{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* CVE-url: https://ubuntu.com/security/CVE-2023-52522\n - net: fix possible store tearing in neigh_periodic_work()\n * CVE-url: https://ubuntu.com/security/CVE-2024-40911\n - wifi: cfg80211: Lock wiphy in cfg80211_get_station\n * CVE-url: https://ubuntu.com/security/CVE-2024-43863\n - drm/vmwgfx: Fix a deadlock in dma buf fence polling\n * CVE-url: https://ubuntu.com/security/CVE-2024-44931\n - gpio: prevent potential speculation leaks in gpio_device_get_desc()\n * CVE-url: https://ubuntu.com/security/CVE-2024-50229\n - nilfs2: fix potential deadlock with newly created symlinks\n * CVE-url: https://ubuntu.com/security/CVE-2024-50171\n - net: systemport: fix potential memory leak in bcm_sysport_xmit()\n * CVE-url: https://ubuntu.com/security/CVE-2024-50233\n - staging: iio: frequency: ad9832: fix division by zero in\n ad9832_calc_freqreg()\n * CVE-url: https://ubuntu.com/security/CVE-2024-44938\n - jfs: Fix shift-out-of-bounds in dbDiscardAG\n * CVE-url: https://ubuntu.com/security/CVE-2024-50117\n - drm/amd: Guard against bad data for ATIF ACPI method\n * CVE-url: https://ubuntu.com/security/CVE-2024-49902\n - jfs: check if leafidx greater than num leaves per dmap tree\n * CVE-url: https://ubuntu.com/security/CVE-2023-52799\n - jfs: fix array-index-out-of-bounds in dbFindLeaf\n * CVE-url: https://ubuntu.com/security/CVE-2024-41063\n - Bluetooth: fix power_on vs close race\n - Bluetooth: hci_core: cancel all works upon hci_unregister_dev()\n * CVE-url: https://ubuntu.com/security/CVE-2024-50267\n - USB: serial: io_edgeport: fix use after free in debug printk\n * CVE-url: https://ubuntu.com/security/CVE-2024-50230\n - nilfs2: fix kernel bug due to missing clearing of checked flag\n * CVE-url: https://ubuntu.com/security/CVE-2024-50302\n - HID: core: zero-initialize the report buffer\n * CVE-url: https://ubuntu.com/security/CVE-2024-50180\n - fbdev: sisfb: Fix strbuf array overflow\n * CVE-url: https://ubuntu.com/security/CVE-2024-50278\n - dm cache: fix out-of-bounds access to the dirty bitset when resizing\n - dm cache: fix potential out-of-bounds access on the first resume\n * CVE-url: https://ubuntu.com/security/CVE-2024-50234\n - wifi: iwlegacy: Clear stale interrupts before resuming device\n * CVE-url: https://ubuntu.com/security/CVE-2024-50301\n - security/keys: fix slab-out-of-bounds in key_task_permission\n * CVE-url: https://ubuntu.com/security/CVE-2024-50143\n - overflow: Add __must_check attribute to check_*() helpers\n - compiler.h: drop fallback overflow checkers\n - overflow: Allow mixed type arguments\n - udf: fix uninit-value use in udf_get_fileshortad\n * Bionic update: upstream stable patchset 2020-11-10 (LP: #1903768) // CVE-\n url: https://ubuntu.com/security/CVE-2024-50143\n - overflow: Include header file with SIZE_MAX declaration\n * Bionic update: upstream stable patchset 2020-09-16 (LP: #1895873) // CVE-\n url: https://ubuntu.com/security/CVE-2024-50143\n - overflow.h: Add allocation size calculation helpers\n * Bionic update: upstream stable patchset 2020-05-07 (LP: #1877461) // CVE-\n url: https://ubuntu.com/security/CVE-2024-50143\n - overflow.h: Add arithmetic shift helper\n * CVE-url: https://ubuntu.com/security/CVE-2024-53061\n - media: s5p-jpeg: prevent buffer overflows\n * CVE-url: https://ubuntu.com/security/CVE-2024-47809\n - dlm: fix possible lkb_resource null dereference\n * CVE-url: https://ubuntu.com/security/CVE-2024-41020\n - filelock: Fix fcntl/close race recovery compat path\n * CVE-url: https://ubuntu.com/security/CVE-2024-43892\n - memcg: protect concurrent access to mem_cgroup_idr\n * CVE-url: https://ubuntu.com/security/CVE-2021-47379\n - blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd\n * CVE-url: https://ubuntu.com/security/CVE-2024-53239\n - ALSA: 6fire: Release resources at card release\n * CVE-url: https://ubuntu.com/security/CVE-2024-50051\n - spi: mpc52xx: Add cancel_work_sync before module remove", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/advisories/2025/clsa-2025_1742319829.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1742319829", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1742319829" } ], "tracking": { "current_release_date": "2025-05-19T15:20:38Z", "generator": { "date": "2025-05-19T15:20:38Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1742319829", "initial_release_date": "2025-03-18T13:43:51Z", "revision_history": [ { "date": "2025-03-18T13:43:51Z", "number": "1", "summary": "Initial version" }, { "date": "2025-05-19T15:20:38Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Fix of 27 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 16.04", "product": { "name": "Ubuntu 16.04", "product_id": "Ubuntu-16", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "product": { "name": "linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "product_id": "linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-4.4.0-272-tuxcare.els43@4.4.0-272.306?arch=amd64" } } }, { "category": "product_version", "name": "linux-libc-dev-0:4.4.0-272.306.amd64", "product": { "name": "linux-libc-dev-0:4.4.0-272.306.amd64", "product_id": "linux-libc-dev-0:4.4.0-272.306.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-libc-dev@4.4.0-272.306?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-generic-0:4.4.0.272.306.amd64", "product": { "name": "linux-tools-generic-0:4.4.0.272.306.amd64", "product_id": "linux-tools-generic-0:4.4.0.272.306.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-generic@4.4.0.272.306?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "product": { "name": "linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "product_id": "linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-modules-4.4.0-272-tuxcare.els43-generic@4.4.0-272.306?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-lowlatency-0:4.4.0.272.306.amd64", "product": { "name": "linux-image-lowlatency-0:4.4.0.272.306.amd64", "product_id": "linux-image-lowlatency-0:4.4.0.272.306.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-image-lowlatency@4.4.0.272.306?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "product": { "name": "linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "product_id": "linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-image-unsigned-4.4.0-272-tuxcare.els43-generic@4.4.0-272.306?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "product": { "name": "linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "product_id": "linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-headers-4.4.0-272-tuxcare.els43-generic@4.4.0-272.306?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "product": { "name": "linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "product_id": "linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-modules-extra-4.4.0-272-tuxcare.els43-generic@4.4.0-272.306?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "linux-tools-host-0:4.4.0-272.306.all", "product": { "name": "linux-tools-host-0:4.4.0-272.306.all", "product_id": "linux-tools-host-0:4.4.0-272.306.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-host@4.4.0-272.306?arch=all" } } }, { "category": "product_version", "name": "linux-source-4.4.0-0:4.4.0-272.306.all", "product": { "name": "linux-source-4.4.0-0:4.4.0-272.306.all", "product_id": "linux-source-4.4.0-0:4.4.0-272.306.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-source-4.4.0@4.4.0-272.306?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64" }, "product_reference": "linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-libc-dev-0:4.4.0-272.306.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64" }, "product_reference": "linux-libc-dev-0:4.4.0-272.306.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-host-0:4.4.0-272.306.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all" }, "product_reference": "linux-tools-host-0:4.4.0-272.306.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-generic-0:4.4.0.272.306.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64" }, "product_reference": "linux-tools-generic-0:4.4.0.272.306.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-source-4.4.0-0:4.4.0-272.306.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all" }, "product_reference": "linux-source-4.4.0-0:4.4.0-272.306.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" }, "product_reference": "linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-lowlatency-0:4.4.0.272.306.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64" }, "product_reference": "linux-image-lowlatency-0:4.4.0.272.306.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" }, "product_reference": "linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" }, "product_reference": "linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" }, "product_reference": "linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "relates_to_product_reference": "Ubuntu-16" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-41020", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nfilelock: Fix fcntl/close race recovery compat path\nWhen I wrote commit 3cad1bc01041 (\"filelock: Remove locks reliably when\nfcntl/close race is detected\"), I missed that there are two copies of the\ncode I was patching: The normal version, and the version for 64-bit offsets\non 32-bit kernels.\nThanks to Greg KH for stumbling over this while doing the stable\nbackport...\nApply exactly the same fix to the compat path for 32-bit kernels.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-41020" } ], "release_date": "2024-07-29T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-50117", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Guard against bad data for ATIF ACPI method\n\nIf a BIOS provides bad data in response to an ATIF method call\nthis causes a NULL pointer dereference in the caller.\n\n```\n? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1))\n? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434)\n? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2))\n? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1))\n? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642)\n? exc_page_fault (arch/x86/mm/fault.c:1542)\n? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623)\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu\n```\n\nIt has been encountered on at least one system, so guard for it.\n\n(cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50117" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1d7175f9c57b1abf9ecfbdfd53ea760761f52ffe", "url": "https://git.kernel.org/stable/c/1d7175f9c57b1abf9ecfbdfd53ea760761f52ffe" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/234682910971732cd4da96fd95946e296e486b38", "url": "https://git.kernel.org/stable/c/234682910971732cd4da96fd95946e296e486b38" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/43b4fa6e0e238c6e2662f4fb61d9f51c2785fb1d", "url": "https://git.kernel.org/stable/c/43b4fa6e0e238c6e2662f4fb61d9f51c2785fb1d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/58556dcbd5606a5daccaee73b2130bc16b48e025", "url": "https://git.kernel.org/stable/c/58556dcbd5606a5daccaee73b2130bc16b48e025" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6032287747f874b52dc8b9d7490e2799736e035f", "url": "https://git.kernel.org/stable/c/6032287747f874b52dc8b9d7490e2799736e035f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/975ede2a7bec52b5da1428829b3439667c8a234b", "url": "https://git.kernel.org/stable/c/975ede2a7bec52b5da1428829b3439667c8a234b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bf58f03931fdcf7b3c45cb76ac13244477a60f44", "url": "https://git.kernel.org/stable/c/bf58f03931fdcf7b3c45cb76ac13244477a60f44" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cd67af3c1762de4c2483ae4dbdd98f9ea8fa56e3", "url": "https://git.kernel.org/stable/c/cd67af3c1762de4c2483ae4dbdd98f9ea8fa56e3" } ], "release_date": "2024-11-05T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-50180", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sisfb: Fix strbuf array overflow\n\nThe values of the variables xres and yres are placed in strbuf.\nThese variables are obtained from strbuf1.\nThe strbuf1 array contains digit characters\nand a space if the array contains non-digit characters.\nThen, when executing sprintf(strbuf, \"%ux%ux8\", xres, yres);\nmore than 16 bytes will be written to strbuf.\nIt is suggested to increase the size of the strbuf array to 24.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50180" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/11c0d49093b82f6c547fd419c41a982d26bdf5ef", "url": "https://git.kernel.org/stable/c/11c0d49093b82f6c547fd419c41a982d26bdf5ef" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/252f147b1826cbb30ae0304cf86b66d3bb12b743", "url": "https://git.kernel.org/stable/c/252f147b1826cbb30ae0304cf86b66d3bb12b743" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/41cf6f26abe4f491b694c54bd1aa2530369b7510", "url": "https://git.kernel.org/stable/c/41cf6f26abe4f491b694c54bd1aa2530369b7510" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/433c84c8495008922534c5cafdae6ff970fb3241", "url": "https://git.kernel.org/stable/c/433c84c8495008922534c5cafdae6ff970fb3241" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/57c4f4db0a194416da237fd09dad9527e00cb587", "url": "https://git.kernel.org/stable/c/57c4f4db0a194416da237fd09dad9527e00cb587" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/688872c4ea4a528cd6a057d545c83506b533ee1f", "url": "https://git.kernel.org/stable/c/688872c4ea4a528cd6a057d545c83506b533ee1f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/889304120ecb2ca30674d89cd4ef15990b6a571c", "url": "https://git.kernel.org/stable/c/889304120ecb2ca30674d89cd4ef15990b6a571c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9cf14f5a2746c19455ce9cb44341b5527b5e19c3", "url": "https://git.kernel.org/stable/c/9cf14f5a2746c19455ce9cb44341b5527b5e19c3" } ], "release_date": "2024-11-08T06:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-49902", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: check if leafidx greater than num leaves per dmap tree\n\nsyzbot report a out of bounds in dbSplit, it because dmt_leafidx greater\nthan num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf.\n\nShaggy:\nModified sanity check to apply to control pages as well as leaf pages.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-49902" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/058aa89b3318be3d66a103ba7c68d717561e1dc6", "url": "https://git.kernel.org/stable/c/058aa89b3318be3d66a103ba7c68d717561e1dc6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2451e5917c56be45d4add786e2a059dd9c2c37c4", "url": "https://git.kernel.org/stable/c/2451e5917c56be45d4add786e2a059dd9c2c37c4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/25d2a3ff02f22e215ce53355619df10cc5faa7ab", "url": "https://git.kernel.org/stable/c/25d2a3ff02f22e215ce53355619df10cc5faa7ab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/35b91f15f44ce3c01eba058ccb864bb04743e792", "url": "https://git.kernel.org/stable/c/35b91f15f44ce3c01eba058ccb864bb04743e792" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4a7bf6a01fb441009a6698179a739957efd88e38", "url": "https://git.kernel.org/stable/c/4a7bf6a01fb441009a6698179a739957efd88e38" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7fff9a9f866e99931cf6fa260288e55d01626582", "url": "https://git.kernel.org/stable/c/7fff9a9f866e99931cf6fa260288e55d01626582" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cb0eb10558802764f07de1dc439c4609e27cb4f0", "url": "https://git.kernel.org/stable/c/cb0eb10558802764f07de1dc439c4609e27cb4f0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d64ff0d2306713ff084d4b09f84ed1a8c75ecc32", "url": "https://git.kernel.org/stable/c/d64ff0d2306713ff084d4b09f84ed1a8c75ecc32" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d76b9a4c283c7535ae7c7c9b14984e75402951e1", "url": "https://git.kernel.org/stable/c/d76b9a4c283c7535ae7c7c9b14984e75402951e1" } ], "release_date": "2024-10-21T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-50233", "cwe": { "id": "CWE-369", "name": "Divide By Zero" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()\n\nIn the ad9832_write_frequency() function, clk_get_rate() might return 0.\nThis can lead to a division by zero when calling ad9832_calc_freqreg().\nThe check if (fout > (clk_get_rate(st->mclk) / 2)) does not protect\nagainst the case when fout is 0. The ad9832_write_frequency() function\nis called from ad9832_write(), and fout is derived from a text buffer,\nwhich can contain any value.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50233" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2f39548f45693d86e950647012a214da6917dc9f", "url": "https://git.kernel.org/stable/c/2f39548f45693d86e950647012a214da6917dc9f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/442f786c5bff8cfd756ebdeaa4aadbf05c22aa5a", "url": "https://git.kernel.org/stable/c/442f786c5bff8cfd756ebdeaa4aadbf05c22aa5a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6bd301819f8f69331a55ae2336c8b111fc933f3d", "url": "https://git.kernel.org/stable/c/6bd301819f8f69331a55ae2336c8b111fc933f3d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/adfbc08b94e7df08b9ed5fa26b969cc1b54c84ec", "url": "https://git.kernel.org/stable/c/adfbc08b94e7df08b9ed5fa26b969cc1b54c84ec" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ccbc10647aafe2b7506edb4b10e19c6c2416c162", "url": "https://git.kernel.org/stable/c/ccbc10647aafe2b7506edb4b10e19c6c2416c162" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dd9e1cf619c945f320e686dcaf13e37ef0b05fdd", "url": "https://git.kernel.org/stable/c/dd9e1cf619c945f320e686dcaf13e37ef0b05fdd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fcd6b59f7a774558e2525251c68aa37aff748e55", "url": "https://git.kernel.org/stable/c/fcd6b59f7a774558e2525251c68aa37aff748e55" } ], "release_date": "2024-11-09T11:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-50143", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: fix uninit-value use in udf_get_fileshortad\n\nCheck for overflow when computing alen in udf_current_aext to mitigate\nlater uninit-value use in udf_get_fileshortad KMSAN bug[1].\nAfter applying the patch reproducer did not trigger any issue[2].\n\n[1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df\n[2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50143" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8", "url": "https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1", "url": "https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2", "url": "https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61", "url": "https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b", "url": "https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7", "url": "https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d", "url": "https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d" } ], "release_date": "2024-11-07T10:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2023-52522", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: fix possible store tearing in neigh_periodic_work()\nWhile looking at a related syzbot report involving neigh_periodic_work(),\nI found that I forgot to add an annotation when deleting an\nRCU protected item from a list.\nReaders use rcu_deference(*np), we need to use either\nrcu_assign_pointer() or WRITE_ONCE() on writer side\nto prevent store tearing.\nI use rcu_assign_pointer() to have lockdep support,\nthis was the choice made in neigh_flush_dev().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52522" } ], "release_date": "2024-03-02T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-53061", "cwe": { "id": "CWE-191", "name": "Integer Underflow (Wrap or Wraparound)" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: s5p-jpeg: prevent buffer overflows\n\nThe current logic allows word to be less than 2. If this happens,\nthere will be buffer overflows, as reported by smatch. Add extra\nchecks to prevent it.\n\nWhile here, remove an unused word = 0 assignment.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-53061" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a", "url": "https://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd", "url": "https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e", "url": "https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51", "url": "https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e", "url": "https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51", "url": "https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b", "url": "https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef", "url": "https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef" } ], "release_date": "2024-11-19T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-53239", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we're calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card's\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-53239" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0df7f4b5cc10f5adf98be0845372e9eef7bb5b09", "url": "https://git.kernel.org/stable/c/0df7f4b5cc10f5adf98be0845372e9eef7bb5b09" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/273eec23467dfbfbd0e4c10302579ba441fb1e13", "url": "https://git.kernel.org/stable/c/273eec23467dfbfbd0e4c10302579ba441fb1e13" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/57860a80f03f9dc69a34a5c37b0941ad032a0a8c", "url": "https://git.kernel.org/stable/c/57860a80f03f9dc69a34a5c37b0941ad032a0a8c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/74357d0b5cd3ef544752bc9f21cbeee4902fae6c", "url": "https://git.kernel.org/stable/c/74357d0b5cd3ef544752bc9f21cbeee4902fae6c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a0810c3d6dd2d29a9b92604d682eacd2902ce947", "url": "https://git.kernel.org/stable/c/a0810c3d6dd2d29a9b92604d682eacd2902ce947" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b754e831a94f82f2593af806741392903f359168", "url": "https://git.kernel.org/stable/c/b754e831a94f82f2593af806741392903f359168" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b889a7d68d7e76b8795b754a75c91a2d561d5e8c", "url": "https://git.kernel.org/stable/c/b889a7d68d7e76b8795b754a75c91a2d561d5e8c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ea8cc56db659cf0ae57073e32a4735ead7bd7ee3", "url": "https://git.kernel.org/stable/c/ea8cc56db659cf0ae57073e32a4735ead7bd7ee3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f2d06d4e129e2508e356136f99bb20a332ff1a00", "url": "https://git.kernel.org/stable/c/f2d06d4e129e2508e356136f99bb20a332ff1a00" } ], "release_date": "2024-12-27T14:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-50051", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: mpc52xx: Add cancel_work_sync before module remove\n\nIf we remove the module which will call mpc52xx_spi_remove\nit will free 'ms' through spi_unregister_controller.\nwhile the work ms->work will be used. The sequence of operations\nthat may lead to a UAF bug.\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in mpc52xx_spi_remove.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50051" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/373d55a47dc662e5e30d12ad5d334312f757c1f1", "url": "https://git.kernel.org/stable/c/373d55a47dc662e5e30d12ad5d334312f757c1f1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/90b72189de2cddacb26250579da0510b29a8b82b", "url": "https://git.kernel.org/stable/c/90b72189de2cddacb26250579da0510b29a8b82b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/984836621aad98802d92c4a3047114cf518074c8", "url": "https://git.kernel.org/stable/c/984836621aad98802d92c4a3047114cf518074c8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cd5106c77d6d6828aa82449f01f4eb436d602a21", "url": "https://git.kernel.org/stable/c/cd5106c77d6d6828aa82449f01f4eb436d602a21" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1", "url": "https://git.kernel.org/stable/c/d0cde3911cf24e1bcdd4caa1d1b9ef57589db5a1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e0c6ce8424095c2da32a063d3fc027494c689817", "url": "https://git.kernel.org/stable/c/e0c6ce8424095c2da32a063d3fc027494c689817" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59", "url": "https://git.kernel.org/stable/c/f65d85bc1ffd8a2c194bb2cd65e35ed3648ddd59" } ], "release_date": "2025-01-11T13:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-tools-4.4.0-272-tuxcare.els43-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-272.306.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-272.306.all", "Ubuntu-16:linux-modules-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.272.306.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-headers-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-272-tuxcare.els43-generic-0:4.4.0-272.306.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }