CLSA-2026-1778787063

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778787063.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1778787063
Upstream
  • CVE-2026-31493
  • CVE-2026-31500
  • CVE-2026-31551
Published
2026-05-15T07:56:34Z
Modified
2026-05-29T01:35:07.736821477Z
Summary
kernel: Fix of 122 CVEs
Details
  • net: skbuff: propagate shared-frag marker through pskb_copy()
  • mptcp: always handle address removal under msk socket lock {CVE-2025-21875}
  • uprobes: Reject the shared zeropage in uprobewriteopcode() {CVE-2025-21881}
  • net: hns3: make sure ptp clock is unregister and freed if hclgeptpget_cycle returns an error {CVE-2025-21924}
  • wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() {CVE-2025-21744}
  • mptcp: fix NULL pointer in canacceptnew_subflow {CVE-2025-23145}
  • bus: mhi: host: pcigeneric: Use pcitryresetfunction() to avoid deadlock {CVE-2025-21951}
  • blk-cgroup: Fix class @block_class's subsystem refcount leakage {CVE-2025-21745}
  • net/mlx5: handle errors in mlx5chainscreate_table() {CVE-2025-21975}
  • USB: hub: Ignore non-compliant devices with too many configs or interfaces {CVE-2025-21776}
  • wifi: iwlwifi: don't warn when if there is a FW error {CVE-2025-38096}
  • ice: fix memory leak in aRFS after reset {CVE-2025-21981}
  • KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel {CVE-2025-21779}
  • Bluetooth: Disable SCO support if READVOICESETTING is unsupported/broken {CVE-2025-38099}
  • regulator: check that dummy regulator has been probed before using it {CVE-2025-22008}
  • acpi: nfit: fix narrowing conversion in acpinfitctl {CVE-2025-22044}
  • drm/scheduler: signal scheduled fence when kill job {CVE-2025-38436}
  • nfsd: nfsd4spomust_allow() must check this is a v4 compound request {CVE-2025-38430}
  • net: decrease cached dst counters in dst_release {CVE-2025-22057}
  • bnxten: Set DMA unmap len correctly for XDPREDIRECT {CVE-2025-38439}
  • net: fix NULL pointer dereference in l3mdevl3rcv {CVE-2025-22103}
  • dlm: prevent NPD when writing a positive value to event_done {CVE-2025-23131}
  • drm/amd/display: fix a Null pointer dereference vulnerability {CVE-2025-39705}
  • net/sched: Return NULL when htblookupleaf encounters an empty rbtree {CVE-2025-38468}
  • drm/amd/display: Fix null check for pipectx->planestate in resourcebuildscaling_params {CVE-2025-21941}
  • drm/amdgpu: check if hubbub is NULL in debugfs/amdgpudmcapabilities {CVE-2025-39707}
  • HID: appleir: Fix potential NULL dereference at raw event handle {CVE-2025-21948}
  • usb: net: sierra: check for no status endpoint {CVE-2025-38474}
  • drm/radeon: fix uninitialized size issue in radeonvcecs_parse() {CVE-2025-21996}
  • wifi: cfg80211: Add missing lock in cfg80211checkandendcac() {CVE-2025-38643}
  • netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets {CVE-2025-22063}
  • vxlan: Fix NPD when refreshing an FDB entry with a nexthop object {CVE-2025-39851}
  • thermal: int340x: Add NULL check for adev {CVE-2025-23136}
  • Bluetooth: l2cap: Check encryption key size on incoming connection {CVE-2025-39889}
  • dm thin: make getfirstthin use rcu-safe list first function {CVE-2025-21664}
  • tracing: Add downwrite(traceevent_sem) when adding trace event {CVE-2025-38539}
  • usbnet: Fix using smpprocessorid() in preemptible code warnings {CVE-2025-40164}
  • bpf: Send signals asynchronously if !preemptible {CVE-2025-21728}
  • ima: Fix a potential integer overflow in imaappraisemeasurement {CVE-2022-49643}
  • dm-stripe: fix a possible integer overflow {CVE-2025-39940}
  • usbnet: gl620a: fix endpoint checking in genelink_bind() {CVE-2025-21877}
  • fs: dlm: fix use after free in midcomms commit {CVE-2023-53629}
  • usbnet: fix memory leak in error case {CVE-2022-49657}
  • wifi: nl80211: reject cooked mode if it is set along with other flags {CVE-2025-21909}
  • can: j1939: j1939sendone(): fix missing CAN header initialization {CVE-2022-49845}
  • ima: Fix use-after-free on a dentry's dname.name {CVE-2024-39494}
  • posix-clock: Fix missing timespec64 check in pcclocksettime() {CVE-2024-50195}
  • netsched: Prevent creation of classes with TCH_ROOT {CVE-2025-21971}
  • mm/slub: avoid accessing metadata when pointer is invalid in object_err() {CVE-2025-39902}
  • RDMA/mlx5: Fix mlx5pollone() cur_qp update flow {CVE-2025-22086}
  • virtio/vsock: Fix accept_queue memory leak {CVE-2024-53119}
  • wifi: mac80211: Purge vif txq in ieee80211dostop() {CVE-2025-37794}
  • tipc: fix memory leak in tipclinkxmit {CVE-2025-37757}
  • tipc: fix NULL pointer dereference in tipcmonreinit_self() {CVE-2025-37824}
  • drm/amd/pm: Prevent division by zero {CVE-2025-37766}
  • acpi: nfit: vmalloc-out-of-bounds Read in acpinfitctl {CVE-2024-56662}
  • virtiofs: add filesystem context source name check {CVE-2025-37773}
  • usb: xhci: Fix NULL pointer dereference on certain command aborts {CVE-2024-57981}
  • netsched: schsfq: reject invalid perturb period {CVE-2025-38193}
  • Bluetooth: btrtl: Prevent potential NULL dereference {CVE-2025-37792}
  • trace/fgraph: Fix the warning caused by missing unregister notifier {CVE-2025-39829}
  • can: mcan: pci: add missing mcanclassfree_dev() in probe/remove methods {CVE-2022-49024}
  • Bluetooth: btrtl: check for NULL in btrtlsetuprealtek() {CVE-2024-57987}
  • wifi: rtw89: fix race between cancelhwscan and hw_scan completion {CVE-2025-21729}
  • ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params {CVE-2024-58012}
  • iouring/rw: fix missing NOWAIT check for ODIRECT start write {CVE-2024-53052}
  • wifi: iwlwifi: mvm: avoid NULL pointer dereference {CVE-2024-58062}
  • page_pool: avoid infinite loop to schedule delayed worker {CVE-2025-37859}
  • HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check {CVE-2024-57993}
  • bpf: Fix deadlock when freeing cgroup storage {CVE-2024-58088}
  • ice: ice_adapter: release xa entry on adapter allocation failure {CVE-2025-40185}
  • RDMA/core: Silence oversized kvmalloc() warning {CVE-2025-37867}
  • iommu: Clear iommu-dma ops on cleanup {CVE-2025-37877}
  • nfsd: clear aclaccess/acldefault after releasing them {CVE-2025-21796}
  • ASoC: soc-pcm: don't use socpcmret() on .prepare callback {CVE-2024-58077}
  • netfilter: conntrack: clamp maximum hashtable size to INT_MAX {CVE-2025-21648}
  • cachestat: fix page cache statistics permission checking {CVE-2025-21691}
  • sctp: sysctl: plpmtudprobeinterval: avoid using current->nsproxy {CVE-2025-21636}
  • ALSA: ctxfi: Fix potential OOB access in audio mixer handling {CVE-2026-23076}
  • block: fix resource leak in blkregisterqueue() error path {CVE-2025-37980}
  • wifi: iwlwifi: fix debug actions order {CVE-2025-38045}
  • net: hns3: fix kernel crash when 1588 is sent on HIP08 devices {CVE-2025-21649}
  • filemap: avoid truncating 64-bit offset to 32 bits {CVE-2025-21665}
  • wifi: brcmfmac: Check the return value of ofpropertyreadstringindex() {CVE-2025-21750}
  • smb: client: add NULL check in automount_fullpath {CVE-2025-38208}
  • afs: Fix merge preference rule failure condition {CVE-2025-21672}
  • ipv6: mcast: add RCU protection to mld_newpack() {CVE-2025-21758}
  • landlock: Handle weird files {CVE-2025-21830}
  • bpf: Fix bpfskselect_reuseport() memory leak {CVE-2025-21683}
  • usb: gadget: core: flush gadget workqueue after device removal {CVE-2025-21838}
  • rtnetlink: Allocate vfinfo size for VF GUIDs when supported {CVE-2025-22075}
  • vfs: fix race between eviceinodes() and findinode()&iput() {CVE-2024-47679}
  • afpacket: avoid erroring out after sockinitdata() in packetcreate() {CVE-2024-56606}
  • mm/migratedevice: don't add folio to be freed to LRU in migratedevice_finalize() {CVE-2025-21861}
  • tun: Fix memory leak for detached NAPI queue. {CVE-2023-53685}
  • ntbnetdev: Use devkfreeskbany() in interrupt context {CVE-2022-50476}
  • OPP: fix devpmoppfindbw_*() when bandwidth table not initialized {CVE-2024-58068}
  • libceph: make decode_pool() more resilient against corrupted osdmaps {CVE-2025-71116}
  • netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree() {CVE-2025-21959}
  • spi: spi-imx: Add check for spiimxsetupxfer() {CVE-2025-37801}
  • smb: client: Add check for nextbuffer in receiveencrypted_standard() {CVE-2025-21844}
  • rcutorture: Fix rcutortureoneextend_check() splat in RT kernels {CVE-2025-39745}
  • ASoC: SOF: stream-ipc: Check for cstream nullity in sofipcmsg_data() {CVE-2025-21847}
  • net: hinic: fix memory leak when reading function table {CVE-2022-50438}
  • ipv4: use RCU protection in _iprtupdatepmtu() {CVE-2025-21766}
  • usb: typec: ucsi: displayport: Fix NULL pointer access {CVE-2025-37994}
  • eth: alx: take rtnl_lock on resume {CVE-2022-50498}
  • misc: tifm: fix possible memory leak in tifm7xx1switch_media() {CVE-2022-50349}
  • Bluetooth: btintel: serialize btintelhwerror() with hcireqsync_lock {CVE-2026-31500}
  • RDMA/efa: Fix use of completion ctx after free {CVE-2026-31493}
  • bpf: avoid holding freeze_mutex during mmap operation {CVE-2025-21853}
  • RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers {CVE-2025-21885}
  • ipvlan: ensure network headers are in skb linear part {CVE-2025-21891}
  • net: hinic: fix the issue of CMDQ memory leaks {CVE-2022-50387}
  • iommu/vt-d: Avoid use of NULL after WARNONONCE {CVE-2025-21833}
  • chardev: fix error handling in cdevdeviceadd() {CVE-2022-50282}
  • udf: Fix uninitialized array access for some pathnames {CVE-2023-53165}
  • net: usb: smsc95xx: Limit packet length to skb->len {CVE-2023-53062}
  • drm/amd/pm: fix null pointer access {CVE-2025-38705}
  • drm/nouveau: prime: fix ttmbodelayed_delete oops {CVE-2025-37765}
  • wifi: mac80211: Fix staticbranchdec() underflow for aql_disable. {CVE-2026-31551}
  • md: suspend array while updating raid_disks via sysfs {CVE-2025-71225}
  • sctp: move SCTPCMDASSOCSHKEY right after SCTPCMDPEERINIT {CVE-2026-23125}
References

Affected packages