{"id":"CLSA-2025-1757961506","summary":"kernel: Fix of 26 CVEs","details":"- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() {CVE-2025-38352}\n- xfrm: state: fix out-of-bounds read during lookup {CVE-2024-57982}\n- nfsd: fix race between laundromat and free_stateid {CVE-2024-50106}\n- nfsd: split sc_status out of sc_type {CVE-2024-50106}\n- nfsd: avoid race after unhash_delegation_locked() {CVE-2024-50106}\n- nfsd: don't call functions with side-effecting inside WARN_ON() {CVE-2024-50106}\n- can: peak_usb: fix use after free bugs {CVE-2021-47670}\n- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds {CVE-2025-38159}\n- i2c/designware: Fix an initialization issue {CVE-2025-38380}\n- RDMA/rxe: Fix error unwind in rxe_create_qp() {CVE-2022-50127}\n- i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200}\n- udp: Fix memory accounting leak. {CVE-2025-22058}\n- Bluetooth: hci_core: Fix use-after-free in vhci_flush() {CVE-2025-38250}\n- net_sched: ets: Fix double list add in class with netem as child qdisc {CVE-2025-38085}\n- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race {CVE-2025-38085}\n- mm/khugepaged: fix GUP-fast interaction by sending IPI {CVE-2025-38085}\n- padata: fix UAF in padata_reorder {CVE-2025-21727}\n- net/sched: Always pass notifications when child class becomes empty {CVE-2025-38350}\n- codel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog() {CVE-2025-38177}\n- sch_ets: make est_qlen_notify() idempotent {CVE-2025-38177}\n- sch_qfq: make qfq_qlen_notify() idempotent {CVE-2025-38177}\n- sch_hfsc: make hfsc_qlen_notify() idempotent {CVE-2025-38177}\n- sch_drr: make drr_qlen_notify() idempotent {CVE-2025-38177}\n- sch_htb: make htb_qlen_notify() idempotent {CVE-2025-38177}\n- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() {CVE-2025-38000}\n- net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477}\n- tipc: Fix use-after-free in tipc_conn_close(). {CVE-2025-38464}\n- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction {CVE-2025-38211}\n- scsi: lpfc: Use memcpy() for BIOS version {CVE-2025-38332}\n- netfilter: xtables: avoid NFPROTO_UNSPEC where needed {CVE-2024-50038}\n- netfilter: xtables: Add snapshot of hardidletimer target {CVE-2024-50038}\n- crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079}\n- ext4: avoid resizing to a partial cluster size {CVE-2022-50020}\n- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc {CVE-2025-37890}\n- net: tipc: fix refcount warning in tipc_aead_encrypt {CVE-2025-38273}\n- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done {CVE-2025-38052}\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove {CVE-2025-22020}","modified":"2026-06-01T00:32:59.815423037Z","published":"2025-09-15T18:38:29Z","upstream":["CVE-2025-38352","CVE-2024-57982","CVE-2024-50106","CVE-2021-47670","CVE-2025-38159","CVE-2025-38380","CVE-2022-50127","CVE-2025-38200","CVE-2025-22058","CVE-2025-38250","CVE-2025-38085","CVE-2025-21727","CVE-2025-38350","CVE-2025-38177","CVE-2025-38000","CVE-2025-38477","CVE-2025-38464","CVE-2025-38211","CVE-2025-38332","CVE-2024-50038","CVE-2025-38079","CVE-2022-50020","CVE-2025-37890","CVE-2025-38273","CVE-2025-38052","CVE-2025-22020"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/centos-stream8els/CLSA-2025-1757961506.html"}],"affected":[{"package":{"name":"bpftool","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/bpftool?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-core","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-core?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-cross-headers","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-cross-headers?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-debug","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-debug?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-debug-core","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-debug-core?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-debug-devel","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-debug-devel?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-debug-modules","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-debug-modules?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-debug-modules-extra","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-debug-modules-extra?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-debug-modules-internal","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-debug-modules-internal?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-devel","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-devel?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-headers","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-headers?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-ipaclones-internal","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-ipaclones-internal?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-modules","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-modules?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-modules-extra","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-modules-extra?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-modules-internal","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-modules-internal?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-selftests-internal","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-selftests-internal?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-tools","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-tools?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-tools-libs","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-tools-libs?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"kernel-tools-libs-devel","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/kernel-tools-libs-devel?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"perf","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/perf?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}},{"package":{"name":"python3-perf","ecosystem":"TuxCare:CentOS-Stream:8","purl":"pkg:rpm/tuxcare/python3-perf?distro=centos-stream-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-553.6.1.el8_10.tuxcare.els13"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1757961506.json"}}],"schema_version":"1.7.5"}