CLSA-2026-1775655705

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1775655705.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1775655705
Upstream
Published
2026-04-08T13:41:49Z
Modified
2026-05-29T01:36:35.956464946Z
Summary
kernel-uek: Fix of 34 CVEs
Details
  • ALSA: usb-audio: Fix use-after-free in sndusbmixer_free() {CVE-2026-23089}
  • HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556}
  • KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory {CVE-2024-50115}
  • KVM: x86: Reset IRTE to host control if new route isn't postable {CVE-2025-37885}
  • NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-43945}
  • NFSv4/pNFS: Clear NFSINOLAYOUTCOMMIT in pnfsmarklayoutstateidinvalid {CVE-2025-68349}
  • Revert "IB/core: Implement clear counters"
  • Revert "IB/mlx5: Implement clear counters"
  • Revert "ib/core: add SETDEVICEOP call for clearhwstats()"
  • Revert "perf/x86: Always store regs->ip in perfcallchainkernel()"
  • Revert "xfrm: destroy xfrm_state synchronously on net exit path"
  • bpf, sockmap: Fix race between element replace and close() {CVE-2024-56664}
  • can: kvaserusb: kvaserusbreadbulk_callback(): fix URB memory leak {CVE-2026-23061}
  • crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec {CVE-2026-23060}
  • crypto: lzo - Fix compression buffer overrun {CVE-2025-38068}
  • drm/amd/pm: fix the Out-of-bounds read warning {CVE-2024-46731}
  • drm/amdgpu: Fix out-of-bounds read of dfv17channelnumber {CVE-2024-46724}
  • drm/amdkfd: amdkfdfreegtt_mem clear the correct pointer {CVE-2024-49991}
  • ext4/jbd2: skip sb flush when EIO happened
  • ext4: save the error code which triggered an
  • fou: remove warn in guegroreceive on unsupported protocol {CVE-2024-44940}
  • fs: proc: inode: delay put_pid() by RCU
  • fs: writeback: fix use-after-free in __markinodedirty() {CVE-2025-39866}
  • genirq/cpuhotplug: Notify about affinity changes breaking the affinity mask
  • io_uring: fix filename leak in __ioopenatprep() {CVE-2025-68814}
  • jbd2: store more accurate errno in superblock
  • libceph: fix potential use-after-free in havemonandosdmap() {CVE-2025-68285}
  • libceph: make freechoosearg_map() resilient to partial allocation {CVE-2026-22991}
  • macvlan: Add nodst option to macvlan type source
  • macvlan: Use 'hash' iterators to simplify code
  • macvlan: fix error recovery in macvlancommonnewlink() {CVE-2026-23209}
  • macvlan: fix possible UAF in macvlanforwardsource() {CVE-2026-23001}
  • macvlan: observe an RCU grace period in macvlancommonnewlink() error path {CVE-2026-23273}
  • media: xc2028: avoid use-after-free in loadfirmwarecb() {CVE-2024-43900}
  • mm: call the securitymmapfile() LSM hook in remapfilepages() {CVE-2024-47745}
  • net/sched: schqfq: do not free existing class in qfqchange_class() {CVE-2026-22999}
  • net: sock: fix hardened usercopy panic in sockrecverrqueue {CVE-2026-22977}
  • net: usb: rtl8150: fix memory leak on usbsubmiturb() failure {CVE-2025-71154}
  • rds: Add state field to RDS trace logs.
  • rds: Drop rds conn in connect worker if not in down state.
  • scsi: mpi3mr: Sanitise num_phys {CVE-2024-42159}
  • scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount() {CVE-2026-23193}
  • tty: ngsm: Fix use-after-free in gsmcleanup_mux {CVE-2024-50073}
  • usb: core: config: Prevent OOB read in SS endpoint companion parsing {CVE-2025-39760}
  • vhost-scsi: Fix handling of multiple calls to vhostscsiset_endpoint {CVE-2025-22083}
  • wifi: iwlwifi: mvm: check n_ssids before accessing the ssids {CVE-2024-40929}
  • xfrm: also call xfrmstatedelete_tunnel at destroy time for states that were never added {CVE-2025-40256}
  • xfrm: delete x->tunnel as we delete x {CVE-2025-40215}
  • xfrm: flush all states in xfrmstatefini
References

Affected packages