CLSA-2026-1772815097

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1772815097
Upstream
Published
2026-03-06T16:38:21Z
Modified
2026-06-04T10:03:15.492301917Z
Summary
Fix of 72 CVEs
Details
  • CVE-2025-38699
    • scsi: bfa: Double-free fix {CVE-2025-38699}
  • CVE-2025-38697
    • jfs: upper bound check of tree index in dbAllocAG {CVE-2025-38697}
  • CVE-2025-39823
    • KVM: x86: use arrayindexnospec with indices that come from guest {CVE-2025-39823}
  • CVE-2025-39689
    • ftrace: Also allocate and copy hash for reading of filter files {CVE-2025-39689}
  • CVE-2025-39749
    • rcu: Protect ->deferqsiw_pending from data race {CVE-2025-39749}
  • CVE-2025-38728
    • smb3: fix for slab out of bounds on mount to ksmbd {CVE-2025-38728}
  • CVE-2025-38676
    • iommu/amd: Avoid stack buffer overflow from kernel cmdline {CVE-2025-38676}
  • CVE-2025-38574
    • pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574}
  • CVE-2025-38572
    • ipv6: reject malicious packets in ipv6gsosegment() {CVE-2025-38572}
  • CVE-2025-38685
    • fbdev: Fix vmalloc out-of-bounds write in fast_imageblit {CVE-2025-38685}
  • CVE-2025-38563
    • vmops: rename .split() callback to .maysplit() {CVE-2025-38563}
    • perf/core: Prevent VMA split of buffer mappings {CVE-2025-38563}
  • CVE-2025-38702
    • fbdev: fix potential buffer overflow in doregisterframebuffer() {CVE-2025-38702}
  • CVE-2025-39911
    • i40e: fix IRQ freeing in i40evsirequestirqmsix error path {CVE-2025-39911}
  • CVE-2025-39971
    • i40e: fix idx validation in config queues msg {CVE-2025-39971}
  • CVE-2025-40154
    • ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping {CVE-2025-40154}
  • CVE-2025-39973
    • i40e: increase max descriptors for XL710 {CVE-2025-39973}
    • i40e: add validation for ring_len param {CVE-2025-39973}
  • CVE-2022-49026
    • e100: Fix possible use after free in e100xmitprepare {CVE-2022-49026}
  • CVE-2025-38724
    • nfsd: handle getclientlocked() failure in nfsd4setclientidconfirm() {CVE-2025-38724}
  • CVE-2025-39853
    • i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853}
  • CVE-2025-39860
    • Bluetooth: Fix use-after-free in l2capsockcleanup_listen() {CVE-2025-39860}
  • CVE-2025-39891
    • wifi: mwifiex: Initialize the chan_stats array to zero {CVE-2025-39891}
  • CVE-2025-38530
    • comedi: pcl812: Fix bit shift out of bounds {CVE-2025-38530}
  • CVE-2025-38529
    • comedi: aioiiro16: Fix bit shift out of bounds {CVE-2025-38529}
  • CVE-2025-38497
    • usb: gadget: configfs: Fix OOB read on empty string write {CVE-2025-38497}
  • CVE-2025-38483
    • comedi: das16m1: Fix bit shift out of bounds {CVE-2025-38483}
  • CVE-2025-38482
    • comedi: das6402: Fix bit shift out of bounds {CVE-2025-38482}
  • CVE-2025-39702
    • ipv6: sr: Fix MAC comparison to be constant-time {CVE-2025-39702}
  • CVE-2025-39730
    • NFS: Fix filehandle bounds checking in nfsfhto_dentry() {CVE-2025-39730}
  • CVE-2025-39841
    • scsi: lpfc: Fix buffer free/clear order in deferred receive path {CVE-2025-39841}
  • CVE-2025-39817
    • efivarfs: Fix slab-out-of-bounds in efivarfsdcompare {CVE-2025-39817}
  • CVE-2025-38494
    • HID: core: ensure the allocated report buffer can contain the reserved report ID {CVE-2025-38494}
    • HID: core: ensure hidrequest reserves the report ID as the first byte {CVE-2025-38494}
    • HID: core: do not bypass hidhwrawrequest {CVE-2025-38494}
  • CVE-2025-39757
    • ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757}
  • CVE-2025-38527
    • smb: client: fix use-after-free in cifsoplockbreak {CVE-2025-38527}
  • CVE-2023-52854
    • padata: Fix refcnt handling in padatafreeshell() {CVE-2023-52854}
  • CVE-2024-35867
    • smb: client: fix potential UAF in cifsstatsproc_show() {CVE-2024-35867}
  • CVE-2024-50061
    • i3c: master: cdns: Fix use after free vulnerability in cdnsi3cmaster Driver Due to Race Condition {CVE-2024-50061}
  • CVE-2025-39965
    • xfrm: Duplicate SPI Handling {CVE-2025-39965}
  • CVE-2025-22107
    • net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105tabledelete_entry() {CVE-2025-22107}
  • CVE-2025-37928
    • dm-bufio: don't schedule in atomic context {CVE-2025-37928}
  • CVE-2025-37927
    • iommu/amd: Fix potential buffer overflow in parseivrsacpihid {CVE-2025-37927}
  • CVE-2025-37915
    • net_sched: drr: Fix double list add in class with netem as child qdisc {CVE-2025-37915}
  • CVE-2025-37913
    • net_sched: qfq: Fix double list add in class with netem as child qdisc {CVE-2025-37913}
  • CVE-2025-37817
    • mcb: fix a double free bug in chameleonparsegdd() {CVE-2025-37817}
  • CVE-2025-38204
    • jfs: fix array-index-out-of-bounds read in addmissingindices {CVE-2025-38204}
  • CVE-2025-38323
    • net: atm: add lec_mutex {CVE-2025-38323}
  • CVE-2025-38346
    • ftrace: Fix UAF when lookup kallsym after ftrace disabled {CVE-2025-38346}
  • CVE-2025-38348
    • wifi: p54: prevent buffer-overflow in p54rxeeprom_readback() {CVE-2025-38348}
  • CVE-2025-38415
    • Squashfs: check return result of sbminblocksize {CVE-2025-38415}
  • CVE-2025-38416
    • NFC: nci: uart: Set tty->disc_data only in success path {CVE-2025-38416}
  • CVE-2025-38428
    • Input: ims-pcu - check record size in imspcuflash_firmware() {CVE-2025-38428}
  • CVE-2025-38102
    • VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify {CVE-2025-38102}
  • CVE-2025-38245
    • atm: Release atmdevmutex after removing procfs in atmdevderegister(). {CVE-2025-38245}
  • CVE-2025-38249
    • ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3() {CVE-2025-38249}
  • CVE-2025-38377
    • rose: fix dangling neighbour pointers in rosertdevice_down() {CVE-2025-38377}
  • CVE-2025-38389
    • drm/i915/gt: Fix timeline left held on VMA alloc error {CVE-2025-38389}
  • CVE-2025-38395
    • regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods {CVE-2025-38395}
  • CVE-2025-38401
    • mtk-sd: Prevent memory corruption from DMA map failure {CVE-2025-38401}
  • CVE-2025-38445
    • md/raid1: Fix stack memory use after return in raid1_reshape {CVE-2025-38445}
  • CVE-2025-38459
    • atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459}
  • CVE-2025-39863
    • wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work {CVE-2025-39863}
  • CVE-2025-38068
    • crypto: lzo - Fix compression buffer overrun {CVE-2025-38068}
  • CVE-2025-21726
    • padata: avoid UAF for reorder_work {CVE-2025-21726}
  • CVE-2025-39760
    • usb: core: config: Prevent OOB read in SS endpoint companion parsing {CVE-2025-39760}
  • CVE-2022-49698
    • netfilter: use getrandomu32 instead of prandom {CVE-2022-49698}
  • CVE-2025-38198
    • fbcon: Introduce wrapper for console->fb_info lookup {CVE-2025-38198}
    • fbcon: Make sure modelist not set on unregistered console {CVE-2025-38198}
  • CVE-2025-38422
    • net: lan743x: Add support for 4 Tx queues {CVE-2025-38422}
    • net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices {CVE-2025-38422}
    • net: lan743x: Add PCI11010 / PCI11414 device IDs {CVE-2025-38422}
  • CVE-2025-38375
    • virtio-net: ensure the received length does not exceed allocated size {CVE-2025-38375}
  • CVE-2025-39901
    • i40e: remove read access to debugfs files {CVE-2025-39901}
  • CVE-2025-39810
    • bnxt_en: Fix memory corruption when FW resources change during ifdown {CVE-2025-39810}
  • CVE-2025-39905
    • net: phylink: add lock for serializing concurrent pl->phydev writes with resolver {CVE-2025-39905}
  • CVE-2025-39993
    • media: imon: reorganize serialization {CVE-2025-39993}
    • media: rc: fix races with imon_disconnect() {CVE-2025-39993}
  • CVE-2025-39883
    • mm/memory-failure: fix VMBUGON_PAGE(PagePoisoned(page)) when unpoison memory {CVE-2025-39883}
  • Miscellaneous upstream changes
    • net: atm: fix /proc/net/atm/lec handling {CVE-2025-38323}
References

Affected packages

TuxCare:Ubuntu:20.04
linux-buildinfo-5.4.0-225-tuxcare.els7-generic

Package

Name
linux-buildinfo-5.4.0-225-tuxcare.els7-generic
Purl
pkg:deb/tuxcare/linux-buildinfo-5.4.0-225-tuxcare.els7-generic?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-buildinfo-5.4.0-225-tuxcare.els7-lowlatency

Package

Name
linux-buildinfo-5.4.0-225-tuxcare.els7-lowlatency
Purl
pkg:deb/tuxcare/linux-buildinfo-5.4.0-225-tuxcare.els7-lowlatency?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-cloud-tools-5.4.0-225-tuxcare.els7

Package

Name
linux-cloud-tools-5.4.0-225-tuxcare.els7
Purl
pkg:deb/tuxcare/linux-cloud-tools-5.4.0-225-tuxcare.els7?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-cloud-tools-5.4.0-225-tuxcare.els7-generic

Package

Name
linux-cloud-tools-5.4.0-225-tuxcare.els7-generic
Purl
pkg:deb/tuxcare/linux-cloud-tools-5.4.0-225-tuxcare.els7-generic?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-cloud-tools-5.4.0-225-tuxcare.els7-lowlatency

Package

Name
linux-cloud-tools-5.4.0-225-tuxcare.els7-lowlatency
Purl
pkg:deb/tuxcare/linux-cloud-tools-5.4.0-225-tuxcare.els7-lowlatency?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-cloud-tools-common

Package

Name
linux-cloud-tools-common
Purl
pkg:deb/tuxcare/linux-cloud-tools-common?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-doc

Package

Name
linux-doc
Purl
pkg:deb/tuxcare/linux-doc?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-headers-5.4.0-225-tuxcare.els7

Package

Name
linux-headers-5.4.0-225-tuxcare.els7
Purl
pkg:deb/tuxcare/linux-headers-5.4.0-225-tuxcare.els7?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-headers-5.4.0-225-tuxcare.els7-generic

Package

Name
linux-headers-5.4.0-225-tuxcare.els7-generic
Purl
pkg:deb/tuxcare/linux-headers-5.4.0-225-tuxcare.els7-generic?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-headers-5.4.0-225-tuxcare.els7-lowlatency

Package

Name
linux-headers-5.4.0-225-tuxcare.els7-lowlatency
Purl
pkg:deb/tuxcare/linux-headers-5.4.0-225-tuxcare.els7-lowlatency?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-image-unsigned-5.4.0-225-tuxcare.els7-generic

Package

Name
linux-image-unsigned-5.4.0-225-tuxcare.els7-generic
Purl
pkg:deb/tuxcare/linux-image-unsigned-5.4.0-225-tuxcare.els7-generic?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-image-unsigned-5.4.0-225-tuxcare.els7-lowlatency

Package

Name
linux-image-unsigned-5.4.0-225-tuxcare.els7-lowlatency
Purl
pkg:deb/tuxcare/linux-image-unsigned-5.4.0-225-tuxcare.els7-lowlatency?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-libc-dev

Package

Name
linux-libc-dev
Purl
pkg:deb/tuxcare/linux-libc-dev?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-modules-5.4.0-225-tuxcare.els7-generic

Package

Name
linux-modules-5.4.0-225-tuxcare.els7-generic
Purl
pkg:deb/tuxcare/linux-modules-5.4.0-225-tuxcare.els7-generic?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-modules-5.4.0-225-tuxcare.els7-lowlatency

Package

Name
linux-modules-5.4.0-225-tuxcare.els7-lowlatency
Purl
pkg:deb/tuxcare/linux-modules-5.4.0-225-tuxcare.els7-lowlatency?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-modules-extra-5.4.0-225-tuxcare.els7-generic

Package

Name
linux-modules-extra-5.4.0-225-tuxcare.els7-generic
Purl
pkg:deb/tuxcare/linux-modules-extra-5.4.0-225-tuxcare.els7-generic?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-source-5.4.0

Package

Name
linux-source-5.4.0
Purl
pkg:deb/tuxcare/linux-source-5.4.0?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-tools-5.4.0-225-tuxcare.els7

Package

Name
linux-tools-5.4.0-225-tuxcare.els7
Purl
pkg:deb/tuxcare/linux-tools-5.4.0-225-tuxcare.els7?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-tools-5.4.0-225-tuxcare.els7-generic

Package

Name
linux-tools-5.4.0-225-tuxcare.els7-generic
Purl
pkg:deb/tuxcare/linux-tools-5.4.0-225-tuxcare.els7-generic?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-tools-5.4.0-225-tuxcare.els7-lowlatency

Package

Name
linux-tools-5.4.0-225-tuxcare.els7-lowlatency
Purl
pkg:deb/tuxcare/linux-tools-5.4.0-225-tuxcare.els7-lowlatency?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-tools-common

Package

Name
linux-tools-common
Purl
pkg:deb/tuxcare/linux-tools-common?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"
linux-tools-host

Package

Name
linux-tools-host
Purl
pkg:deb/tuxcare/linux-tools-host?distro=ubuntu-20.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.0-225.245

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1772815097.json"