CLSA-2025-1738671431

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1738671431.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2025-1738671431
Upstream
Published
2025-02-04T12:17:17Z
Modified
2026-05-29T01:37:26.027592540Z
Summary
kernel: Fix of 43 CVEs
Details
  • smb: client: fix use-after-free of signing key {CVE-2024-53179}
  • smb: client: stop flooding dmesg in smb2calcsignature() {CVE-2024-53179}
  • smb3: fix oops in calculating shash_setkey {CVE-2024-53179}
  • cifs: return correct error in ->calc_signature() {CVE-2024-53179}
  • cifs: secmech: use shash_desc directly, remove sdesc {CVE-2024-53179}
  • cifs: replace kfree() with kfree_sensitive() for sensitive data {CVE-2024-53179}
  • xsk: fix OOB map writes when deleting elements {CVE-2024-56614}
  • hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer {CVE-2024-53103}
  • scsi: sg: Fix slab-use-after-free read in sg_release() {CVE-2024-56631}
  • EDAC/igen6: Avoid segmentation fault on module unload {CVE-2024-56708}
  • acpi: nfit: vmalloc-out-of-bounds Read in acpinfitctl {CVE-2024-56662}
  • net: inet: do not leave a dangling sk pointer in inet_create() {CVE-2024-56601}
  • initramfs: avoid filename buffer overrun {CVE-2024-53142}
  • ALSA: usb-audio: Fix out of bounds reads when finding clock sources {CVE-2024-53150}
  • Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc() {CVE-2024-56604}
  • wifi: ath9k: add range check for connrspepid in htcconnectservice() {CVE-2024-53156}
  • Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2capsockcreate() {CVE-2024-56605}
  • Bluetooth: msft: fix slab-use-after-free in msftdoclose() {CVE-2024-36012}
  • Bluetooth: Fix support for Read Local Supported Codecs V2 {CVE-2024-36012}
  • Bluetooth: hcicodec: Fix leaking content of localcodecs {CVE-2024-36012}
  • blk-cgroup: Fix UAF in blkcgunpinonline() {CVE-2024-56672}
  • net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() {CVE-2024-56602}
  • net: inet6: do not leave a dangling sk pointer in inet6_create() {CVE-2024-56600}
  • NFSv4.0: Fix a use-after-free problem in the asynchronous open() {CVE-2024-53173}
  • net: afcan: do not leave a dangling sk pointer in cancreate() {CVE-2024-56603}
  • drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 {CVE-2023-52818}
  • bpf, sockmap: Fix race between element replace and close() {CVE-2024-56664}
  • ceph: prevent use-after-free in encodecapmsg() {CVE-2024-26689}
  • drm/amd/display: Fix out-of-bounds access in 'dcn21linkencoder_create' {CVE-2024-56608}
  • netfilter: ipset: add missing range check in bitmapipuadt {CVE-2024-53141}
  • HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit {CVE-2023-52519}
  • tipc: Fix use-after-free of kernel socket in cleanup_bearer(). {CVE-2024-56642}
  • cifs: Fix buffer overflow when parsing NFS reparse points {CVE-2024-49996}
  • Input: powermate - fix use-after-free in powermateconfigcomplete {CVE-2023-52475}
  • PM / devfreq: Fix buffer overflow in transstatshow {CVE-2023-52614}
  • PM / devfreq: Rework freq_table to be local to devfreq struct {CVE-2023-52614}
  • cachefiles: fix slab-use-after-free in cachefileswithdrawcookie() {CVE-2024-41057}
  • cachefiles: fix slab-use-after-free in fscachewithdrawvolume() {CVE-2024-41058}
  • [ELSCVE-37480] netfs, fscache: export fscacheputvolume() and add fscachetryget_volume() {CVE-2024-41058}
  • memcg: fix possible use-after-free in memcgwriteevent_control() {CVE-2022-48988}
  • Bluetooth: ISO: Fix UAF on isosocktimeout {CVE-2024-50124}
  • Bluetooth: SCO: Fix UAF on scosocktimeout {CVE-2024-50125}
  • Bluetooth: Fix use-after-free bugs caused by scosocktimeout {CVE-2024-50125}
  • Bluetooth: Consolidate code around sk_alloc into a helper function {CVE-2024-50125}
  • smb: client: fix potential UAF in cifssignalcifsdforreconnect() {CVE-2024-35861}
  • gtp: fix use-after-free and null-ptr-deref in gtpgenldump_pdp() {CVE-2024-26754}
  • smb: client: fix potential UAF in cifsstatsproc_write() {CVE-2024-35868}
  • smb: client: fix potential UAF in cifsdebugfilesprocshow() {CVE-2024-35868}
  • vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans {CVE-2024-50264}
  • net/sched: stop qdisctreereducebacklog on TCH_ROOT {CVE-2024-53057}
  • wifi: iwlwifi: mvm: Fix a memory corruption issue {CVE-2023-52531}
  • x86/alternatives: Disable KASAN in apply_alternatives() {CVE-2023-52504}
  • bpf: Fix out-of-bounds write in triegetnext_key() {CVE-2024-50262}
  • KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory {CVE-2024-50115}
  • media: edia: dvbdev: fix a use-after-free {CVE-2024-27043}
  • media: dvb-core: Fix use-after-free due to race at dvbregisterdevice() {CVE-2024-27043}
  • media: dvbdev: fix build warning due to comments {CVE-2024-27043}
  • media: dvbdev: adopts refcnt to avoid UAF {CVE-2024-27043}
  • spec: '--with lts' to create packages with '-lts' suffix ('kernel-lts')
References

Affected packages