CLSA-2026-1771077729

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1771077729
Upstream
Published
2026-02-14T14:02:12Z
Modified
2026-06-01T00:33:23.283426218Z
Summary
kernel: Fix of 107 CVEs
Details
  • net/ieee802154: don't warn zero-sized raw_sendmsg() {CVE-2022-50706}
  • bpf: Don't redirect packets with invalid pkt_len {CVE-2022-49975}
  • media: uvcvideo: Fix 1-byte out-of-bounds read in uvcparseformat() {CVE-2025-38680}
  • ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network {CVE-2022-49865}
  • scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow() {CVE-2023-53676}
  • ring-buffer: Fix deadloop issue on reading trace_pipe {CVE-2023-53668}
  • binfmtmisc: fix shift-out-of-bounds in checkspecial_flags {CVE-2022-50497}
  • ALSA: usb-audio: Fix potential overflow of PCM transfer buffer {CVE-2025-40269}
  • NFSv4/pNFS: Clear NFSINOLAYOUTCOMMIT in pnfsmarklayoutstateidinvalid {CVE-2025-68349}
  • pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574}
  • lib: cpu_rmap: Avoid use after free on rmap->obj array entries {CVE-2023-53484}
  • ipv6: reject malicious packets in ipv6gsosegment() {CVE-2025-38572}
  • fbdev: fix potential buffer overflow in doregisterframebuffer() {CVE-2025-38702}
  • i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853}
  • fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691}
  • wifi: iwlwifi: mvm: fix double listadd at iwlmvmmacwaketxqueue {CVE-2022-50164}
  • mptcp: fix race condition in mptcpschedulework() {CVE-2025-40258}
  • fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322}
  • smb: client: Fix use-after-free in cifsfilldirent {CVE-2025-38051}
  • net: atm: fix /proc/net/atm/lec handling {CVE-2025-38180}
  • HID: intel-ish-hid: ipc: Fix potential use-after-free in work function {CVE-2023-53039}
  • Bluetooth: L2CAP: Fix use-after-free {CVE-2023-53305}
  • wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work {CVE-2025-39863}
  • sched, cpuset: Fix dlcpubusy() panic due to empty cs->cpus_allowed {CVE-2022-50103}
  • nfsd: handle getclientlocked() failure in nfsd4setclientidconfirm() {CVE-2025-38724}
  • xfrm: Duplicate SPI Handling {CVE-2025-39797}
  • scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input {CVE-2022-50030}
  • net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent {CVE-2022-48883}
  • net/mlx5e: Move representor neigh cleanup to profile cleanup_tx {CVE-2023-54148}
  • dm raid: fix address sanitizer warning in raid_resume {CVE-2022-50085}
  • Squashfs: check the inode number is not the invalid value of zero {CVE-2024-26982}
  • ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() {CVE-2022-50050}
  • platform/x86: wmi: Fix opening of char device {CVE-2023-52864}
  • nfs: fix UAF in direct writes {CVE-2024-26958}
  • iomap: iomap: fix memory corruption when recording errors during writeback {CVE-2022-50406}
  • drm/amdkfd: Fix an illegal memory access {CVE-2023-53090}
  • HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556}
  • scsi: target: Fix WRITE_SAME No Data Buffer crash {CVE-2022-21546}
  • ALSA: pcm: Fix potential data race at PCM memory allocation helpers {CVE-2023-54072}
  • drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes {CVE-2023-53077}
  • net: bridge: use DEVSTATSINC() {CVE-2023-52578}
  • i40e: fix idx validation in config queues msg {CVE-2025-39971}
  • loop: Fix use-after-free issues {CVE-2023-53111}
  • fs: prevent out-of-bounds array speculation when closing a file descriptor {CVE-2023-53117}
  • media: rc: fix races with imon_disconnect() {CVE-2025-39993}
  • fbcon: Make sure modelist not set on unregistered console {CVE-2025-38198}
  • vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248}
  • Bluetooth: hci_event: call disconnect callback before deleting conn {CVE-2023-53673}
  • wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9khtctxstatus() {CVE-2023-52594}
  • pid: take a reference when initializing cad_pid {CVE-2021-47118}
  • net: ppp: Add bound checking for skb data on pppsynctxmung {CVE-2025-37749}
  • iommu/amd: Fix potential buffer overflow in parseivrsacpihid {CVE-2025-37927}
  • tracing: Fix oob write in traceseqto_buffer() {CVE-2025-37923}
  • jbd2: remove wrong sb->s_sequence check {CVE-2025-37839}
  • netsched: hfsc: Fix a potential UAF in hfscdequeue() too {CVE-2025-37823}
  • ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729}
  • libceph: fix potential use-after-free in havemonandosdmap() {CVE-2025-68285}
  • mac802154: fix llsec key resources release in mac802154llseckey_del {CVE-2024-26961}
  • bonding: Fix out-of-bounds read in bondoptionarpiptargets_set() {CVE-2024-39487}
  • net/mlx5: Discard command completions in internal error {CVE-2024-38555}
  • firewire: net: fix use after free in fwnetfinishincoming_packet() {CVE-2023-53432}
  • tracing: Fix wild-memory-access in registersynthevent() {CVE-2022-49799}
  • i2c: i801: Don't generate an interrupt on bus reset {CVE-2021-47153}
  • mlxsw: spectrumacltcam: Fix possible use-after-free during activity update {CVE-2024-35855}
  • SUNRPC: Fix UAF in svctcplistendataready() {CVE-2023-52885}
  • scsi: qedi: Fix crash while reading debugfs attribute {CVE-2024-40978}
  • kobjectuevent: Fix OOB access within zapmodalias_env() {CVE-2024-42292}
  • RDMA/srpt: Do not register event handler until srpt device is fully setup {CVE-2024-26872}
  • ipv6: Fix infinite recursion in fib6dumpdone(). {CVE-2024-35886}
  • iommu/vt-d: avoid invalid memory access via nodeonline(NUMANO_NODE) {CVE-2022-50093}
  • drm/shmem-helper: Remove another errant put in error path {CVE-2023-53084}
  • wifi: mac80211: Fix UAF in ieee80211scanrx() {CVE-2022-49934}
  • drm/radeon: fix potential buffer overflow in nisetmcspecialregisters() {CVE-2022-50185}
  • ext4: fix undefined behavior in bit shift for ext4checkflag_values {CVE-2022-50403}
  • wifi: rtlwifi: Fix global-out-of-bounds bug in rtl8812aephysettxpower_limit() {CVE-2022-50279}
  • ftrace: Fix UAF when lookup kallsym after ftrace disabled {CVE-2025-38346}
  • nbd: fix incomplete validation of ioctl arg {CVE-2023-53513}
  • atm: Release atmdevmutex after removing procfs in atmdevderegister(). {CVE-2025-38245}
  • net: atm: add lec_mutex {CVE-2025-38323}
  • wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157}
  • netlink: prevent potential spectre v1 gadgets {CVE-2023-53000}
  • net: mdio: fix undefined behavior in bit shift for _mdiobusregister {CVE-2022-49907}
  • be2net: Fix buffer overflow in begetmodule_eeprom {CVE-2022-49581}
  • isofs: Prevent the use of too small fid {CVE-2025-37780}
  • ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping {CVE-2025-40154}
  • drm/vmwgfx: Validate command header size against SVGACMDMAX_DATASIZE {CVE-2025-40277}
  • drm/amd/display: Check pipe offset before setting vblank {CVE-2024-42120}
  • dm raid: fix accesses beyond end of raid member array {CVE-2022-49674}
  • ftrace: Fix invalid address access in lookup_rec() when index is 0 {CVE-2023-53075}
  • usbnet: Fix linkwatch use-after-free on disconnect {CVE-2022-50220}
  • wifi: cfg80211: Fix use after free for wext {CVE-2023-53153}
  • igb: Do not free q_vector unless new one was allocated {CVE-2022-50252}
  • tcp: Clear tcpsk(sk)->fastopenrsk in tcp_disconnect(). {CVE-2025-39955}
  • ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212}
  • vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403}
  • RDMA/rxe: Fix slab-use-after-free Read in rxequeuecleanup bug {CVE-2025-38024}
  • Squashfs: check return result of sbminblocksize {CVE-2025-38415}
  • VMCI: check context->notifypage after call to getuserpagesfast() to avoid GPF {CVE-2023-53259}
  • scsi: lpfc: Prevent lpfcdebugfslockstat_write() buffer overflow {CVE-2023-54102}
  • net/mlx5: Devcom, fix error flow in mlx5devcomregister_device {CVE-2023-54015}
  • perf/core: Bail out early if the request AUX area is out of bound {CVE-2023-52835}
  • r8169: Fix possible ring buffer corruption on fragmented Tx packets. {CVE-2024-38586}
  • sctp: handle the error returned from sctpauthasocinitactive_key {CVE-2022-50243}
  • net: openvswitch: Fix Use-After-Free in ovsctexit {CVE-2024-27395}
  • media: gspca: cpia1: shift-out-of-bounds in set_flicker {CVE-2023-52764}
  • stm class: Fix a double free in stmregisterdevice() {CVE-2024-38627}
  • leds: trigger: Unregister sysfs attributes before calling deactivate() {CVE-2024-43830}
References

Affected packages

TuxCare:CentOS:8.5
bpftool

Package

Name
bpftool
Purl
pkg:rpm/tuxcare/bpftool?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel

Package

Name
kernel
Purl
pkg:rpm/tuxcare/kernel?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-core

Package

Name
kernel-core
Purl
pkg:rpm/tuxcare/kernel-core?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-cross-headers

Package

Name
kernel-cross-headers
Purl
pkg:rpm/tuxcare/kernel-cross-headers?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-debug

Package

Name
kernel-debug
Purl
pkg:rpm/tuxcare/kernel-debug?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-debug-core

Package

Name
kernel-debug-core
Purl
pkg:rpm/tuxcare/kernel-debug-core?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-debug-devel

Package

Name
kernel-debug-devel
Purl
pkg:rpm/tuxcare/kernel-debug-devel?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-debug-modules

Package

Name
kernel-debug-modules
Purl
pkg:rpm/tuxcare/kernel-debug-modules?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-debug-modules-extra

Package

Name
kernel-debug-modules-extra
Purl
pkg:rpm/tuxcare/kernel-debug-modules-extra?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-debug-modules-internal

Package

Name
kernel-debug-modules-internal
Purl
pkg:rpm/tuxcare/kernel-debug-modules-internal?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-devel

Package

Name
kernel-devel
Purl
pkg:rpm/tuxcare/kernel-devel?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-headers

Package

Name
kernel-headers
Purl
pkg:rpm/tuxcare/kernel-headers?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-ipaclones-internal

Package

Name
kernel-ipaclones-internal
Purl
pkg:rpm/tuxcare/kernel-ipaclones-internal?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-modules

Package

Name
kernel-modules
Purl
pkg:rpm/tuxcare/kernel-modules?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-modules-extra

Package

Name
kernel-modules-extra
Purl
pkg:rpm/tuxcare/kernel-modules-extra?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-modules-internal

Package

Name
kernel-modules-internal
Purl
pkg:rpm/tuxcare/kernel-modules-internal?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-selftests-internal

Package

Name
kernel-selftests-internal
Purl
pkg:rpm/tuxcare/kernel-selftests-internal?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-tools

Package

Name
kernel-tools
Purl
pkg:rpm/tuxcare/kernel-tools?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-tools-libs

Package

Name
kernel-tools-libs
Purl
pkg:rpm/tuxcare/kernel-tools-libs?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
kernel-tools-libs-devel

Package

Name
kernel-tools-libs-devel
Purl
pkg:rpm/tuxcare/kernel-tools-libs-devel?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
perf

Package

Name
perf
Purl
pkg:rpm/tuxcare/perf?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"
python3-perf

Package

Name
python3-perf
Purl
pkg:rpm/tuxcare/python3-perf?distro=centos-8.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-348.7.1.el8_5.tuxcare.els34

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1771077729.json"