{"id":"CLSA-2026-1773048865","summary":"kernel: Fix of 53 CVEs","details":"- xhci: Remove device endpoints from bandwidth list when freeing the device {CVE-2022-50470}\n- HID: multitouch: Add NULL check in mt_input_configured {CVE-2024-58020}\n- netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX {CVE-2025-38201}\n- fs: writeback: fix use-after-free in __mark_inode_dirty() {CVE-2025-39866}\n- tracing/histograms: Add histograms to hist_vars if they have referenced variables {CVE-2023-53560}\n- netfilter: conntrack: Avoid nf_ct_helper_hash uses after free {CVE-2023-53619}\n- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() {CVE-2023-53521}\n- dm cache: Fix UAF in destroy() {CVE-2022-50496}\n- Bluetooth: L2CAP: Fix user-after-free {CVE-2022-50386}\n- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify {CVE-2025-38102}\n- sctp: avoid NULL dereference when chunk data buffer is missing {CVE-2025-40240}\n- wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf {CVE-2023-53524}\n- xfrm: fix slab-use-after-free in decode_session6 {CVE-2023-53500}\n- ring-buffer: Sync IRQ works before buffer destruction {CVE-2023-53587}\n- Bluetooth: RFCOMM: Fix not validating setsockopt user input {CVE-2024-35966}\n- Bluetooth: L2CAP: Fix not validating setsockopt user input {CVE-2024-35965}\n- Bluetooth: SCO: Fix not validating setsockopt user input {CVE-2024-35967}\n- NFSD: Fix the behavior of READ near OFFSET_MAX {CVE-2022-48827}\n- NFSD: Avoid calling OPDESC() with ops-\u003eopnum == OP_ILLEGAL {CVE-2023-53680}\n- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory {CVE-2025-39883}\n- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit {CVE-2025-38685}\n- erspan: do not use skb_mac_header() in ndo_start_xmit() {CVE-2023-53053}\n- net/mlx5e: Avoid field-overflowing memcpy() {CVE-2022-48744}\n- usb: core: config: Prevent OOB read in SS endpoint companion parsing {CVE-2025-39760}\n- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path {CVE-2025-39911}\n- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() {CVE-2022-50422}\n- i40e: remove read access to debugfs files {CVE-2025-39901}\n- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind {CVE-2025-68305}\n- RDMA/core: Fix \"KASAN: slab-use-after-free Read in ib_register_device\" problem {CVE-2025-38022}\n- usb: xhci: Apply the link chain quirk on NEC isoc endpoints {CVE-2025-22022}\n- netfilter: allow exp not to be removed in nf_ct_find_expectation {CVE-2023-52927}\n- dm-bufio: don't schedule in atomic context {CVE-2025-37928}\n- ACPI: EC: Fix oops when removing custom query handlers {CVE-2023-54244}\n- mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats {CVE-2025-68800}\n- net/sched: Enforce that teql can only be used as root qdisc {CVE-2026-23074}\n- net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() {CVE-2023-54114}\n- igb: Do not bring the device up after non-fatal error {CVE-2024-50040}\n- HID: core: do not bypass hid_hw_raw_request {CVE-2025-38494}\n- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras {CVE-2023-53471}\n- wifi: mwifiex: Initialize the chan_stats array to zero {CVE-2025-39891}\n- HID: asus: fix UAF via HID_CLAIMED_INPUT validation {CVE-2025-39824}\n- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds {CVE-2025-40304}\n- HID: multitouch: Correct devm device reference for hidinput input_dev name {CVE-2023-53454}\n- udf: Do not bother merging very long extents {CVE-2023-53506}\n- wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() {CVE-2022-50551}\n- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path {CVE-2023-53604}\n- gfs2: Fix possible data races in gfs2_show_options() {CVE-2023-53622}\n- iavf: Fix use-after-free in free_netdev {CVE-2023-53556}\n- cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945}\n- kernfs: fix use-after-free in __kernfs_remove {CVE-2022-50432}\n- net/sched: act_mirred: don't override retval if we already lost the skb {CVE-2024-26739}\n- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock-\u003ecork. {CVE-2025-39913}\n- igb: Fix igb_down hung on surprise removal {CVE-2023-53148}","modified":"2026-05-29T01:35:54.275584775Z","published":"2026-03-09T09:34:28Z","upstream":["CVE-2022-48744","CVE-2022-48827","CVE-2022-50386","CVE-2022-50422","CVE-2022-50432","CVE-2022-50470","CVE-2022-50496","CVE-2022-50551","CVE-2023-52927","CVE-2023-53053","CVE-2023-53148","CVE-2023-53454","CVE-2023-53471","CVE-2023-53500","CVE-2023-53506","CVE-2023-53521","CVE-2023-53524","CVE-2023-53556","CVE-2023-53560","CVE-2023-53587","CVE-2023-53604","CVE-2023-53619","CVE-2023-53622","CVE-2023-53680","CVE-2023-54114","CVE-2023-54244","CVE-2024-26739","CVE-2024-35965","CVE-2024-35966","CVE-2024-35967","CVE-2024-50040","CVE-2024-58020","CVE-2025-22022","CVE-2025-37928","CVE-2025-38022","CVE-2025-38102","CVE-2025-38201","CVE-2025-38494","CVE-2025-38685","CVE-2025-39760","CVE-2025-39824","CVE-2025-39866","CVE-2025-39883","CVE-2025-39891","CVE-2025-39901","CVE-2025-39911","CVE-2025-39913","CVE-2025-39945","CVE-2025-40240","CVE-2025-40304","CVE-2025-68305","CVE-2025-68800","CVE-2026-23074"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/centos8.4els/CLSA-2026-1773048865.html"}],"schema_version":"1.7.5"}