[CLSA-2026:1773046198] kernel: Fix of 31 CVEs
Type:
security
Severity:
Important
Release date:
2026-03-09 08:50:02 UTC
Description:
- smb3: fix for slab out of bounds on mount to ksmbd {CVE-2025-38728} - netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX {CVE-2025-38201} - ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729} - net: atm: fix /proc/net/atm/lec handling {CVE-2025-38180} - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. {CVE-2025-39913} - fs: writeback: fix use-after-free in __mark_inode_dirty() {CVE-2025-39866} - KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration {CVE-2023-54296} - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats {CVE-2025-68800} - net/sched: Enforce that teql can only be used as root qdisc {CVE-2026-23074} - net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() {CVE-2023-54114} - isofs: Prevent the use of too small fid {CVE-2025-37780} - media: dvb-frontends: avoid stack overflow warnings with clang {CVE-2024-27075} - ipv6: Fix infinite recursion in fib6_dump_done(). {CVE-2024-35886} - HID: core: do not bypass hid_hw_raw_request {CVE-2025-38494} - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds {CVE-2025-40304} - HID: asus: fix UAF via HID_CLAIMED_INPUT validation {CVE-2025-39824} - cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945} - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer {CVE-2025-40269} - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid {CVE-2025-68349} - pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574} - ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572} - fbdev: fix potential buffer overflow in do_register_framebuffer() {CVE-2025-38702} - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path {CVE-2025-39911} - wifi: mwifiex: Initialize the chan_stats array to zero {CVE-2025-39891} - i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853} - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() {CVE-2025-38680} - fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691} - fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322} - usb: core: config: Prevent OOB read in SS endpoint companion parsing {CVE-2025-39760} - mptcp: fix race condition in mptcp_schedule_work() {CVE-2025-40258} - KVM: x86: Reset IRTE to host control if *new* route isn't postable {CVE-2025-37885}
Updated packages:
  • bpftool-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:f1a97ed56f769b878805da3bb8276a4ad45b625657014ef3225a9e21dcb4f1e9
  • kernel-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:dd72c395fa4e886db7224648f93b8c3b36bf870e1f86e593169a1129c1782678
  • kernel-core-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:3cd0e5449cf02be14e677cbf2a7baa9d370708013fc5769dcfccc01a86aa6ac5
  • kernel-cross-headers-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:575724d641572f06543268f06f5f5311372a8a8afb49d2593be196a9e0cd9c92
  • kernel-debug-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:90bd5fd0ee0881e634d817fc3a674e3ffdbf0c50a868507c0ec07cd0a56ffe26
  • kernel-debug-core-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:744b34a4616279998cc5dbaa416f1e889c567b3f8d213e05eb2144cb66fb44a1
  • kernel-debug-devel-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:eb2940f11a4d3124c27f2c261a2b820f0ca6c36949d4e3ff4dfaed3b12a932d9
  • kernel-debug-modules-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:91412b8ca5d5e23c82160752f4a676a72cdd9b3723db5068ae64fab32c88cf39
  • kernel-debug-modules-extra-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:17c0a8939ff80bd16766902d3599c089c1b9e6c10ba1b8c71cc1a5c886958419
  • kernel-debug-modules-internal-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:5d83cfddeff3356f87c8db8eae0324eec7f995033a589979bf781b265b949256
  • kernel-devel-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:8b8d2280f88aaa5889675209228feb7e870fac504a6e3927786253776b688f3e
  • kernel-headers-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:b7abfce7b8ffa43d749d1b331e0d91964e8faebe55a2ab25357567919ae1710c
  • kernel-ipaclones-internal-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:aee2c9b48f5dbdaeea65b0347e2b713b5d9a6bd297c66d8996e4f2f3588d5455
  • kernel-modules-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:682fd6ed292108e65015409503262442f374b4dd9a279d2c5e03d0cf8493e5f4
  • kernel-modules-extra-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:d127385ddb2b2a56312e7285ec6b5474b8ce192fef67c757109ac67c8f20fc37
  • kernel-modules-internal-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:d9323ee71a032f0ff81db02bb736edf8b20ef537feb2db8458e64567a0fb3ae4
  • kernel-selftests-internal-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:c9df9b193d6216ebff28d371512ecb54a8ba22c3583e326ac5301a9d2e08a30e
  • kernel-tools-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:34fd8b8ed69c6fb485190d0f6d6d4d6df820bee366e90dd8999815a200b86c19
  • kernel-tools-libs-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:c6900eeba26c07200ddd50e7b793c629d0165d9f60ab3a3e34d3718eed85477e
  • kernel-tools-libs-devel-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:011e318920a8a7325bbb9bd25e2addc9f81ac39b91118bb0ec6bd76078ed4978
  • perf-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:1960ca0d8bdfedc156cd74015da5e45f6c33a54c7a6be7b9afe8eaf9f4866269
  • python3-perf-4.18.0-553.6.1.el8_10.tuxcare.els16.x86_64.rpm
    sha:9868310dce95bce127eb82b85a4ad7e8173378ebbb5575c09cfa4ed4376b6347
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.