CLSA-2026-1777633439

crypto: algif_aead - Fix minimum RX size check for decryption {CVE-2026-31431}
crypto: afalg - Fix page reassignment overflow in afalgpulltsgl {CVE-2026-31431}
crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec {CVE-2026-31431}
crypto: authencesn - Fix src offset when decrypting in-place {CVE-2026-31431}
crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption {CVE-2026-31431}
crypto: authenc - use memcpy_sglist() instead of null skcipher {CVE-2026-31431}
crypto: algif_aead - snapshot IV for async AEAD requests {CVE-2026-31431}
crypto: algif_aead - Revert to operating out-of-place {CVE-2026-31431}
crypto: algifaead - use memcpysglist() instead of null skcipher {CVE-2026-31431}
crypto: scatterwalk - Backport memcpy_sglist() {CVE-2026-31431}
scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount() {CVE-2026-23216}
VMCI: Fix use-after-free when removing resource in vmciresourceremove() {CVE-2024-46738}
ptp: fix integer overflow in maxvclocksstore {CVE-2024-40994}
xsk: Fix xsk_diag use-after-free error during socket cleanup {CVE-2023-53426}
net: hns3: add VLAN id validation before using {CVE-2025-71112}
scsi: qla2xxx: Fix improper freeing of purex item {CVE-2025-68741}
tracing: Consider the NULL character when validating the event length {CVE-2024-50131}
capabilities: fix undefined behavior in bit shift for CAPTOMASK {CVE-2022-49870}
scsi: libsas: Fix use-after-free bug in smpexecutetask_sg() {CVE-2022-50422}
netfilter: nftables: fix inverted genmask check in nftmapcatchallactivate() {CVE-2026-23111}
team: fix check for port enabled in teamqueueoverrideportprio_changed() {CVE-2025-71091}
i2c: piix4: Fix adapter not be removed in piix4_remove() {CVE-2022-49900}
libceph: replace overzealous BUGON in osdmapapply_incremental() {CVE-2026-22990}
RDMA/mlx5: Initialize objevent->objsublist before xainsert {CVE-2025-38387}
ACPICA: Refuse to evaluate a method if arguments are missing {CVE-2025-38386}
drm/tegra: Fix a possible null pointer dereference {CVE-2025-38363}
ACPICA: fix acpi operand cache leak in dswstate.c {CVE-2025-38345}
ACPICA: fix acpi parse and parseext cache leaks {CVE-2025-38344}
jbd2: fix data-race and null-ptr-deref in jbd2journaldirty_metadata() {CVE-2025-38337}
x86/sgx: Prevent attempts to reclaim poisoned pages {CVE-2025-38334}
mpls: Use rcudereferencertnl() in mplsrouteinput_rcu(). {CVE-2025-38324}
drm/amd/pp: Fix potential NULL pointer dereference in atomctrlinitializemcregtable {CVE-2025-38319}
fbdev: core: fbcvt: avoid division by 0 in fbcvthperiod() {CVE-2025-38312}
seg6: Fix validation of nexthop addresses {CVE-2025-38310}
bpf: Fix WARN() in getbpfrawtpregs {CVE-2025-38285}
atm: clip: prevent NULL deref in clip_push() {CVE-2025-38251}
nfsd: Initialize ssc before laundromat_work to prevent NULL dereference {CVE-2025-38231}
ext4: inline: fix len overflow in ext4prepareinline_data {CVE-2025-38222}
fbdev: Fix doregisterframebuffer to prevent null-ptr-deref in fbvideomodeto_var {CVE-2025-38215}
fbdev: Fix fbsetvar to prevent null-ptr-deref in fbvideomodeto_var {CVE-2025-38214}
atm: Revert atmaccounttx() if copyfromiter_full() fails. {CVE-2025-38190}
tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer {CVE-2025-38184}
calipso: Fix null-ptr-deref in calipsoreq{set,del}attr(). {CVE-2025-38181}
thunderbolt: Do not double dequeue a configuration request {CVE-2025-38174}
bpf: fix ktls panic with sockmap {CVE-2025-38166}
gve: add missing NULL check for gveallocpending_packet() in TX DQO {CVE-2025-38122}
netsched: schsfq: fix a potential crash on gso_skb handling {CVE-2025-38115}
x86/iopl: Cure TIFIOBITMAP inconsistencies {CVE-2025-38100}
dma-buf: insert memory barrier before updating num_fences {CVE-2025-38095}
netsched: prio: fix a race in priotune() {CVE-2025-38083}
libnvdimm/labels: Fix divide error in ndlabeldata_init() {CVE-2025-38072}
dm cache: prevent BUG_ON by blocking retries on failed device resumes {CVE-2025-38066}
dm: fix unconditional IO throttle caused by REQ_PREFLUSH {CVE-2025-38063}
net: pktgen: fix access outside of user given buffer in pktgenthreadwrite() {CVE-2025-38061}
__legitimizemnt(): check for MNTSYNCUMOUNT should be under mountlock {CVE-2025-38058}
media: cx231xx: set device_caps for 417 {CVE-2025-38044}
firmware: armffa: Set dmamask for ffa devices {CVE-2025-38043}
serial: mctrlgpio: split disablems into sync and no_sync APIs {CVE-2025-38040}
vxlan: Annotate FDB data races {CVE-2025-38037}
nvmet-tcp: don't restore null skstatechange {CVE-2025-38035}
nfs: handle failure of nfsgetlock_context in unlock path {CVE-2025-38023}
wifi: mt76: disable napi on driver removal {CVE-2025-38009}
openvswitch: Fix unsafe attribute parsing in output_userspace() {CVE-2025-37998}
netfilter: ipset: fix region locking in hash types {CVE-2025-37997}
module: ensure that kobject_put() is safe for module type kobjects {CVE-2025-37995}
wifi: brcm80211: fmac: Add error handling for brcmfusbdl_writeimage() {CVE-2025-37990}
USB: wdm: close race between wdmopen and wdmwwanportstop {CVE-2025-37985}
usb: typec: ucsi: displayport: Fix deadlock {CVE-2025-37967}
bpf: Scrub packet on bpfredirectpeer {CVE-2025-37959}
xenbus: Use kref to track req lifetime {CVE-2025-37949}
ftrace: Add condresched() to ftracegraphsethash() {CVE-2025-37940}
drm/sched: Increment job count before swapping tail spsc queue {CVE-2025-38515}
intel_th: Fix a resource leak in an error handling path {CVE-2022-50143}
net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer {CVE-2025-39937}
net: fec: Fix possible NPD in fecenetphyresetafterclkenable() {CVE-2025-39876}
i2c: qup: jump out of the loop in case of timeout {CVE-2025-38671}
regulator: core: fix NULL dereference on unbind due to stale coupling data {CVE-2025-38668}
PM / devfreq: Check governor before using governor->name {CVE-2025-38609}
inotify: Avoid reporting event with invalid wd {CVE-2023-54119}
net/sched: clsu32: use skbheaderpointercareful() {CVE-2026-23204}
drm/sched: Fix potential double free in drmschedjobaddresv_dependencies {CVE-2025-40096}
smb: client: let smbddestroy() call disableworksync(&info->postsendcreditswork) {CVE-2025-39932}
xfs: do not propagate ENODATA disk errors into xattr code {CVE-2025-39835}
fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322}
mm/kmemleak: avoid soft lockup in __kmemleakdocleanup() {CVE-2025-39737}
bpf: Do not let BPF test infra emit invalid GSO types to stack {CVE-2025-68725}
HID: hid-ntrig: fix unable to handle page fault in ntrigreportversion() {CVE-2025-39808}
net: usb: rtl8150: fix memory leak on usbsubmiturb() failure {CVE-2025-71154}
block: avoid possible overflow for chunksectors check in blkstack_limits() {CVE-2025-39795}
drm/amdkfd: Destroy KFD debugfs after destroy KFD wq {CVE-2025-39706}
sctp: initialize more fields in sctpv6from_sk() {CVE-2025-39812}
scsi: qla4xxx: Prevent a potential error pointer dereference {CVE-2025-39676}
libceph: return the handler error from monhandleauth_done() {CVE-2026-22992}
drm/radeon: delete radeonfenceprocess in is_signaled, no deadlock {CVE-2025-68223}
jbd2: prevent softlockup in jbd2logdo_checkpoint() {CVE-2025-39782}
net: sock: fix hardened usercopy panic in sockrecverrqueue {CVE-2026-22977}
wifi: ath11k: clear initialized flag for deinit-ed srng lists {CVE-2025-38601}
team: Move team device type change at the end of teamportadd {CVE-2025-68340}
can: kvaserusb: kvaserusbreadbulk_callback(): fix URB memory leak {CVE-2026-23061}
crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec {CVE-2026-23060}
libceph: make freechoosearg_map() resilient to partial allocation {CVE-2026-22991}
KEYS: trusted: Fix a memory leak in tpm2loadcmd {CVE-2025-71147}
ftrace: Fix potential warning in traceprintkseq during ftrace_dump {CVE-2025-39813}
x86/mm/64: define ARCHPAGETABLESYNCMASK and archsynckernel_mappings() {CVE-2025-39845}
rxrpc: Fix oops due to non-existence of prealloc backlog struct {CVE-2025-38514}
netfilter: ctnetlink: fix refcount leak on table dump {CVE-2025-38721}
bpf: Reject %p% format string in bprintf-like helpers {CVE-2025-38528}
drm/amd/display: Add null pointer check in modhdcphdcp1createsession() {CVE-2025-39675}
net/packet: fix a race in packetsetring() and packet_notifier() {CVE-2025-38617}
ext4: do not BUG when INLINEDATAFL lacks system.data xattr {CVE-2025-38701}
cgroup: split cgroupdestroywq into 3 workqueues {CVE-2025-39953}
NFS: Fix the setting of capabilities when automounting a new filesystem {CVE-2025-39798}
fs: Prevent file descriptor table allocations exceeding INT_MAX {CVE-2025-39756}
media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() {CVE-2025-39713}
wifi: mac80211: reject TDLS operations when station is not associated {CVE-2025-38644}
ASoC: core: Check for rtd == NULL in sndsocremovepcmruntime() {CVE-2025-38706}
scsi: libiscsi: Initialize iscsiconn->dddata only if memory is allocated {CVE-2025-38700}
smb: client: fix smbdirectrecvio leak in smbd_negotiate() error path {CVE-2025-39929}
mm: move page table sync declarations to linux/pgtable.h {CVE-2025-39844}
ppp: fix memory leak in padcompressskb {CVE-2025-39847}
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras {CVE-2025-38540}
libceph: prevent potential out-of-bounds reads in handleauthdone() {CVE-2026-22984}
iommu: disable SVA when CONFIG_X86 is set {CVE-2025-71089}
netfilter: nftables: fix use-after-free in nftables_addchain() {CVE-2026-23231}
ALSA: usb-audio: Fix use-after-free in sndusbmixer_free() {CVE-2026-23089}
macvlan: fix possible UAF in macvlanforwardsource() {CVE-2026-23001}
mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats {CVE-2025-68800}
be2net: Fix NULL pointer dereference in becmdgetmacfrom_list {CVE-2026-23084}
wifi: ath10k: fix dmafreecoherent() pointer {CVE-2026-23133}
wifi: ath11k: fix node corruption in ar->arvifs list {CVE-2025-38293}
x86/mm: Check return value from memblockphysalloc_range() {CVE-2025-38071}
net: Fix TOCTOU issue in skisreadable() {CVE-2025-38112}
net: phy: mscc: Fix memory leak when using one step timestamping {CVE-2025-38148}
mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure {CVE-2026-23144}
scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount() {CVE-2026-23193}
nfsd: provide locking for v4endgrace {CVE-2026-22980}
migrate: correct lock ordering for hugetlb file folios {CVE-2026-23097}
bpf, ktls: Fix data corruption when using bpfmsgpop_data() in ktls {CVE-2025-38608}
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure {CVE-2025-38695}
mm/kmemleak: avoid deadlock by moving prwarn() outside kmemleaklock {CVE-2025-39736}
net: drop UFO packets in udprcvsegment() {CVE-2025-38622}
net: bridge: fix soft lockup in brmulticastquery_expired() {CVE-2025-39773}
iwlwifi: Add missing check for allocorderedworkqueue {CVE-2025-38602}
net, hsr: reject HSR frame if skb can't hold tag {CVE-2025-39703}
crypto: ccp - Fix crash when rebind ccp device for ccp.ko {CVE-2025-38581}
RDMA: hfi1: fix possible divide-by-zero in findhwthread_mask() {CVE-2025-39742}
net: stmmac: make sure that ptp_rate is not 0 before configuring EST {CVE-2025-38125}
net/sched: Restrict conditions for adding duplicating netems to qdisc tree {CVE-2025-38553}
io_uring/net: commit partial buffers on retry {CVE-2025-38730}
perf/core: Prevent VMA split of buffer mappings {CVE-2025-38563}
ALSA: aloop: Fix racy access at PCM trigger {CVE-2026-23191}

References

https://errata.tuxcare.com/els_os/tuxcare9.6esu/CLSA-2026-1777633439.html

CLSA-2026-1777633439

Affected packages