{"id":"CLSA-2025-1759431860","summary":"kernel: Fix of 40 CVEs","details":"- ASoC: topology: Clean up route loading {CVE-2024-41069}\n- ASoC: topology: Fix references to freed memory {CVE-2024-41069}\n- drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616}\n- Bluetooth: L2CAP: Fix not validating setsockopt user input {CVE-2024-35965}\n- Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt() {CVE-2024-35965}\n- usb: cdc-acm: Check control transfer buffer size before access {CVE-2025-21704}\n- igb: Fix potential invalid memory access in igb_init_module() {CVE-2024-52332}\n- vfio/pci: Properly hide first-in-list PCIe extended capability {CVE-2024-53214}\n- Bluetooth: RFCOMM: Fix not validating setsockopt user input {CVE-2024-35966}\n- Bluetooth: SCO: Fix not validating setsockopt user input {CVE-2024-35966}\n- media: stk1160: fix bounds checking in stk1160_copy_video() {CVE-2024-38621}\n- net/sched: Always pass notifications when child class becomes empty {CVE-2025-38350}\n- sch_htb: make htb_qlen_notify() idempotent {CVE-2025-37932}\n- codel: remove sch-\u003eq.qlen check before qdisc_tree_reduce_backlog() {CVE-2025-37798}\n- sch_qfq: make qfq_qlen_notify() idempotent {CVE-2025-38350}\n- sch_drr: make drr_qlen_notify() idempotent {CVE-2025-38350}\n- sch_htb: make htb_deactivate() idempotent {CVE-2025-38350}\n- sch_cbq: make cbq_qlen_notify() idempotent {CVE-2025-38000}\n- inet: fully convert sk-\u003esk_rx_dst to RCU rules {CVE-2021-47103}\n- scsi: mpt3sas: Fix use-after-free warning {CVE-2022-48695}\n- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory {CVE-2024-40901}\n- vmci: prevent speculation leaks by sanitizing event in event_deliver() {CVE-2024-39499}\n- USB: core: Fix hang in usb_kill_urb by adding memory barriers {CVE-2022-48760}\n- nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells {CVE-2021-47497}\n- virtio-net: Add validation for used length {CVE-2021-47352}\n- watchdog: Fix possible use-after-free by calling del_timer_sync() {CVE-2021-47321}\n- scsi: qedi: Fix crash while reading debugfs attribute {CVE-2024-40978}\n- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids {CVE-2024-40929}\n- wifi: iwlwifi: mvm: guard against invalid STA ID on removal {CVE-2024-36921}\n- mac802154: fix llsec key resources release in mac802154_llsec_key_del {CVE-2024-26961}\n- platform/x86: wmi: Fix opening of char device {CVE-2023-52864}\n- media: gspca: cpia1: shift-out-of-bounds in set_flicker {CVE-2023-52764}\n- wifi: mac80211: fix potential key use-after-free {CVE-2023-52530}\n- net: fix information leakage in /proc/net/ptype {CVE-2022-48757}\n- crypto: qat - resolve race condition during AER recovery {CVE-2024-26974}\n- perf/core: Bail out early if the request AUX area is out of bound {CVE-2023-52835}\n- net: ti: fix UAF in tlan_remove_one {CVE-2021-47310}\n- wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() {CVE-2023-52594}\n- net: bridge: use DEV_STATS_INC() {CVE-2023-52578}\n- net: add atomic_long_t to net_device_stats fields {CVE-2023-52578}\n- media: dvb-core: Fix use-after-free due to race at dvb_register_device() {CVE-2022-45884}\n- media: dvb-core: Fix use-after-free on race condition at dvb_frontend {CVE-2022-45885}\n- xen/gntalloc: don't use gnttab_query_foreign_access() {CVE-2022-23039}\n- xen/netfront: don't use gnttab_query_foreign_access() for mapped status {CVE-2022-23037}\n- xen/grant-table: add gnttab_try_end_foreign_access() {CVE-2022-23038}\n- ovl: fail on invalid uid/gid mapping at copy up {CVE-2023-0386}\n- ALSA: oss: Fix PCM OSS buffer allocation overflow {CVE-2022-49292}\n- gfs2: Fix length of holes reported at end-of-file\n- gfs2: Only do glock put in gfs2_create_inode for free inodes\n- gfs2: Fix use-after-free in gfs2_logd after withdraw\n- gfs2: fix use-after-free in trans_drain\n- gfs2: Clean up revokes on normal withdraws\n- GFS2: gfs2_free_extlen can return an extent that is too long\n- gfs2: Wipe jdata and ail1 in gfs2_journal_wipe, formerly gfs2_meta_wipe\n- GFS2: Refactor gfs2_remove_from_journal\n- GFS2: Only set PageChecked for jdata pages\n- gfs2: keep bios separate for each journal\n- gfs2: Remove active journal side effect from gfs2_write_log_header\n- gfs2: clean_journal improperly set sd_log_flush_head\n- partial \"GFS2: Introduce new gfs2_log_header_v2\"\n- gfs2: change from write to read lock for sd_log_flush_lock in journal replay\n- GFS2: Reduce code redundancy writing log headers\n- gfs2: Grab glock reference sooner in gfs2_add_revoke\n- gfs2: fix glock reference problem in gfs2_trans_remove_revoke\n- gfs2: Fix occasional glock use-after-free\n- gfs2: Make sure we don't miss any delayed withdraws\n- gfs2: Fix bad comment for trans_drain\n- gfs2: add some much needed cleanup for log flushes that fail\n- gfs2: fix trans slab error when withdraw occurs inside log_flush\n- gfs2: initialize transaction tr_ailX_lists earlier\n- GFS2: Remove extra \"if\" in gfs2_log_flush()\n- gfs2: fix use-after-free on transaction ail lists\n- gfs2: Trim the ordered write list in gfs2_ordered_write()\n- GFS2: Clean up releasepage\n- gfs2: Only set PageChecked if we have a transaction\n- gfs2: Fix case in which ail writes are done to jdata holes\n- gfs2: simplify gfs2_block_map\n- gfs2: Remove unused gfs2_iomap_alloc argument\n- gfs2: Be more careful with the quota sync generation\n- gfs2: Get rid of some unnecessary quota locking\n- gfs2: Add some missing quota locking\n- gfs2: Fold qd_fish into gfs2_quota_sync\n- gfs2: quota need_sync cleanup\n- gfs2: Fix and clean up function do_qc\n- gfs2: Revert \"Add quota_change type\"\n- gfs2: Revert \"ignore negated quota changes\"\n- gfs2: qd_check_sync cleanups\n- gfs2: Check quota consistency on mount\n- gfs2: Minor gfs2_quota_init error path cleanup\n- gfs2: fix kernel BUG in gfs2_quota_cleanup\n- gfs2: Clean up quota.c:print_message\n- gfs2: Clean up gfs2_alloc_parms initializers\n- gfs2: Two quota=account mode fixes\n- gfs2: Remove useless assignment\n- gfs2: simplify slot_get\n- gfs2: Simplify qd2offset\n- gfs2: Remove quota allocation info from quota file\n- gfs2: use constant for array size\n- gfs2: Set qd_sync_gen in do_sync\n- gfs2: Remove useless err set\n- gfs2: Small gfs2_quota_lock cleanup\n- gfs2: move qdsb_put and reduce redundancy\n- gfs2: Don't try to sync non-changes\n- gfs2: Simplify function need_sync\n- gfs2: remove unneeded pg_oflow variable\n- gfs2: remove unneeded variable done\n- gfs2: pass sdp to gfs2_write_buf_to_page\n- gfs2: pass sdp in to gfs2_write_disk_quota\n- gfs2: Pass sdp to gfs2_adjust_quota\n- gfs2: remove dead code for quota writes\n- gfs2: Use qd_sbd more consequently\n- gfs2: replace 'found' with dedicated list iterator variable\n- gfs2: Some whitespace cleanups\n- gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold","modified":"2026-06-01T00:33:18.251965556Z","published":"2025-10-02T19:04:29Z","upstream":["CVE-2024-41069","CVE-2024-56616","CVE-2024-35965","CVE-2025-21704","CVE-2024-52332","CVE-2024-53214","CVE-2024-35966","CVE-2024-38621","CVE-2025-38350","CVE-2025-37932","CVE-2025-37798","CVE-2025-38000","CVE-2021-47103","CVE-2022-48695","CVE-2024-40901","CVE-2024-39499","CVE-2022-48760","CVE-2021-47497","CVE-2021-47352","CVE-2021-47321","CVE-2024-40978","CVE-2024-40929","CVE-2024-36921","CVE-2024-26961","CVE-2023-52864","CVE-2023-52764","CVE-2023-52530","CVE-2022-48757","CVE-2024-26974","CVE-2023-52835","CVE-2021-47310","CVE-2023-52594","CVE-2023-52578","CVE-2022-45884","CVE-2022-45885","CVE-2022-23039","CVE-2022-23037","CVE-2022-23038","CVE-2023-0386","CVE-2022-49292"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/centos7els/CLSA-2025-1759431860.html"}],"affected":[{"package":{"name":"bpftool","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/bpftool?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els25"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1759431860.json"}},{"package":{"name":"kernel","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els25"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1759431860.json"}},{"package":{"name":"kernel-debug","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel-debug?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els25"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1759431860.json"}},{"package":{"name":"kernel-debug-devel","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel-debug-devel?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els25"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1759431860.json"}},{"package":{"name":"kernel-devel","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel-devel?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els25"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1759431860.json"}},{"package":{"name":"kernel-headers","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel-headers?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els25"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1759431860.json"}},{"package":{"name":"kernel-tools","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel-tools?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els25"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1759431860.json"}},{"package":{"name":"kernel-tools-libs","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel-tools-libs?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els25"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1759431860.json"}},{"package":{"name":"kernel-tools-libs-devel","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/kernel-tools-libs-devel?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els25"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1759431860.json"}},{"package":{"name":"perf","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/perf?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els25"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1759431860.json"}},{"package":{"name":"python-perf","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/python-perf?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.0-1160.119.1.el7.tuxcare.els25"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1759431860.json"}}],"schema_version":"1.7.5"}