[CLSA-2025:1766488019] kernel: Fix of 63 CVEs
Type:
security
Severity:
Important
Release date:
2025-12-23 11:07:03 UTC
Description:
- scsi: target: iscsi: Fix timeout on deleted connection {CVE-2025-38075} - tls: wait for pending async decryptions if tls_strp_msg_hold fails {CVE-2025-40176} - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns {CVE-2025-38499} - rcu: Fix rcu_read_unlock() deadloop due to IRQ work {CVE-2025-39744} - page_pool: Fix use-after-free in page_pool_recycle_in_ring {CVE-2025-38129} - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access {CVE-2025-38704} - bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors {CVE-2024-56675} - padata: Fix pd UAF once and for all {CVE-2025-38584} - padata: do not leak refcount in reorder_work {CVE-2025-38031} - Bluetooth: MGMT: Fix possible UAFs {CVE-2025-39981} - Bluetooth: MGMT: Protect mgmt_pending list with its own lock {CVE-2025-38117} - Bluetooth: MGMT: Remove unused mgmt_pending_find_data - Bluetooth: MGMT: set_mesh: update LE scan interval and window - Bluetooth: hci_sync: fix set_local_name race condition {CVE-2025-39797} - xfrm: Duplicate SPI Handling {CVE-2025-39797} - kernfs: Fix UAF in polling when open file is released {CVE-2025-39881} - OPP: add index check to assert to avoid buffer overflow in _read_freq() {CVE-2024-57998} - block: fix uaf for flush rq while iterating tags {CVE-2024-58072} {CVE-2024-53170} - wifi: rtlwifi: remove unused check_buddy_priv {CVE-2024-58072} - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() {CVE-2024-58014} - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() {CVE-2025-21631} - net: af_can: do not leave a dangling sk pointer in can_create() {CVE-2024-40954} - Squashfs: sanity check symbolic link size {CVE-2024-46744} - e1000e: fix heap overflow in e1000_set_eeprom {CVE-2025-39898} - wifi: cfg80211: fix use-after-free in cmp_bss() {CVE-2025-39864} - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() {CVE-2025-38724} - i40e: fix idx validation in config queues msg {CVE-2025-39971} - NFS: Fix a race when updating an existing write {CVE-2025-39697} - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). {CVE-2025-39955} - wifi: mt76: fix linked list corruption {CVE-2025-39918} - io_uring/waitid: always prune wait queue entry in io_waitid_wait() {CVE-2025-40047} - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync {CVE-2025-39982} - workqueue: Put the pwq after detaching the rescuer from the pool {CVE-2025-21786} - zram: fix potential UAF of zram table {CVE-2025-21671} - sched: sch_cake: add bounds checks to host bulk flow fairness counts {CVE-2025-21647} - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() {CVE-2024-57990} - blk-cgroup: Fix UAF in blkcg_unpin_online() {CVE-2024-56672} - NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() {CVE-2024-54456} - nfsd: release svc_expkey/svc_export with rcu_work {CVE-2024-53216} - igb: Fix potential invalid memory access in igb_init_module() {CVE-2024-52332} - x86/tdx: Fix "in-kernel MMIO" check {CVE-2024-47727} - drm/amd/display: Check dce_hwseq before dereferencing it {CVE-2025-38361} - dm-bufio: don't schedule in atomic context {CVE-2025-37928} - usb: xhci: Fix isochronous Ring Underrun/Overrun event handling {CVE-2025-37882} - KVM: arm64: Tear down vGIC on failed vCPU creation {CVE-2025-37849} - usb: xhci: Apply the link chain quirk on NEC isoc endpoints {CVE-2025-22022} - drm/amd/display: Fix out-of-bound accesses {CVE-2025-21985} - usb: cdc-acm: Check control transfer buffer size before access {CVE-2025-21704} - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 {CVE-2025-21702} - partitions: mac: fix handling of bogus partition table {CVE-2025-21772} - ipmr: do not call mr_mfc_uses_dev() for unres entries {CVE-2025-21719} - net: openvswitch: fix nested key length validation in the set() action {CVE-2025-37789} - isofs: Prevent the use of too small fid {CVE-2025-37780} - sctp: detect and prevent references to a freed transport in sendmsg {CVE-2025-23142} - iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid {CVE-2025-37927} - tracing: Fix oob write in trace_seq_to_buffer() {CVE-2025-37923} - KVM: x86: Reset IRTE to host control if *new* route isn't postable {CVE-2025-37885} - jbd2: remove wrong sb->s_sequence check {CVE-2025-37839} - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() {CVE-2025-37819} - drm/amd/display: Fix slab-use-after-free on hdcp_work {CVE-2025-21968} - netfilter: nft_tunnel: fix geneve_opt type confusion addition {CVE-2025-22056} - io_uring: prevent opcode speculation {CVE-2025-21863} - geneve: Fix use-after-free in geneve_find_dev(). {CVE-2025-21858} - vrf: use RCU protection in l3mdev_l3_out() {CVE-2025-21791} - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() {CVE-2025-21780} - net: sched: fix ets qdisc OOB Indexing {CVE-2025-21692}
Updated packages:
  • kernel-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:c63c765bac335df7234f45e0aaee00914f6aadd8fe67efed83374b054e41f8c9
  • kernel-abi-stablelists-5.14.0-570.62.1.el9_6.tuxcare.1.els1.noarch.rpm
    sha:bab7acadc2d30f18b7e6d6f1e7ea6898a5281e404c0f5ac68ff88a8015921059
  • kernel-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:ef9e7ee6872a51299859543eb8200fc4b9639f44555261da2f05757e463d2d8e
  • kernel-cross-headers-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:3b983fbc3c7bf0f96c69aaf2cb5ebea50994cbf7c39c926367dd627592f7dda6
  • kernel-debug-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:f01fbf90b342acc07bdc8149d208b034d043e267d4a4e3ce175d7966173a14ec
  • kernel-debug-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:33dd5ff669b47802bb52a3a5f0b4c87dc8dc7876a03080f48f652bb26c962163
  • kernel-debug-devel-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:452b30be78f581191c7b1b168c0dfd0bb70953f3f86378ce683ccdee7ef950e5
  • kernel-debug-devel-matched-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:e4b4e5c9703c9de1e6ec0215438c3cbb4927cc510d847534ec906e631b276748
  • kernel-debug-modules-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:ab41d9fbece8ce14cd3c41f2f594f0766189626bf27461203ba8111279946aa1
  • kernel-debug-modules-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:654e7f4f3ec453e4bb7b9f68b9403d249ad069940e686f65ee03b72e17427866
  • kernel-debug-modules-extra-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:ff2f5b62a84e7c19c97cd10961f905f2e0a737ab09579fcbbb66b6a631569328
  • kernel-debug-modules-internal-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:c657cdc0e81334d748617073131d26e1e0af4f34d59f9aa1cf598ec066a3bdc9
  • kernel-debug-modules-partner-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:2bb5f6c41963cd0d73ca3d3a15b51dcc0a30430d8bcc0755f1e0b3e3dafa4e1a
  • kernel-debug-uki-virt-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:536e82c79861f1ceb0582b3377927a1dedc8905954f9c80bbc6d3f367ea2f6a3
  • kernel-debug-uki-virt-addons-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:601c137c736ca8ae691c7f9cd4071057dd159956ef2b3adb4493c0b00c263ebd
  • kernel-devel-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:485dc907c6d5a3416d856dbe799e5a569f1cc9f7dead4e94548de57ab33362c5
  • kernel-devel-matched-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:536a87e30f7dfdadf93722c4dee1d6f626511abd33fcf5b82bde76f894e8b889
  • kernel-doc-5.14.0-570.62.1.el9_6.tuxcare.1.els1.noarch.rpm
    sha:9f897ee25b6beaedf864e41918ba43fb1f4027e744a272f706ba3292c2c9fbf9
  • kernel-headers-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:9d8d14d6323e84a8038f760fe87f7c4cffe5b27ed475eb8a00a2f6861ed0e453
  • kernel-ipaclones-internal-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:5e47b676460875fa7efa4425384bb8a1a801d46c8591cc65ba2dbaeb77727fd7
  • kernel-modules-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:03372b4ffc487ac6a33c31089e167d89295521dc5082703522c4d2f956fe1bbf
  • kernel-modules-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:20b151152e1f5c7c549b648785613bf470795d7725d89edcb6b531fa275890b9
  • kernel-modules-extra-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:ea13d345d1a5fb94ececcfddcbc369baa7f4928c43dc63fddd56e306b2545627
  • kernel-modules-internal-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:d0e0d5cd8214b681366d8eb5adc30f21042f17dd960a5dbc42abff7e8a4bc643
  • kernel-modules-partner-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:28d6939fdee0985db0d6e72969f8dbc58cc69ef34cd488034038ed617b5d622a
  • kernel-rt-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:5b5fbbb07429f8f52aae11b93050b2ba68d9520634a184c4d28a06811100a75a
  • kernel-rt-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:c7d02cd642ad9f26575aa0c19ec736edbac80b54cb7a8624dd11f8517d65c9ef
  • kernel-rt-debug-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:22649594831ff33d41813ac2636fe34c2bab5dbc56428dfba8bf6356cc97c796
  • kernel-rt-debug-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:637911548ad1022d4104c0d5b374782078762247229213b0f4b70e600f057609
  • kernel-rt-debug-devel-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:d616540aba7e90a6a5457b980ecb1f5a7d0b369af7de4fbbc44d62c01339f6cb
  • kernel-rt-debug-devel-matched-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:0f2534e8583ff002866e594b1b20add5388e99c84868a96a4d9d44c888838fde
  • kernel-rt-debug-kvm-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:6be50dfbb03906c17775c0a76ec9fd1c3ef38abaff4daa09d8895cd2ad4d441a
  • kernel-rt-debug-modules-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:1102bd262c3ad0314d266faa7adb702e00d93a316a03f95e75c4da5e835fe3d1
  • kernel-rt-debug-modules-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:ccb62b4947b0517f856a88720d533a84c3adcb6162fe43d7fd1e2632eb2d9d34
  • kernel-rt-debug-modules-extra-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:d60a32ebeeaefa6accc1bca68e33313f3403b5b01a66d52dd81efc8ecfa7ca38
  • kernel-rt-debug-modules-internal-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:0c12e354ae42fc0c681234e4c4451851ba6d6c0c1ae7274859e90eb6e21dffe7
  • kernel-rt-debug-modules-partner-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:a9bc831459345d01df7c84a6bdf2bae05d3dc6c9b91da45a87a2a0a167f6fbf5
  • kernel-rt-devel-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:d323ffcfa9bb9c2f32ccbb38ccbb54eeacc3fe6533aee306e1fb98157f385685
  • kernel-rt-devel-matched-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:26b71a5722bd2c12a6589b98d8cd880c3910daf7e7b93450ccceb9726f4714ea
  • kernel-rt-kvm-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:078bdebc963fa9669d1a7b05bd521cc3961dcc5d1e9f4a427affe0bea11a6d82
  • kernel-rt-modules-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:1261b43b910e872073e74e4de8cebb971b6cf02657cc7a890c23ebcc0dfb64d4
  • kernel-rt-modules-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:e4c0466f686b26b29b7b56c65aac33d57f7f65f0f8ce57433ae3412b7fdeca66
  • kernel-rt-modules-extra-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:6aa44cbbcce310bde154be811661da4b4d8344f11c708d734ef77f4f8208cc74
  • kernel-rt-modules-internal-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:6a0062e9d715a0151d258b8e488cab587c9c970f016bb790e2cd7dfd65183156
  • kernel-rt-modules-partner-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:14338920e866392f1d6e4284b9b059aa0856e94f010ebb041d86b49c5fe3e780
  • kernel-selftests-internal-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:1388cd525cd9ad42d35fde8f04a4f1467b60f377ac5e0b86eb45d366b1c5fc6e
  • kernel-tools-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:003f7d229e89eb49d61c618be1d1cf281bcee553001e27806dfdc70f81f2fed3
  • kernel-tools-libs-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:529045a7787a6006b5d807f7038740da1644b208990fb5dafcf7cb34e0ce371a
  • kernel-tools-libs-devel-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:a15c4b2bd6bd4c4a47baa3315731f28cafc3d34ecf25202cd9a5da9f7845adb2
  • kernel-uki-virt-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:3ce5a20bc1e370250b8bc147da8a4d9a963f5d0837ab018a21a94cd3ee6a68fc
  • kernel-uki-virt-addons-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:1c951c47a71d9451a4b4b65349502a8feeccd58d591002df73f2e0d57ddcf6f8
  • libperf-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:c8d003e1458e9355e290bf777bb4a300f0f20aa582812222f4d33461152aed15
  • libperf-devel-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:21d61d8163d53b10568b58226f700188014a733252f0a5ea8e343b41d0c9b683
  • perf-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:c6e24ef2304c0cb61d9a6ea7948146198f26a0ae84f084b22bcff1f8bd8cb628
  • python3-perf-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:68abf42a700bbee0c75d1467a8d178344dafad14201bbbd643e1138362cca773
  • rtla-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:9c508f51f84712f8d2426ded000f5b4568b8a9b706317c4855f9b7a96115a95f
  • rv-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm
    sha:91e48ec01e3deee1c26007984fa3629b5a0a0718923c37cdb4f6acfda1c95449
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.