CLSA-2026-1768663754

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1768663754.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1768663754
Upstream
Published
2026-01-17T15:29:18Z
Modified
2026-05-29T01:36:58.747250009Z
Summary
kernel: Fix of 38 CVEs
Details
  • ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3() {CVE-2025-38249}
  • drm/i915/gt: Fix timeline left held on VMA alloc error {CVE-2025-38389}
  • md/raid1: Fix stack memory use after return in raid1_reshape {CVE-2025-38445}
  • atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459}
  • bpf: Avoid _bpfprogret0warn when jit fails {CVE-2025-38280}
  • ipv6: Fix infinite recursion in fib6dumpdone(). {CVE-2024-35886}
  • netfilter: nf_tables: do not compare internal table flags on updates {CVE-2024-27065}
  • init/main.c: Fix potential staticcommandline memory overflow {CVE-2024-26988}
  • wireguard: netlink: check for dangling peer via is_dead instead of empty list {CVE-2024-26951}
  • platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore() {CVE-2025-38077}
  • exfat: fix double free in delayed_free {CVE-2025-38206}
  • net: openvswitch: Fix the dead loop of MPLS parse {CVE-2025-38146}
  • wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write {CVE-2023-54286}
  • vsock: Do not allow binding to VMADDRPORTANY {CVE-2025-38618}
  • fbcon: Make sure modelist not set on unregistered console {CVE-2025-38198}
  • crypto: lzo - Fix compression buffer overrun {CVE-2025-38068}
  • software node: Correct a OOB check in {CVE-2025-38342}
  • nbd: fix uaf in nbdgenlconnect() error path {CVE-2025-38443}
  • USB: usbtmc: Fix direction for 0-length ioctl control messages {CVE-2023-53761}
  • cifs: fix potential use-after-free bugs in TCPServerInfo::hostname {CVE-2023-53751}
  • cifs: Fix warning and UAF when destroy the MR list {CVE-2023-53427}
  • PCI/ASPM: Fix link state exit during switch upstream function removal {CVE-2024-58093}
  • PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free {CVE-2023-53446}
  • sctp: fix a potential overflow in sctpifwdtsnskip {CVE-2023-53372}
  • md/raid10: fix wrong setting of maxcorrread_errors {CVE-2023-53313}
  • md/raid10: fix overflow of md/safemodedelay
  • md/raid10: check slab-out-of-bounds in mdbitmapget_counter {CVE-2023-53357}
  • lwt: Fix return values of BPF xmit ops {CVE-2023-53338}
  • net: fec: Better handle pmruntimeget() failing in .remove() {CVE-2023-53308}
  • rbd: avoid use-after-free in dorbdadd() when rbddevcreate() fails {CVE-2023-53307}
  • ice: set tx_tstamps when creating new Tx rings via ethtool {CVE-2022-50710}
  • RDMA/mlx5: Return the firmware result upon destroying QP/RQ {CVE-2023-53286}
  • RDMA/mlx5: Handle DCT QP logic separately from low level QP interface
  • net/mlx5e: Use correct encap attribute during invalidation {CVE-2023-54074}
  • net/mlx5: Nullify qp->dbg pointer post destruction
  • scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write {CVE-2023-53282}
  • net: ena: fix shift-out-of-bounds in exponential backoff {CVE-2023-53272}
  • ubi: ensure that VID header offset + VID header size <= alloc, size {CVE-2023-53265}
  • sched/fair: Don't balance task to its current running CPU {CVE-2023-53215}
  • netfilter: allow exp not to be removed in nfctfind_expectation {CVE-2023-52927}
  • wifi: ath9k: Fix use-after-free in ath9khifusb_disconnect() {CVE-2022-50881}
References

Affected packages