CLSA-2025-1747688581 kernel: Fix of 15 CVEs

media: uvcvideo: Fix double free in error path CVE-2024-57980 - vrf: use RCU protection in l3mdevl3out CVE-2025-21791 - geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 - ibmvnic: Don't reference skb after sending to VIOS CVE-2025-21855 - pfifotailenqueue: Drop new packet when...

CVE-2024-50154

A use-after-free UAF vulnerability was found and fixed in the Linux kernel's TCP subsystem related to request socket reqsk timers during handshake handling. This issue stems from a race condition caused by relying on timerpending in reqskqueueunlink. This could result in the timer continuing to r...

CVE-2024-50154

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...

CVE-2024-50100

CVE-2024-50100 affects the Linux kernel USB gadget dummy-hcd driver. A change to use hrtimers introduced a mismatch between timer_pending() and hrtimer_active(), causing the URB dequeue path to miss a restarted timer and leading to usb_kill_urb() hangs. The fix adds a dedicated timer_pending flag...

CVE-2024-50100 USB: gadget: dummy-hcd: Fix "task hung" problem

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: dummy-hcd: Fix "task hung" problem The syzbot fuzzer has been encountering "task hung" problems ever since the dummy-hcd driver was changed to use hrtimers instead of regular timers. It turns out that the problems ar...

CVE-2024-50100 USB: gadget: dummy-hcd: Fix "task hung" problem

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: dummy-hcd: Fix "task hung" problem The syzbot fuzzer has been encountering "task hung" problems ever since the dummy-hcd driver was changed to use hrtimers instead of regular timers. It turns out that the problems ar...