CLSA-2026-1777614651
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1777614651
- Upstream
- Published
- 2026-05-01T09:25:18Z
- Modified
- 2026-06-01T00:33:13.053543760Z
- Summary
- kernel: Fix of 52 CVEs
- Details
-
- crypto: algif_aead - Fix minimum RX size check for decryption
- crypto: afalg - Fix page reassignment overflow in afalgpulltsgl
- crypto: authencesn - Fix src offset when decrypting in-place
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
- crypto: authenc - use memcpy_sglist() instead of null skcipher
- crypto: algif_aead - snapshot IV for async AEAD requests
- crypto: algif_aead - Revert to operating out-of-place
- crypto: algifaead - use memcpysglist() instead of null skcipher
- crypto: scatterwalk - Backport memcpy_sglist()
- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec
- nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec {CVE-2026-22998}
- xfrm: add NULL check in xfrmupdateae_params {CVE-2023-3772}
- sctp: check send stream number after waitforsndbuf {CVE-2023-53296}
- ACPI: processor: idle: Check acpifetchacpi_dev() return value {CVE-2022-50327}
- ext4: fix uninititialized value in 'ext4evictinode' {CVE-2022-50546}
- tls: Use _skdstget() and dstdevrcu() in getnetdevforsock(). {CVE-2025-40149}
- bpf, cpumap: Make sure kthread is running before map update returns {CVE-2023-53577}
- net: add dstdevrcu() helper for safe dst->dev access {CVE-2025-40135}
- net/sched: clsu32: use skbheaderpointercareful() {CVE-2026-23204}
- net: add skbheaderpointer_careful() helper
- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve {CVE-2023-4623}
- ipvti: fix potential slab-use-after-free in decodesession6 {CVE-2023-53559}
- e1000e: fix heap overflow in e1000seteeprom {CVE-2025-39898}
- ALSA: hda/ca0132: Fix buffer overflow in addtuningcontrol {CVE-2025-39751}
- md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest {CVE-2023-53380}
- HID: uclogic: Correct devm device reference for hidinput input_dev name {CVE-2023-54207}
- ASoC: da7219: Fix an error handling path in da7219registerdai_clks() {CVE-2022-50698}
- selinux: enable use of both GFPKERNEL and GFPATOMIC in convert_context() {CVE-2022-50699}
- scsi: qla2xxx: Check valid rport returned by fcbsgto_rport() {CVE-2023-54014}
- ipv6: BUG() in pskbexpandhead() as part of calipsoskbuffsetattr() {CVE-2025-71085}
- ALSA: usb-audio: Fix use-after-free in sndusbmixer_free() {CVE-2026-23089}
- scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount() {CVE-2026-23193}
- drm/i915/gvt: fix gvt debugfs destroy {CVE-2023-54098}
- nfsd: provide locking for v4endgrace {CVE-2026-22980}
- dm flakey: don't corrupt the zero page {CVE-2023-54317}
- drm/amdkfd: Fix double release compute pasid {CVE-2022-50303}
- RDMA/srpt: Fix a use-after-free {CVE-2022-50129}
- RDMA/srpt: Introduce a reference count in struct srpt_device
- RDMA/srpt: Duplicate port name members
- KVM: x86: Reset IRTE to host control if new route isn't postable {CVE-2025-37885}
- ipvlan: add ipvlanroutev6_outbound() helper {CVE-2023-52796}
- mmc: core: use scnprintf() instead of sprintf() in sysfs show functions {CVE-2022-49267}
- rcu: Fix rcureadunlock() deadloop due to IRQ work {CVE-2025-39744}
- net/mlx5: Add a timeout to acquire the command queue semaphore {CVE-2024-38556}
- virtio-net: ensure the received length does not exceed allocated size {CVE-2025-38375}
- cacheinfo: Fix sharedcpumap to handle shared caches at different levels {CVE-2023-53254}
- RDMA/mlx5: Return the firmware result upon destroying QP/RQ {CVE-2023-53286}
- RDMA/rxe: Fix mr->map double free {CVE-2022-50543}
- wifi: ath9k: Fix use-after-free in ath9khifusb_disconnect() {CVE-2022-50881}
- tcp: fix a signed-integer-overflow bug in tcpaddbacklog() {CVE-2022-50865}
- NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-43945}
- perf/aux: Fix AUX buffer serialization {CVE-2024-46713}
- usb: xhci: Fix isochronous Ring Underrun/Overrun event handling {CVE-2025-37882}
- usb: xhci: Complete 'error mid TD' transfers when handling Missed Service
- usb: xhci: remove 'handlingskippedtds' from handletxevent()
- xhci: simplify event ring dequeue tracking for transfer events
- smb3: fix for slab out of bounds on mount to ksmbd {CVE-2025-38728}
- perf/core: Prevent VMA split of buffer mappings {CVE-2025-38563}
- i40e: add validation for ring_len param {CVE-2025-39973}
- i40e: increase max descriptors for XL710
- RDMA/rxe: Fix incomplete state save in rxe_requester {CVE-2023-53539}
- HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() {CVE-2025-38103}
- HID: hyperv: Correctly access fields declared as __le16 {CVE-2025-38103}
- ASoC: topology: Fix references to freed memory {CVE-2024-41069}
- drivers: base: Free devm resources when unregistering a device {CVE-2023-53596}
- ext4: fix use-after-free in ext4orphancleanup {CVE-2022-50673}
- net: bridge: xmit: make sure we have at least eth header len bytes {CVE-2024-38538}
- perf/core: Exit early on perf_mmap() fail {CVE-2025-38565}
- fs/proc: fix uaf in procreaddirde() {CVE-2025-40271}
- virtionet: fix xdprxq_info bug after suspend/resume {CVE-2022-49687}
- net/sched: schqfq: Avoid triggering mightsleep in atomic context in qfqdeleteclass
- References