CLSA-2026-1779434490

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1779434490.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1779434490
Upstream
Published
2026-05-22T07:21:33Z
Modified
2026-05-29T01:34:14.224097173Z
Summary
kernel: Fix of 100 CVEs
Details
  • tracing: Verify event formats that have "%*p.." {CVE-2025-37938}
  • HID: pidff: Fix null pointer dereference in pidfffindfields {CVE-2025-37862}
  • scsi: st: Fix array overflow in st_setup() {CVE-2025-37857}
  • drm/amdkfd: debugfs hang_hws skip GPU with MES {CVE-2025-37853}
  • mm/vmscan: don't try to reclaim hwpoison folio {CVE-2025-37834}
  • cpufreq: scmi: Fix null-ptr-deref in scmicpufreqget_rate() {CVE-2025-37830}
  • drm/amdgpu: handle amdgpucgscreatedevice() errors in amdpowerplay_create() {CVE-2025-37852}
  • cpufreq: scpi: Fix null-ptr-deref in scpicpufreqget_rate() {CVE-2025-37829}
  • sound/virtio: Fix cancelsync warnings on uninitialized workstructs {CVE-2025-37805}
  • net: tls: explicitly disallow disconnect {CVE-2025-37756}
  • drm/amd/pm: Prevent division by zero {CVE-2025-37770}
  • drm/amd/pm: Prevent division by zero {CVE-2025-37768}
  • net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. {CVE-2025-22111}
  • wifi: ath11k: Clear affinity hint before calling ath11kpcicfree_irq() in error path {CVE-2025-23129}
  • x86/mm: Fix flushtlbrange() when used for zapping normal PMDs {CVE-2025-22045}
  • ftrace: Avoid potential division by zero in functionstatshow() {CVE-2025-21898}
  • md/md-bitmap: Synchronize bitmapgetstats() with bitmap lifetime {CVE-2025-21712}
  • bpf: Fix softlockup in arenamapfree on 64k page kernel {CVE-2025-21851}
  • RDMA/rxe: Fix the warning "__rxecleanup+0x12c/0x170 [rdmarxe]" {CVE-2025-21829}
  • mm: zswap: properly synchronize freeing resources during CPU hotunplug {CVE-2025-21693}
  • drop_monitor: fix incorrect initialization order {CVE-2025-21862}
  • ptp: Ensure info->enable callback is always set {CVE-2025-21814}
  • efi: Don't map the entire mokvar table to determine its size {CVE-2025-21872}
  • drm/amd/display: Assign normalizedpixclk when color depth = 14 {CVE-2025-21956}
  • net: usb: rtl8150: enable basic endpoint checking {CVE-2025-21708}
  • nfp: bpf: Add check for nfpappctrlmsgalloc() {CVE-2025-21848}
  • netfilter: nftables: reject mismatching sum of fieldlen with set key length {CVE-2025-21826}
  • mm: clear uffd-wp PTE/PMD state on mremap() {CVE-2025-21696}
  • wifi: cfg80211: regulatory: improve invalid hints checking {CVE-2025-21910}
  • eth: bnxt: always recalculate features after XDP clearing, fix null-deref {CVE-2025-21682}
  • vxlan: check vxlanvnigroupinit() return value {CVE-2025-21790}
  • ata: libata-sff: Ensure that we cannot write outside the allocated buffer {CVE-2025-21738}
  • wifi: mac80211: don't flush non-uploaded STAs {CVE-2025-21828}
  • team: better TEAMOPTIONTYPE_STRING validation {CVE-2025-21787}
  • ppp: Fix KMSAN uninit-value warning with bpf {CVE-2025-21922}
  • scsi: storvsc: Ratelimit warning logs to prevent VM denial of service {CVE-2025-21690}
  • sctp: sysctl: udp_port: avoid using current->nsproxy {CVE-2025-21637}
  • cgroup/cpuset: remove kernfs active break {CVE-2025-21634}
  • KVM: Explicitly verify target vCPU is online in kvmgetvcpu() {CVE-2024-58083}
  • idpf: convert workqueues to unbound {CVE-2024-58057}
  • xfrm: state: fix out-of-bounds read during lookup {CVE-2024-57982}
  • printk: Fix signed integer overflow when defining LOGBUFLEN_MAX {CVE-2024-58017}
  • Bluetooth: btbcm: Fix NULL deref in btbcmgetboard_name() {CVE-2024-57988}
  • HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections {CVE-2024-57986}
  • virtio-blk: don't keep queue frozen during system suspend {CVE-2024-57946}
  • drm/amd/display: Initialize denominator defaults to 1 {CVE-2024-57950}
  • fs: relax assertions on failure to encode file handles {CVE-2024-57924}
  • drm/amd/display: Add check for granularity in dml ceil/floor helpers {CVE-2024-57922}
  • scsi: qedf: Fix a possible memory leak in qedfallocandinitsb() {CVE-2024-56748}
  • ACPI: x86: Add adev NULL check to acpiquirkskipserdevenumeration() {CVE-2024-56782}
  • scsi: qedi: Fix a possible memory leak in qediallocandinitsb() {CVE-2024-56747}
  • netdevsim: prevent bad user input in nsimdevhealthbreakwrite() {CVE-2024-56716}
  • scsi: hisisas: Add condresched() for no forced preemption model {CVE-2024-56589}
  • wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmfsdiodsglist_rw() {CVE-2024-56593}
  • ipvs: fix UB due to uninitialized stack access in ipvsprotocol_init() {CVE-2024-53680}
  • xen: Fix the issue of resource not being properly released in xenbusdevprobe() {CVE-2024-53198}
  • RDMA/rxe: Fix the qp flush warnings in req {CVE-2024-53229}
  • KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN {CVE-2024-53135}
  • exfat: fix out-of-bounds access of directory entries {CVE-2024-53147}
  • iouring: check for overflows in iopin_pages {CVE-2024-53187}
  • firmware: arm_scpi: Check the DVFS OPP count returned by the firmware {CVE-2024-53157}
  • drm/xe/tracing: Fix a potential TP_printk UAF {CVE-2024-49570}
  • rxrpc: Fix a race between socket set up and I/O thread creation {CVE-2024-49864}
  • netdevsim: Add trailing zero to terminate the string in nsimnexthopbucketactivitywrite() {CVE-2024-50259}
  • udf: Avoid excessive partition lengths {CVE-2024-46777}
  • tracing: Fix overflow in getfreeelt() {CVE-2024-43890}
  • dma-debug: fix a possible deadlock on radix_lock {CVE-2024-47143}
  • x86/mtrr: Check if fixed MTRRs exist before saving them {CVE-2024-44948}
  • net: hns3: fix a deadlock problem when config TC during resetting {CVE-2024-44995}
  • net: usb: qmi_wwan: fix memory leak for not ip packets {CVE-2024-43861}
  • serial: core: check uartclk for zero to avoid divide by zero {CVE-2024-43893}
  • wireguard: allowedips: avoid unaligned 64-bit memory accesses {CVE-2024-42247}
  • crypto: ecdh - explicitly zeroize private_key {CVE-2024-42098}
  • skmsg: Skip zero length skb in skmsgrecvmsg {CVE-2024-41048}
  • serial: imx: Introduce timeout when waiting on transmitter empty {CVE-2024-40967}
  • tracing: Build event generation tests only as modules {CVE-2024-41004}
  • xen/events: close evtchn after mapping cleanup {CVE-2024-26687}
  • hwmon: (xgene) Fix ioremap and memremap leak {CVE-2023-53682}
  • firmware: arm_scmi: Fix double free in SMC transport cleanup path {CVE-2024-26893}
  • start_kernel: Add __nostackprotector function attribute {CVE-2023-53491}
  • spi: qup: Don't skip cleanup in remove's error path {CVE-2023-53567}
  • i2c: designware: Fix handling of real but unexpected device interrupts {CVE-2022-50370}
  • rbd: avoid use-after-free in dorbdadd() when rbddevcreate() fails {CVE-2023-53307}
  • fs/binfmtelf: Fix memory leak in loadelf_binary() {CVE-2022-50466}
  • recordmcount: Fix memory leaks in the uwrite function {CVE-2023-53318}
  • mtd: core: fix possible resource leak in init_mtd() {CVE-2022-50304}
  • net: hns: fix possible memory leak in hnaeaeregister() {CVE-2022-50352}
  • crypto: cavium - prevent integer overflow loading firmware {CVE-2022-50330}
  • pnode: terminate at peers of source {CVE-2022-50280}
  • PNP: fix name memory leak in pnpallocdev() {CVE-2022-50278}
  • mfd: max77620: Fix refcount leak in max77620initialisefps {CVE-2022-50108}
  • ovl: Use "buf" flexible array for memcpy() destination {CVE-2022-49743}
  • kprobes: Fix check for probe enabled in kill_kprobe() {CVE-2022-50266}
  • ipv6: Fix signed integer overflow in __ip6appenddata {CVE-2022-49728}
  • linux/dim: Fix divide by 0 in RDMA DIM {CVE-2022-49670}
  • net: tun: unlink NAPI from device on destruction {CVE-2022-49672}
  • tracing/histograms: Fix memory leak problem {CVE-2022-49648}
  • configfs: fix a race in configfs_{,un}register_subsystem() {CVE-2022-48931}
  • ima: Fix potential memory leak in imainitcrypto() {CVE-2022-49627}
  • list: fix a data-race around ep->rdllist {CVE-2022-49443}
  • fs: add SANONINODE
References

Affected packages