CLSA-2026-1775224807
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1775224807.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1775224807
- Upstream
- Published
- 2026-04-03T17:49:22Z
- Modified
- 2026-06-04T10:03:46.195886500Z
- Summary
- Fix of 95 CVEs
- Details
-
- CVE-2025-39683
- tracing: Remove unneeded goto out logic {CVE-2025-39683}
- tracing: Limit access to parser->buffer when tracegetuser failed {CVE-2025-39683}
- CVE-2025-38079
- crypto: algifhash - fix double free in hashaccept {CVE-2025-38079}
- CVE-2025-38159
- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds {CVE-2025-38159}
- CVE-2025-38211
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction {CVE-2025-38211}
- CVE-2025-38024
- RDMA/rxe: Fix slab-use-after-free Read in rxequeuecleanup bug {CVE-2025-38024}
- CVE-2025-38103
- HID: hyperv: Correctly access fields declared as _le16 {CVE-2025-38103}
- HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhidparse() {CVE-2025-38103}
- CVE-2025-38157
- wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157}
- CVE-2025-38230
- jfs: add sanity check for agwidth in dbMount {CVE-2025-38230}
- fs/jfs: consolidate sanity checking in dbMount {CVE-2025-38230}
- jfs: validate AG parameters in dbMount() to prevent crashes {CVE-2025-38230}
- CVE-2025-39955
- tcp: Clear tcpsk(sk)->fastopenrsk in tcp_disconnect(). {CVE-2025-39955}
- CVE-2025-38680
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvcparseformat() {CVE-2025-38680}
- CVE-2025-38708
- drbd: add missing krefget in handlewrite_conflicts {CVE-2025-38708}
- CVE-2025-39759
- btrfs: qgroup: introduce quota mode {CVE-2025-39759}
- btrfs: qgroup: fix race between quota disable and quota rescan ioctl {CVE-2025-39759}
- CVE-2025-38666
- net: appletalk: Fix use-after-free in AARP proxy probe {CVE-2025-38666}
- CVE-2025-40269
- ALSA: usb-audio: Improve frames size computation {CVE-2025-40269}
- ALSA: usb-audio: Replace s/frame/packet/ where appropriate {CVE-2025-40269}
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer {CVE-2025-40269}
- CVE-2025-40149
- net: netdevice: Add operation ndoskgetlowerdev {CVE-2025-40149}
- net/tls: Device offload to use lowest netdevice in chain {CVE-2025-40149}
- tls: Use _skdstget() and dstdevrcu() in getnetdevforsock(). {CVE-2025-40149}
- CVE-2025-71089
- iommu: disable SVA when CONFIG_X86 is set {CVE-2025-71089}
- CVE-2026-23234
- f2fs: fix to avoid UAF in f2fswriteend_io() {CVE-2026-23234}
- CVE-2026-23089
- ALSA: usb-audio: Fix use-after-free in sndusbmixer_free() {CVE-2026-23089}
- CVE-2026-23074
- net/sched: Enforce that teql can only be used as root qdisc {CVE-2026-23074}
- CVE-2026-23061
- can: kvaserusb: kvaserusbreadbulk_callback(): fix URB memory leak {CVE-2026-23061}
- CVE-2026-23060
- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec {CVE-2026-23060}
- CVE-2026-22997
- net: can: j1939: j1939xtprxrtssession_active(): deactivate session upon receiving the second rts {CVE-2026-22997}
- CVE-2026-22991
- libceph: make freechoosearg_map() resilient to partial allocation {CVE-2026-22991}
- CVE-2026-22990
- libceph: replace overzealous BUGON in osdmapapply_incremental() {CVE-2026-22990}
- CVE-2026-22978
- wifi: avoid kernel-infoleak from struct iw_point {CVE-2026-22978}
- CVE-2026-22977
- net: sock: fix hardened usercopy panic in sockrecverrqueue {CVE-2026-22977}
- CVE-2025-71154
- net: usb: rtl8150: fix memory leak on usbsubmiturb() failure {CVE-2025-71154}
- CVE-2025-71085
- ipv6: BUG() in pskbexpandhead() as part of calipsoskbuffsetattr() {CVE-2025-71085}
- CVE-2025-68734
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() {CVE-2025-68734}
- CVE-2025-68349
- NFSv4/pNFS: Clear NFSINOLAYOUTCOMMIT in pnfsmarklayoutstateidinvalid {CVE-2025-68349}
- CVE-2025-68340
- team: Move team device type change at the end of teamportadd {CVE-2025-68340}
- CVE-2025-68325
- net/sched: schcake: Fix incorrect qlen reduction in cakedrop {CVE-2025-68325}
- CVE-2025-68287
- usb: dwc3: Fix race condition between concurrent dwc3removerequests() call paths {CVE-2025-68287}
- CVE-2025-68285
- libceph: fix potential use-after-free in havemonandosdmap() {CVE-2025-68285}
- CVE-2025-68241
- ipv4: route: Prevent rtbindexception() from rebinding stale fnhe {CVE-2025-68241}
- CVE-2025-68229
- scsi: target: tcmloop: Fix segfault in tcmlooptpgaddress_show() {CVE-2025-68229}
- CVE-2025-68220
- net: ethernet: ti: netcp: Standardize knavdmaopen_channel to return NULL on error {CVE-2025-68220}
- CVE-2025-68194
- media: imon: make send_packet() more robust {CVE-2025-68194}
- CVE-2025-68192
- net: usb: qmiwwan: initialize MAC header offset in qmimuxrx_fixup {CVE-2025-68192}
- CVE-2025-68185
- nfs4setupreaddir(): insufficient locking for ->dparent->dinode dereferencing {CVE-2025-68185}
- CVE-2025-68168
- jfs: fix uninitialized waitqueue in transaction manager {CVE-2025-68168}
- CVE-2025-40363
- net: ipv6: fix field-spanning memcpy warning in AH output {CVE-2025-40363}
- CVE-2025-40331
- sctp: Prevent TOCTOU out-of-bounds write {CVE-2025-40331}
- CVE-2025-40322
- fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322}
- CVE-2025-40317
- regmap: slimbus: fix bus_context pointer in regmap init calls {CVE-2025-40317}
- CVE-2025-40315
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable. {CVE-2025-40315}
- CVE-2025-40309
- Bluetooth: SCO: Fix UAF on scoconnfree {CVE-2025-40309}
- CVE-2025-40308
- Bluetooth: bcsp: receive data only if registered {CVE-2025-40308}
- CVE-2025-40306
- orangefs: fix xattr related buffer overflow... {CVE-2025-40306}
- CVE-2025-40304
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds {CVE-2025-40304}
- CVE-2025-40283
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF {CVE-2025-40283}
- CVE-2025-40282
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path {CVE-2025-40282}
- CVE-2025-40277
- drm/vmwgfx: Validate command header size against SVGACMDMAX_DATASIZE {CVE-2025-40277}
- CVE-2025-40275
- ALSA: usb-audio: Fix NULL pointer dereference in sndusbmixercontrolsbadd {CVE-2025-40275}
- CVE-2025-40264
- be2net: pass wrb_params in case of OS2BMC {CVE-2025-40264}
- CVE-2025-40263
- Input: croseckeyb - fix an invalid memory access {CVE-2025-40263}
- CVE-2025-40259
- scsi: sg: Do not sleep in atomic context {CVE-2025-40259}
- CVE-2025-40254
- net: openvswitch: remove never-working support for setting nsh fields {CVE-2025-40254}
- CVE-2025-40248
- vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248}
- CVE-2025-40211
- ACPI: video: Fix use-after-free in acpivideoswitch_brightness() {CVE-2025-40211}
- CVE-2025-40106
- comedi: fix divide-by-zero in comedibufmunge() {CVE-2025-40106}
- CVE-2025-40087
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type {CVE-2025-40087}
- CVE-2025-40055
- ocfs2: fix double free in userclusterconnect() {CVE-2025-40055}
- CVE-2025-39945
- cnic: Fix use-after-free bugs in cnicdeletetask {CVE-2025-39945}
- CVE-2025-39738
- btrfs: do proper error handling in createrelocroot {CVE-2025-39738}
- btrfs: do not allow relocation of partially dropped subvolumes {CVE-2025-39738}
- CVE-2025-39685
- comedi: pcl726: Prevent invalid irq number {CVE-2025-39685}
- CVE-2024-46830
- KVM: x86: Acquire kvm->srcu when handling KVMSETVCPU_EVENTS {CVE-2024-46830}
- CVE-2024-41014
- xfs: add bounds checking to xlogrecoverprocess_data {CVE-2024-41014}
- CVE-2025-39866
- fs: writeback: fix use-after-free in __markinodedirty() {CVE-2025-39866}
- CVE-2025-39686
- comedi: Fix some signed shift left operations {CVE-2025-39686}
- comedi: Make insnrwemulate_bits() do insn->n samples {CVE-2025-39686}
- CVE-2025-39766
- net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit {CVE-2025-39766}
- CVE-2025-39828
- net/atm: remove the atmdevops {get, set}sockopt methods {CVE-2025-39828}
- atm: atmtcp: Free invalid length skb in atmtcpcsend(). {CVE-2025-39828}
- atm: Revert atmaccounttx() if copyfromiterfull() fails. {CVE-2025-39828}
- atm: atmtcp: Prevent arbitrary write in atmtcprecvcontrol(). {CVE-2025-39828}
- CVE-2022-49267
- mmc: core: Do not export MMCNAME= and MODALIAS=mmc:block for SDIO cards {CVE-2022-49267}
- mmc: core: Export device/vendor ids from Common CIS for SDIO cards {CVE-2022-49267}
- mmc: sdio: Extend sdioconfigattr macro and use it also for modalias {CVE-2022-49267}
- mmc: sdio: Export SDIO revision and info strings to userspace {CVE-2022-49267}
- mmc: sdio: Parse CISTPLVERS1 major and minor revision numbers {CVE-2022-49267}
- mmc: core: use sysfsemit() instead of sprintf() {CVE-2022-49267}
- CVE-2025-39967
- fbcon: fix integer overflow in fbcondoset_font {CVE-2025-39967}
- CVE-2025-38108
- net_sched: red: fix a race in _redchange() {CVE-2025-38108}
- CVE-2025-38212
- ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212}
- CVE-2025-38403
- vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403}
- CVE-2025-38464
- tipc: Fix use-after-free in tipcconnclose(). {CVE-2025-38464}
- CVE-2025-38555
- usb: gadget : fix use-after-free in compositedevcleanup() {CVE-2025-38555}
- CVE-2025-38652
- f2fs: fix to avoid out-of-boundary access in devs.path {CVE-2025-38652}
- CVE-2025-38677
- f2fs: fix to avoid out-of-boundary access in dnode page {CVE-2025-38677}
- CVE-2025-38713
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() {CVE-2025-38713}
- CVE-2025-38714
- hfsplus: fix slab-out-of-bounds in hfsplusbnoderead() {CVE-2025-38714}
- CVE-2025-38715
- hfs: fix slab-out-of-bounds in hfsbnoderead() {CVE-2025-38715}
- CVE-2025-38729
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729}
- CVE-2025-39691
- fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691}
- CVE-2025-39743
- jfs: truncate good inode pages when hard link is 0 {CVE-2025-39743}
- CVE-2025-39783
- PCI: endpoint: Fix configfs group list head handling {CVE-2025-39783}
- CVE-2025-39824
- HID: asus: fix UAF via HIDCLAIMEDINPUT validation {CVE-2025-39824}
- CVE-2025-39839
- batman-adv: fix OOB read/write in network-coding decode {CVE-2025-39839}
- CVE-2025-39913
- tcpbpf: Call skmsgfree() when tcpbpfsendverdict() fails to allocate psock->cork. {CVE-2025-39913}
- CVE-2025-40240
- sctp: avoid NULL dereference when chunk data buffer is missing {CVE-2025-40240}
- CVE-2025-38004
- can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004}
- Miscellaneous upstream changes
- wifi: wilc1000: avoid buffer overflow in WID string configuration {CVE-2025-39952}
- Revert "dm-bufio: don't schedule in atomic context {CVE-2025-37928}"
- CVE-2025-39683
- References