{"id":"CLSA-2026-1770140694","summary":"kernel-uek: Fix of 43 CVEs","details":"- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx {CVE-2025-40022}\n- arm64: pensando: Must boot Ortano kernel with spin-table\n- net/sched: adjust device watchdog timer to detect stopped queue at right time\n- net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change\n- infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE.\n- infiniband/xsigo: xsvnic_main: Remove unused functions\n- infiniband/xsigo: xve_cm: Fix mixed code warning\n- infiniband/xsigo: xve_ethtool: Remove unused variable 'priv'\n- infiniband/xsigo: xve_ib: Fix misleading indentation\n- infiniband/xsigo: xve_ib: Fix mixed code warning\n- infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd'\n- infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del'\n- infiniband/xsigo: xve_main: Fix mixed code warning\n- infiniband/xsigo: xve_main: Fix misleading indentation\n- inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops'\n- infiniband/xsigo: xscore_impl: Remove unused label 'err_pd'\n- rds: Fix jiffies type in struct rds_conn_path\n- kernel: sysctl: Remove unused variable 'zero'\n- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg {CVE-2025-39964}\n- RDMA/cm: Base cm_id destruction timeout on CMA values\n- x86/its: Build fails with CONFIG_MITIGATION_ITS=n\n- LTS tag: v5.4.302\n- Input: pegasus-notetaker - fix potential out-of-bounds access {CVE-2025-68217}\n- Input: remove third argument of usb_maxpacket()\n- usb: deprecate the third argument of usb_maxpacket()\n- fs/proc: fix uaf in proc_readdir_de() {CVE-2025-40271}\n- pmdomain: imx: Fix reference count leak in imx_gpc_remove\n- pmdomain: arm: scmi: Fix genpd leak on provider registration failure {CVE-2025-68204}\n- net: netpoll: fix incorrect refcount handling causing incorrect cleanup {CVE-2025-68245}\n- net: qede: Initialize qede_ll_ops with designated initializer\n- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error {CVE-2025-68220}\n- ALSA: usb-audio: fix uac2 clock source at terminal parser\n- mm/page_alloc: fix hash table order logging in alloc_large_system_hash()\n- kconfig/nconf: Initialize the default locale at startup\n- kconfig/mconf: Initialize the default locale at startup\n- vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248}\n- s390/ctcm: Fix double-kfree {CVE-2025-40253}\n- net: openvswitch: remove never-working support for setting nsh fields {CVE-2025-40254}\n- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats()\n- MIPS: Malta: Fix !EVA SOC-it PCI MMIO\n- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() {CVE-2025-68229}\n- scsi: sg: Do not sleep in atomic context {CVE-2025-40259}\n- Input: cros_ec_keyb - fix an invalid memory access {CVE-2025-40263}\n- be2net: pass wrb_params in case of OS2BMC {CVE-2025-40264}\n- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() {CVE-2025-68734}\n- EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection\n- EDAC/altera: Handle OCRAM ECC enable after warm reset\n- spi: Try to get ACPI GPIO IRQ earlier\n- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe {CVE-2025-68241}\n- strparser: Fix signed/unsigned mismatch bug\n- gcov: add support for GCC 15\n- mm/ksm: fix flag-dropping behavior in ksm_madvise {CVE-2025-40040}\n- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd {CVE-2025-40275}\n- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE {CVE-2025-40277}\n- ASoC: cs4271: Fix regulator leak on probe failure\n- regulator: fixed: fix GPIO descriptor leak on register failure\n- regulator: fixed: use dev_err_probe for register\n- Bluetooth: L2CAP: export l2cap_chan_hold for modules\n- net_sched: limit try_bulk_dequeue_skb() batches\n- net_sched: remove need_resched() from qdisc_run()\n- net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps\n- net/mlx5e: Fix maxrate wraparound in threshold between units\n- net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak {CVE-2025-40278}\n- wifi: mac80211: skip rate verification for not captured PSDUs\n- net: mdio: fix resource leak in mdiobus_register_device()\n- tipc: Fix use-after-free in tipc_mon_reinit_self(). {CVE-2025-40280}\n- tipc: simplify the finalize work queue\n- sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto {CVE-2025-40281}\n- sctp: get netns from asoc and ep base\n- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions\n- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion\n- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path {CVE-2025-40282}\n- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF {CVE-2025-40283}\n- net: fec: correct rx_bytes statistic for the case SHIFT16 is set\n- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down\n- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug\n- NFS4: Fix state renewals missing after boot\n- compiler_types: Move unused static inline functions warning to W=2\n- extcon: adc-jack: Cleanup wakeup source only if it was enabled\n- tracing: Fix memory leaks in create_field_var()\n- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup {CVE-2025-68192}\n- sctp: Prevent TOCTOU out-of-bounds write {CVE-2025-40331}\n- sctp: Hold RCU read lock while iterating over address list\n- net: dsa: b53: stop reading ARL entries if search is done\n- net: dsa: b53: fix enabling ip multicast\n- net: dsa: b53: fix resetting speed and pause on forced link\n- net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325\n- net: dsa/b53: change b53_force_port_config() pause argument\n- net: vlan: sync VLAN features with lower device\n- ceph: add checking of wait_for_completion_killable() return value\n- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds {CVE-2025-40304}\n- ACPI: property: Return present device nodes only on fwnode interface\n- 9p: sysfs_init: don't hardcode error to ENOMEM\n- 9p: fix /sys/fs/9p/caches overwriting itself\n- fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink\n- ACPICA: Update dsmethod.c to get rid of unused variable warning\n- orangefs: fix xattr related buffer overflow... {CVE-2025-40306}\n- page_pool: Clamp pool size to max 16K pages\n- Bluetooth: bcsp: receive data only if registered {CVE-2025-40308}\n- Bluetooth: SCO: Fix UAF on sco_conn_free {CVE-2025-40309}\n- net: macb: avoid dealing with endianness in macb_set_hwaddr()\n- nfs4_setup_readdir(): insufficient locking for -\u003ed_parent-\u003ed_inode dereferencing {CVE-2025-68185}\n- NFSv4.1: fix mount hang after CREATE_SESSION failure\n- NFSv4: handle ERR_GRACE on delegation recalls\n- remoteproc: qcom: q6v5: Avoid handling handover twice\n- sparc/module: Add R_SPARC_UA64 relocation handling\n- net: intel: fm10k: Fix parameter idx set but not used\n- jfs: fix uninitialized waitqueue in transaction manager {CVE-2025-68168}\n- jfs: Verify inode mode when loading from disk {CVE-2025-40312}\n- ipv6: np-\u003erxpmtu race annotation\n- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices\n- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs\n- allow finish_no_open(file, ERR_PTR(-E...))\n- scsi: lpfc: Define size of debugfs entry for xri rebalancing\n- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET\n- selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency\n- net/cls_cgroup: Fix task_get_classid() during qdisc run\n- selftests: Replace sleep with slowwait\n- selftests: Disable dad for ipv6 in fcnal-test.sh\n- media: redrat3: use int type to store negative error codes\n- net: sh_eth: Disable WoL if system can not suspend\n- phy: cadence: cdns-dphy: Enable lower resolutions in dphy\n- usb: gadget: f_hid: Fix zero length packet transfer\n- net: call cond_resched() less often in __release_sock()\n- ALSA: usb-audio: apply quirk for MOONDROP Quark2\n- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms\n- dmaengine: dw-edma: Set status for callback_result\n- dmaengine: mv_xor: match alloc_wc and free_wc\n- dmaengine: sh: setup_xref error handling\n- scsi: pm8001: Use int instead of u32 to store error codes\n- mips: lantiq: xway: sysctrl: rename stp clock\n- mips: lantiq: danube: add missing device_type in pci node\n- mips: lantiq: danube: add missing properties to cpu node\n- media: fix uninitialized symbol warnings\n- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption\n- extcon: adc-jack: Fix wakeup source leaks on device unbind\n- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call\n- net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV.\n- net: When removing nexthops, don't call synchronize_net if it is not necessary\n- char: misc: Does not request module for miscdevice with dynamic minor\n- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet\n- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register\n- media: imon: make send_packet() more robust {CVE-2025-68194}\n- net: ipv6: fix field-spanning memcpy warning in AH output {CVE-2025-40363}\n- bridge: Redirect to backup port when port is administratively down\n- powerpc/eeh: Use result of error_detected() in uevent\n- x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall\n- media: pci: ivtv: Don't create fake v4l2_fh\n- drm/amdkfd: return -ENOTTY for unsupported IOCTLs\n- selftests/net: Ensure assert() triggers in psock_tpacket.c\n- selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8\n- PCI: Disable MSI on RDC PCI to PCIe bridges\n- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf()\n- mfd: madera: Work around false-positive -Wininitialized warning\n- mfd: stmpe-i2c: Add missing MODULE_LICENSE\n- mfd: stmpe: Remove IRQ domain upon removal\n- tools/power x86_energy_perf_policy: Prefer driver HWP limits\n- tools/power x86_energy_perf_policy: Enhance HWP enable\n- tools/cpupower: Fix incorrect size in cpuidle_state_disable()\n- hwmon: (dell-smm) Add support for Dell OptiPlex 7040\n- uprobe: Do not emulate/sstep original instruction when ip is changed\n- clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel\n- video: backlight: lp855x_bl: Set correct EPROM start for LP8556\n- tee: allow a driver to allocate a tee_device without a pool\n- ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method()\n- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card\n- irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment\n- arc: Fix __fls() const-foldability via __builtin_clzl()\n- cpufreq/longhaul: handle NULL policy in longhaul_exit {CVE-2025-68177}\n- selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2\n- ACPI: video: force native for Lenovo 82K8\n- memstick: Add timeout to prevent indefinite waiting\n- mmc: host: renesas_sdhi: Fix the actual clock\n- bpf: Don't use %pK through printk\n- spi: loopback-test: Don't use %pK through printk\n- soc: qcom: smem: Fix endian-unaware access of num_entries\n- usb: gadget: f_fs: Fix epfile null pointer access after ep enable. {CVE-2025-40315}\n- serial: 8250_dw: handle reset control deassert error\n- serial: 8250_dw: Use devm_add_action_or_reset()\n- serial: 8250_dw: Use devm_clk_get_optional() to get the input clock\n- can: gs_usb: increase max interface to U8_MAX\n- devcoredump: Fix circular locking dependency with devcd-\u003emutex.\n- net: ravb: Enforce descriptor type ordering\n- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID\n- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode {CVE-2025-40321}\n- net: phy: dp83867: Disable EEE support as not implemented\n- regmap: slimbus: fix bus_context pointer in regmap init calls {CVE-2025-40317}\n- drm/etnaviv: fix flush sequence logic\n- usbnet: Prevents free active kevent {CVE-2025-68312}\n- wifi: ath10k: Fix memory leak on unsupported WMI command\n- ASoC: qdsp6: q6asm: do not sleep while atomic\n- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init\n- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS\n- fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322}\n- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() {CVE-2025-40211}\n- fbdev: atyfb: Check if pll_ops-\u003einit_pll failed\n- net: usb: asix_devices: Check return value of usbnet_get_endpoints\n- btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot()\n- x86/bugs: Fix reporting of LFENCE retpoline\n- net/sched: sch_qfq: Fix null-deref in agg_dequeue {CVE-2025-40083}\n- RDMA/cm: Rate limit destroy CM ID timeout error message\n- soc/pensando: giglio: hack dts to make things right\n- soc/pensando: Add AMD Pensando Giglio SoC support\n- soc/pensando: psci support\n- soc/pensando: Giglio SoC eMMC interrupt driver\n- Reapply \"cpuidle: menu: Avoid discarding useful information\"\n- fbcon: fix integer overflow in font allocation\n- uek-rpm: Introduce check function for uek-rpm/tools/kabi\n- rds: Add smp_rmb before reading c_destroy_in_prog\n- uio_hv_generic: Set event for all channels on the device\n- ata: libata-scsi: Fix system suspend for a security locked drive\n- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155\n- scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt","modified":"2026-05-27T11:34:25.930724850Z","published":"2026-02-05T17:54:32Z","upstream":["CVE-2025-39964","CVE-2025-40022","CVE-2025-40040","CVE-2025-40083","CVE-2025-40211","CVE-2025-40248","CVE-2025-40253","CVE-2025-40254","CVE-2025-40259","CVE-2025-40263","CVE-2025-40264","CVE-2025-40271","CVE-2025-40275","CVE-2025-40277","CVE-2025-40278","CVE-2025-40280","CVE-2025-40281","CVE-2025-40282","CVE-2025-40283","CVE-2025-40304","CVE-2025-40306","CVE-2025-40308","CVE-2025-40309","CVE-2025-40312","CVE-2025-40315","CVE-2025-40317","CVE-2025-40321","CVE-2025-40322","CVE-2025-40331","CVE-2025-40363","CVE-2025-68168","CVE-2025-68177","CVE-2025-68185","CVE-2025-68192","CVE-2025-68194","CVE-2025-68204","CVE-2025-68217","CVE-2025-68220","CVE-2025-68229","CVE-2025-68241","CVE-2025-68245","CVE-2025-68312","CVE-2025-68734"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/oraclelinux7els/CLSA-2026-1770140694.html"}],"affected":[{"package":{"name":"bpftool","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/bpftool?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.17-2136.352.5.el7uek.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1770140694.json"}},{"package":{"name":"kernel-uek","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/kernel-uek?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.17-2136.352.5.el7uek.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1770140694.json"}},{"package":{"name":"kernel-uek-container","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/kernel-uek-container?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.17-2136.352.5.el7uek.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1770140694.json"}},{"package":{"name":"kernel-uek-container-debug","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/kernel-uek-container-debug?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.17-2136.352.5.el7uek.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1770140694.json"}},{"package":{"name":"kernel-uek-debug","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/kernel-uek-debug?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.17-2136.352.5.el7uek.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1770140694.json"}},{"package":{"name":"kernel-uek-debug-devel","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/kernel-uek-debug-devel?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.17-2136.352.5.el7uek.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1770140694.json"}},{"package":{"name":"kernel-uek-devel","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/kernel-uek-devel?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.17-2136.352.5.el7uek.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1770140694.json"}},{"package":{"name":"kernel-uek-headers","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/kernel-uek-headers?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.17-2136.352.5.el7uek.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1770140694.json"}},{"package":{"name":"kernel-uek-tools","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/kernel-uek-tools?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.17-2136.352.5.el7uek.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1770140694.json"}},{"package":{"name":"perf","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/perf?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.17-2136.352.5.el7uek.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1770140694.json"}},{"package":{"name":"python-perf","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/python-perf?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.17-2136.352.5.el7uek.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1770140694.json"}}],"schema_version":"1.7.5"}