2025-22121} - ext4: introduce ITAIL helper {CVE-2025-22121} {CVE-2025-22121} - ext4: improve xattr consistency checking and error reporting {CVE-2025-22121} {CVE-2025-22121} - mm: fix zswap writeback race condition {CVE-2023-53178} {CVE-2023-53178} - fs: fix UAF/GPF bug in nilfs_mdt_destroy {CVE-2022-50367} {CVE-2022-50367} - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control - ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757} {CVE-2025-39757} - smb: client: fix use-after-free in cifs_oplock_break {CVE-2025-38527} {CVE-2025-38527} - crypto: seqiv - Handle EBUSY correctly {CVE-2023-53373} {CVE-2023-53373} - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() {CVE-2024-56539} {CVE-2024-56539} - bpf: Remove tst_run from lwt_seg6local_prog_ops. {CVE-2024-46754} {CVE-2024-46754} - drm/amdgpu: set the right AMDGPU sg segment limitation {CVE-2024-56594} {CVE-2024-56594} - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice {CVE-2025-38001} {CVE-2025-38001} - idpf: convert control queue mutex to a spinlock {CVE-2025-38392} {CVE-2025-38392} - kobject_uevent: Fix OOB access within zap_modalias_env() {CVE-2024-42292} {CVE-2024-42292} - bpf: Don't use tnum_range on array range checking for poke descriptors {CVE-2022-49985} {CVE-2022-49985} - net: usb: smsc75xx: Limit packet length to skb->len {CVE-2023-53125} {CVE-2023-53125} - soundwire: cadence: fix invalid PDI offset {CVE-2024-38635} {CVE-2024-38635} - usb: cdc-acm: Check control transfer buffer size before access {CVE-2025-21704} {CVE-2025-21704} - vfio/pci: Properly hide first-in-list PCIe extended capability {CVE-2024-53214} {CVE-2024-53214} - igb: Fix potential invalid memory access in igb_init_module() {CVE-2024-52332} {CVE-2024-52332} - do_change_type(): refuse to operate on unmounted/not ours mounts {CVE-2025-38498} {CVE-2025-38498} - Bluetooth: qca: add missing firmware sanity checks {CVE-2024-36880} {CVE-2024-36880} - Bluetooth: L2CAP: Fix use-after-free {CVE-2023-53305} {CVE-2023-53305} - ovl: Filter invalid inodes with missing lookup function {CVE-2024-56570} {CVE-2024-56570} - enic: Validate length of nl attributes in enic_set_vf_port {CVE-2024-38659} {CVE-2024-38659} - dm array: fix releasing a faulty array block twice in dm_array_cursor_end {CVE-2024-57929} {CVE-2024-57929} - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() {CVE-2025-39730} {CVE-2025-39730} - drm/amd/display: Skip finding free audio for unknown engine_id {CVE-2024-42119} {CVE-2024-42119} - drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616} {CVE-2024-56616} - sctp: linearize cloned gso packets in sctp_rcv {CVE-2025-38718} {CVE-2025-38718}
Updated packages:
  • bpftool-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:f7a699da0f78865bd723f1cdbb8bc5a8f72bade8c0695020746cebb0bfd38fc9
  • kernel-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:c0d00ef09d70702c16fd85cbc2540c95f6f303de701fbeba236c253bb7273ca2
  • kernel-core-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:dedde106a590d50bd9484ce99193211d4237f752f85cb14a21dfb08bb22b364b
  • kernel-cross-headers-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:5ca080d6243533b721da336268071d1ecb3ea10010b4d90657f164b660922a09
  • kernel-debug-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:24cf0e841123eb6c8d6a735a7d0bbe75cff65d7bbd626514fb6dc8ad398493e6
  • kernel-debug-core-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:d210a63ef075be0b9f32df328cdb6d126884a31b91fa3f6c613f61e781ff60d5
  • kernel-debug-devel-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:08ef847d159ddf6560124cbdbb5c7858c92efcbcb5d4d66f694f32aa38809bf9
  • kernel-debug-modules-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:7f699f22e37cc01b035a291386c9214706fdca2b797fdf954007f2c195bc5368
  • kernel-debug-modules-extra-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:439632e160b5aecfe38950600f3031f8605ce9d4ef6819acf5b895670a464849
  • kernel-debug-modules-internal-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:6ea8f7ba4e263d543f28e21db4fef6ba67d63d3d68c922d070a5b6fafcea1762
  • kernel-devel-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:b7c43e230973ed2742af854d7521f02af068c687240d28bab51b8221661c2a58
  • kernel-headers-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:6043973d59a51c1ae04e0faa7740fce80b0a94391491214ce8b5cbb35a73f7ac
  • kernel-ipaclones-internal-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:cf9a7aabd6eb7cd4763e737fd37a0c4d57f4395f7328843d0c1e375157269878
  • kernel-modules-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:0c6af51f2633093d28d391676c2f84c8d81f4947855517d9a4c12dfa1f50ba1d
  • kernel-modules-extra-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:7c9f01937c74ea27f326c07cde1065521cd80b315421ac03671865726f4b84ed
  • kernel-modules-internal-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:563801b8a474e439a6f766f626012b2d8c96e9e9167a1399f1c36dc9214f7bb3
  • kernel-selftests-internal-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:20d4d6e3f80b28dc5e1e753c85dec0f6d443fe72148fecaaa6baeb09ca83c2b3
  • kernel-tools-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:4ddac8aeee445daad91867641cb381346e39ccfc5ecae41a4eafb20a27a05141
  • kernel-tools-libs-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:9f372ee76b45717758e9e19e512dd36eda03bbf2b2727ddf14fd5f9e63b27cfb
  • kernel-tools-libs-devel-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:3e08a03a2012170ae49abb5bb92169d668e0b565205a7cada6972c30c1f09ee7
  • perf-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:43a3e0059eace63844a22a7eab5526833f79a7744d473f6652ba290056f92245
  • python3-perf-4.18.0-553.6.1.el8_10.tuxcare.els14.x86_64.rpm
    sha:bf2d584083331d289c3b750c37bb9f8baad2566a220a80c0598b9d75404efde2
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.