[CLSA-2026:1771077729] kernel: Fix of 107 CVEs
Type:
security
Severity:
Important
Release date:
2026-02-14 14:02:12 UTC
Description:
- net/ieee802154: don't warn zero-sized raw_sendmsg() {CVE-2022-50706} - bpf: Don't redirect packets with invalid pkt_len {CVE-2022-49975} - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() {CVE-2025-38680} - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network {CVE-2022-49865} - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() {CVE-2023-53676} - ring-buffer: Fix deadloop issue on reading trace_pipe {CVE-2023-53668} - binfmt_misc: fix shift-out-of-bounds in check_special_flags {CVE-2022-50497} - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer {CVE-2025-40269} - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid {CVE-2025-68349} - pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574} - lib: cpu_rmap: Avoid use after free on rmap->obj array entries {CVE-2023-53484} - ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572} - fbdev: fix potential buffer overflow in do_register_framebuffer() {CVE-2025-38702} - i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853} - fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691} - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue {CVE-2022-50164} - mptcp: fix race condition in mptcp_schedule_work() {CVE-2025-40258} - fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322} - smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051} - net: atm: fix /proc/net/atm/lec handling {CVE-2025-38180} - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function {CVE-2023-53039} - Bluetooth: L2CAP: Fix use-after-free {CVE-2023-53305} - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work {CVE-2025-39863} - sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed {CVE-2022-50103} - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() {CVE-2025-38724} - xfrm: Duplicate SPI Handling {CVE-2025-39797} - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input {CVE-2022-50030} - net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent {CVE-2022-48883} - net/mlx5e: Move representor neigh cleanup to profile cleanup_tx {CVE-2023-54148} - dm raid: fix address sanitizer warning in raid_resume {CVE-2022-50085} - Squashfs: check the inode number is not the invalid value of zero {CVE-2024-26982} - ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() {CVE-2022-50050} - platform/x86: wmi: Fix opening of char device {CVE-2023-52864} - nfs: fix UAF in direct writes {CVE-2024-26958} - iomap: iomap: fix memory corruption when recording errors during writeback {CVE-2022-50406} - drm/amdkfd: Fix an illegal memory access {CVE-2023-53090} - HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556} - scsi: target: Fix WRITE_SAME No Data Buffer crash {CVE-2022-21546} - ALSA: pcm: Fix potential data race at PCM memory allocation helpers {CVE-2023-54072} - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes {CVE-2023-53077} - net: bridge: use DEV_STATS_INC() {CVE-2023-52578} - i40e: fix idx validation in config queues msg {CVE-2025-39971} - loop: Fix use-after-free issues {CVE-2023-53111} - fs: prevent out-of-bounds array speculation when closing a file descriptor {CVE-2023-53117} - media: rc: fix races with imon_disconnect() {CVE-2025-39993} - fbcon: Make sure modelist not set on unregistered console {CVE-2025-38198} - vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248} - Bluetooth: hci_event: call disconnect callback before deleting conn {CVE-2023-53673} - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() {CVE-2023-52594} - pid: take a reference when initializing `cad_pid` {CVE-2021-47118} - net: ppp: Add bound checking for skb data on ppp_sync_txmung {CVE-2025-37749} - iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid {CVE-2025-37927} - tracing: Fix oob write in trace_seq_to_buffer() {CVE-2025-37923} - jbd2: remove wrong sb->s_sequence check {CVE-2025-37839} - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too {CVE-2025-37823} - ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729} - libceph: fix potential use-after-free in have_mon_and_osd_map() {CVE-2025-68285} - mac802154: fix llsec key resources release in mac802154_llsec_key_del {CVE-2024-26961} - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() {CVE-2024-39487} - net/mlx5: Discard command completions in internal error {CVE-2024-38555} - firewire: net: fix use after free in fwnet_finish_incoming_packet() {CVE-2023-53432} - tracing: Fix wild-memory-access in register_synth_event() {CVE-2022-49799} - i2c: i801: Don't generate an interrupt on bus reset {CVE-2021-47153} - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update {CVE-2024-35855} - SUNRPC: Fix UAF in svc_tcp_listen_data_ready() {CVE-2023-52885} - scsi: qedi: Fix crash while reading debugfs attribute {CVE-2024-40978} - kobject_uevent: Fix OOB access within zap_modalias_env() {CVE-2024-42292} - RDMA/srpt: Do not register event handler until srpt device is fully setup {CVE-2024-26872} - ipv6: Fix infinite recursion in fib6_dump_done(). {CVE-2024-35886} - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) {CVE-2022-50093} - drm/shmem-helper: Remove another errant put in error path {CVE-2023-53084} - wifi: mac80211: Fix UAF in ieee80211_scan_rx() {CVE-2022-49934} - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() {CVE-2022-50185} - ext4: fix undefined behavior in bit shift for ext4_check_flag_values {CVE-2022-50403} - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() {CVE-2022-50279} - ftrace: Fix UAF when lookup kallsym after ftrace disabled {CVE-2025-38346} - nbd: fix incomplete validation of ioctl arg {CVE-2023-53513} - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). {CVE-2025-38245} - net: atm: add lec_mutex {CVE-2025-38323} - wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157} - netlink: prevent potential spectre v1 gadgets {CVE-2023-53000} - net: mdio: fix undefined behavior in bit shift for __mdiobus_register {CVE-2022-49907} - be2net: Fix buffer overflow in be_get_module_eeprom {CVE-2022-49581} - isofs: Prevent the use of too small fid {CVE-2025-37780} - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping {CVE-2025-40154} - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE {CVE-2025-40277} - drm/amd/display: Check pipe offset before setting vblank {CVE-2024-42120} - dm raid: fix accesses beyond end of raid member array {CVE-2022-49674} - ftrace: Fix invalid address access in lookup_rec() when index is 0 {CVE-2023-53075} - usbnet: Fix linkwatch use-after-free on disconnect {CVE-2022-50220} - wifi: cfg80211: Fix use after free for wext {CVE-2023-53153} - igb: Do not free q_vector unless new one was allocated {CVE-2022-50252} - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). {CVE-2025-39955} - ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212} - vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403} - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug {CVE-2025-38024} - Squashfs: check return result of sb_min_blocksize {CVE-2025-38415} - VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF {CVE-2023-53259} - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow {CVE-2023-54102} - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device {CVE-2023-54015} - perf/core: Bail out early if the request AUX area is out of bound {CVE-2023-52835} - r8169: Fix possible ring buffer corruption on fragmented Tx packets. {CVE-2024-38586} - sctp: handle the error returned from sctp_auth_asoc_init_active_key {CVE-2022-50243} - net: openvswitch: Fix Use-After-Free in ovs_ct_exit {CVE-2024-27395} - media: gspca: cpia1: shift-out-of-bounds in set_flicker {CVE-2023-52764} - stm class: Fix a double free in stm_register_device() {CVE-2024-38627} - leds: trigger: Unregister sysfs attributes before calling deactivate() {CVE-2024-43830}
Updated packages:
  • bpftool-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:b26c7fd17585cb1383641c666219807f518d8e51e88bc57f0479534db8c6bd02
  • kernel-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:302215100bd03e5babb28a832eeffc85a071b8b4833941c77eb6d8933cb9a5dc
  • kernel-core-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:0bfb63aa390b02302554afd6898a5f276bab04e3b37fb362f058c0db393130d6
  • kernel-cross-headers-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:974d4decb93f1ac6d51beaaf3cb63cb52f892142a0f7fc2906e2bf436cb15262
  • kernel-debug-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:24faa5f40b3214721853526dff4c56a5733ac2294e5ac7a27dba1a592f4bc434
  • kernel-debug-core-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:fd0daae597d913787a11febdea4c88734b39fc2bc24cebc9a174456220effe31
  • kernel-debug-devel-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:2d09e2579d9392cd3e318cdd9bdf144fb73be2e69b7263e17313f697d1fb6679
  • kernel-debug-modules-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:b63f6c8fdd90e998a175f524ce433f57c2a0f054643c26f7489acaf92cdf047b
  • kernel-debug-modules-extra-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:04098b172da82822e2cdc8f05ee278cb053948c8a401c63b41567c521d26b035
  • kernel-debug-modules-internal-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:1e97e3a0ddcf97151091f13689bf9b4658527166f412399da11c1f9741656f4f
  • kernel-devel-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:13575681864d5af9fc1f5e3b35942942c350cf88bee5ab16e0fb7f2c36f5df85
  • kernel-headers-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:dfa9c68804cbbc1c84bda217d5842b221f4bf13e163aaadd8153dac151dc9b53
  • kernel-ipaclones-internal-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:b7af26ebe8948e5fd28eb4586f473313322274b9f8114f8a4564230ffd8386c1
  • kernel-modules-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:d14ae082f41b209d18e2040c0429624f8b8d5d754f825648d1114720c9709b78
  • kernel-modules-extra-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:fd2b37b243fb662019010284aa3f6257575c3c00f0ae58ec4d43a12eaffbdca5
  • kernel-modules-internal-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:1366a5d5befb93735ccb187b7c0c85435bec619c9357d1c28874a21eade4d6d2
  • kernel-selftests-internal-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:7e5958f1fb8bf50bdaaa7552acd0d831f334737c918eba5b4fd729696aa31ad6
  • kernel-tools-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:c16ceecc9482bb805f9c76f20041373eba2622a46756bd0997378c707dff9785
  • kernel-tools-libs-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:835518e940cd78b078725714443af05f15bcd9a36c3f96fc8e8962abbe1a8292
  • kernel-tools-libs-devel-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:8da0d982d183b7d2c255d69736956ed3c708776e83ab8c921cb9233b0e22caa9
  • perf-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:034a8123b60ddac86a88d76b4affc1351de893f53675b5ae1446d2f8eda66912
  • python3-perf-4.18.0-348.7.1.el8_5.tuxcare.els34.x86_64.rpm
    sha:0c985cae96feec5bc75370f87b1fc5bf28e776515782877ac0296ab76cf77ea3
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.