{"id":"CLSA-2026-1777614651","summary":"kernel: Fix of 52 CVEs","details":"- crypto: algif_aead - Fix minimum RX size check for decryption\n- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl\n- crypto: authencesn - Fix src offset when decrypting in-place\n- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption\n- crypto: authenc - use memcpy_sglist() instead of null skcipher\n- crypto: algif_aead - snapshot IV for async AEAD requests\n- crypto: algif_aead - Revert to operating out-of-place\n- crypto: algif_aead - use memcpy_sglist() instead of null skcipher\n- crypto: scatterwalk - Backport memcpy_sglist()\n- crypto: authencesn - reject too-short AAD (assoclen\u003c8) to match ESP/ESN spec\n- nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec {CVE-2026-22998}\n- xfrm: add NULL check in xfrm_update_ae_params {CVE-2023-3772}\n- sctp: check send stream number after wait_for_sndbuf {CVE-2023-53296}\n- ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value {CVE-2022-50327}\n- ext4: fix uninititialized value in 'ext4_evict_inode' {CVE-2022-50546}\n- tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). {CVE-2025-40149}\n- bpf, cpumap: Make sure kthread is running before map update returns {CVE-2023-53577}\n- net: add dst_dev_rcu() helper for safe dst-\u003edev access {CVE-2025-40135}\n- net/sched: cls_u32: use skb_header_pointer_careful() {CVE-2026-23204}\n- net: add skb_header_pointer_careful() helper\n- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve {CVE-2023-4623}\n- ip_vti: fix potential slab-use-after-free in decode_session6 {CVE-2023-53559}\n- e1000e: fix heap overflow in e1000_set_eeprom {CVE-2025-39898}\n- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control {CVE-2025-39751}\n- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request {CVE-2023-53380}\n- HID: uclogic: Correct devm device reference for hidinput input_dev name {CVE-2023-54207}\n- ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() {CVE-2022-50698}\n- selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() {CVE-2022-50699}\n- scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() {CVE-2023-54014}\n- ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() {CVE-2025-71085}\n- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() {CVE-2026-23089}\n- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() {CVE-2026-23193}\n- drm/i915/gvt: fix gvt debugfs destroy {CVE-2023-54098}\n- nfsd: provide locking for v4_end_grace {CVE-2026-22980}\n- dm flakey: don't corrupt the zero page {CVE-2023-54317}\n- drm/amdkfd: Fix double release compute pasid {CVE-2022-50303}\n- RDMA/srpt: Fix a use-after-free {CVE-2022-50129}\n- RDMA/srpt: Introduce a reference count in struct srpt_device\n- RDMA/srpt: Duplicate port name members\n- KVM: x86: Reset IRTE to host control if *new* route isn't postable {CVE-2025-37885}\n- ipvlan: add ipvlan_route_v6_outbound() helper {CVE-2023-52796}\n- mmc: core: use scnprintf() instead of sprintf() in sysfs show functions {CVE-2022-49267}\n- rcu: Fix rcu_read_unlock() deadloop due to IRQ work {CVE-2025-39744}\n- net/mlx5: Add a timeout to acquire the command queue semaphore {CVE-2024-38556}\n- virtio-net: ensure the received length does not exceed allocated size {CVE-2025-38375}\n- cacheinfo: Fix shared_cpu_map to handle shared caches at different levels {CVE-2023-53254}\n- RDMA/mlx5: Return the firmware result upon destroying QP/RQ {CVE-2023-53286}\n- RDMA/rxe: Fix mr-\u003emap double free {CVE-2022-50543}\n- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() {CVE-2022-50881}\n- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() {CVE-2022-50865}\n- NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-43945}\n- perf/aux: Fix AUX buffer serialization {CVE-2024-46713}\n- usb: xhci: Fix isochronous Ring Underrun/Overrun event handling {CVE-2025-37882}\n- usb: xhci: Complete 'error mid TD' transfers when handling Missed Service\n- usb: xhci: remove 'handling_skipped_tds' from handle_tx_event()\n- xhci: simplify event ring dequeue tracking for transfer events\n- smb3: fix for slab out of bounds on mount to ksmbd {CVE-2025-38728}\n- perf/core: Prevent VMA split of buffer mappings {CVE-2025-38563}\n- i40e: add validation for ring_len param {CVE-2025-39973}\n- i40e: increase max descriptors for XL710\n- RDMA/rxe: Fix incomplete state save in rxe_requester {CVE-2023-53539}\n- HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() {CVE-2025-38103}\n- HID: hyperv: Correctly access fields declared as __le16 {CVE-2025-38103}\n- ASoC: topology: Fix references to freed memory {CVE-2024-41069}\n- drivers: base: Free devm resources when unregistering a device {CVE-2023-53596}\n- ext4: fix use-after-free in ext4_orphan_cleanup {CVE-2022-50673}\n- net: bridge: xmit: make sure we have at least eth header len bytes {CVE-2024-38538}\n- perf/core: Exit early on perf_mmap() fail {CVE-2025-38565}\n- fs/proc: fix uaf in proc_readdir_de() {CVE-2025-40271}\n- virtio_net: fix xdp_rxq_info bug after suspend/resume {CVE-2022-49687}\n- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class","modified":"2026-06-01T00:33:13.053543760Z","published":"2026-05-01T09:25:18Z","upstream":["CVE-2026-22998","CVE-2023-3772","CVE-2023-53296","CVE-2022-50327","CVE-2022-50546","CVE-2025-40149","CVE-2023-53577","CVE-2025-40135","CVE-2026-23204","CVE-2023-4623","CVE-2023-53559","CVE-2025-39898","CVE-2025-39751","CVE-2023-53380","CVE-2023-54207","CVE-2022-50698","CVE-2022-50699","CVE-2023-54014","CVE-2025-71085","CVE-2026-23089","CVE-2026-23193","CVE-2023-54098","CVE-2026-22980","CVE-2023-54317","CVE-2022-50303","CVE-2022-50129","CVE-2025-37885","CVE-2023-52796","CVE-2022-49267","CVE-2025-39744","CVE-2024-38556","CVE-2025-38375","CVE-2023-53254","CVE-2023-53286","CVE-2022-50543","CVE-2022-50881","CVE-2022-50865","CVE-2022-43945","CVE-2024-46713","CVE-2025-37882","CVE-2025-38728","CVE-2025-38563","CVE-2025-39973","CVE-2023-53539","CVE-2025-38103","CVE-2024-41069","CVE-2023-53596","CVE-2022-50673","CVE-2024-38538","CVE-2025-38565","CVE-2025-40271","CVE-2022-49687"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/centos8.4els/CLSA-2026-1777614651.html"}],"affected":[{"package":{"name":"bpftool","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/bpftool?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-core","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-core?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-cross-headers","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-cross-headers?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-debug","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-debug?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-debug-core","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-debug-core?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-debug-devel","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-debug-devel?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-debug-modules","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-debug-modules?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-debug-modules-extra","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-debug-modules-extra?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-debug-modules-internal","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-debug-modules-internal?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-devel","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-devel?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-headers","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-headers?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-ipaclones-internal","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-ipaclones-internal?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-modules","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-modules?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-modules-extra","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-modules-extra?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-modules-internal","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-modules-internal?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-selftests-internal","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-selftests-internal?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-tools","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-tools?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-tools-libs","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-tools-libs?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"kernel-tools-libs-devel","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/kernel-tools-libs-devel?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"perf","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/perf?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}},{"package":{"name":"python3-perf","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/python3-perf?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-305.25.1.el8_4.tuxcare.els36"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2026-1777614651.json"}}],"schema_version":"1.7.5"}