CLSA-2026-1768775579

scsi: ses: Fix slab-out-of-bounds in sesenclosuredata_process() {CVE-2023-53803}
md/raid1: Fix stack memory use after return in raid1_reshape {CVE-2025-38445}
ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3() {CVE-2025-38249}
atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459}
dm cache: free background tracker's queued work in {CVE-2023-53765}
drm/vmwgfx: Validate the box size for the snooped cursor {CVE-2022-36280,CVE-2022-50440}
vsock: Do not allow binding to VMADDRPORTANY {CVE-2025-38618}
ice: set tx_tstamps when creating new Tx rings via ethtool {CVE-2022-50710}
sctp: avoid NULL dereference when chunk data buffer is {CVE-2025-40240}
ip6vti: fix slab-use-after-free in decodesession6 {CVE-2023-53821}
wifi: mac80211_hwsim: drop short frames {CVE-2023-53321}
ext4: add bounds checking in getmaxinlinexattrvalue_size() {CVE-2023-53285}
md/raid10: fix null-ptr-deref in raid10syncrequest {CVE-2023-53832}
dm flakey: fix a crash with invalid table line {CVE-2023-53786}
wifi: mt7601u: fix an integer underflow {CVE-2023-53679}
ext4: fix bug_on in __estreesearch caused by bad boot loader inode {CVE-2022-50638}
ext4: add EXT4IGETBAD flag to prevent unexpected bad inode
ext4: add helper to check quota inums
ext4: fix bug_on in __estreesearch caused by bad quota inode
quota: Factor out setup of quota inode
USB: usbtmc: Fix direction for 0-length ioctl control messages {CVE-2023-53761}
ACPICA: Add AMLNOOPERAND_RESOLVE flag to Timer {CVE-2023-53395}
drm/amd/display: Check numvalidsets before accessing readerwmsets[] {CVE-2024-46815}
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition {CVE-2023-1989}
nvmet: avoid potential UAF in nvmetreqcomplete() {CVE-2023-53116}
wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmfcpreinit_dcmds() {CVE-2022-50258}
dm raid: fix address sanitizer warning in raid_status {CVE-2022-50084}
vt: Clear selection before changing the font {CVE-2022-49948}
ipvs: fix WARNING in ipvsappnetcleanup() {CVE-2022-49917}
capabilities: fix undefined behavior in bit shift for CAPTOMASK {CVE-2022-49870}
ata: libata-transport: fix double atahostput() in atatportadd() {CVE-2022-49826}
ath9khtc: fix potential out of bounds access with invalid rxstatus->rskeyix {CVE-2022-49503}
selinux: Add boundary check in put_entry() {CVE-2022-50200}
rbd: avoid use-after-free in dorbdadd() when rbddevcreate() fails {CVE-2023-53307}
RDMA/mlx5: Return the firmware result upon destroying QP/RQ {CVE-2023-53286}
sched/fair: Don't balance task to its current running CPU {CVE-2023-53215}
powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue {CVE-2022-50366}
ACPI: tables: FPDT: Don't call acpiosmap_memory() on invalid phys address {CVE-2022-50320}
wifi: ath9k: Fix use-after-free in ath9khifusb_disconnect() {CVE-2022-50881}
slcan: Don't transmit uninitialized stack data in padding {CVE-2020-11494}
media: dvb-frontends: avoid stack overflow warnings with clang {CVE-2024-27075}
PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free {CVE-2023-53446}
cifs: Fix warning and UAF when destroy the MR list {CVE-2023-53427}
sctp: fix a potential overflow in sctpifwdtsnskip {CVE-2023-53372}
md/raid10: check slab-out-of-bounds in mdbitmapget_counter {CVE-2023-53357}
lwt: Fix return values of BPF xmit ops {CVE-2023-53338}
ubi: ensure that VID header offset + VID header size <= alloc, size {CVE-2023-53265}
ACPICA: Fix use-after-free in acpiutcopyipackageto_ipackage() {CVE-2022-50423}
Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times {CVE-2022-50419}
ACPICA: Fix error code path in acpidscallcontrolmethod() {CVE-2022-50411}
ata: ahci: Match EMMAXSLOTS with SATAPMPMAX_PORTS {CVE-2022-50315}
wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace {CVE-2023-54286}

References

https://errata.tuxcare.com/els_os/centos8.5els/CLSA-2026-1768775579.html

CLSA-2026-1768775579

Affected packages