{
"document": {
"aggregate_severity": {
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "TuxCare License Agreement",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.",
"title": "Terms of Use"
},
{
"category": "details",
"text": "* Bionic update: upstream stable patchset 2022-04-13 (LP: #1968932) // CVE-\n url: https://ubuntu.com/security/CVE-2022-23041\n - xen/gnttab: fix gnttab_end_foreign_access() without page specified\n * Bionic update: upstream stable patchset 2023-01-20 (LP: #2003596) // CVE-\n url: https://ubuntu.com/security/CVE-2022-49850\n - nilfs2: fix deadlock in nilfs_count_free_blocks()\n * CVE-url: https://ubuntu.com/security/CVE-2024-42305\n - ext4: check dot and dotdot of dx_root before making dir indexed\n * CVE-url: https://ubuntu.com/security/CVE-2024-53168\n - sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n * CVE-url: https://ubuntu.com/security/CVE-2024-26915\n - drm/amdgpu: Add check to prevent IH overflow\n - drm/amdgpu: Reset IH OVERFLOW_CLEAR bit\n * CVE-url: https://ubuntu.com/security/CVE-2024-56770\n - net/sched: netem: account for backlog updates from child qdisc\n - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()\n * Bionic update: upstream stable patchset 2022-01-14 (LP: #1957957) // CVE-\n url: https://ubuntu.com/security/CVE-2021-47587\n - net: systemport: Add global locking for descriptor lifecycle\n * Bionic update: upstream stable patchset 2021-06-01 (LP: #1930472) // CVE-\n url: https://ubuntu.com/security/CVE-2021-46959\n - spi: Fix use-after-free with devm_spi_alloc_*\n * CVE-url: https://ubuntu.com/security/CVE-2024-26689\n - ceph: prevent use-after-free in encode_cap_msg()\n * CVE-url: https://ubuntu.com/security/CVE-2024-53066\n - nfs: Fix KMSAN warning in decode_getfattr_attrs()\n * CVE-url: https://ubuntu.com/security/CVE-2024-49944\n - sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start\n * CVE-url: https://ubuntu.com/security/CVE-2024-50237\n - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower\n * CVE-url: https://ubuntu.com/security/CVE-2024-46780\n - nilfs2: protect references to superblock parameters exposed in sysfs\n * CVE-url: https://ubuntu.com/security/CVE-2024-53063\n - media: dvbdev: prevent the risk of out of memory access\n - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set\n * CVE-url: https://ubuntu.com/security/CVE-2021-47150\n - net: fec: fix the potential memory leak in fec_enet_init()\n * CVE-url: https://ubuntu.com/security/CVE-2024-53140\n - netlink: terminate outstanding dump on socket close\n * CVE-url: https://ubuntu.com/security/CVE-2025-21971\n - net_sched: Prevent creation of classes with TC_H_ROOT\n * CVE-url: https://ubuntu.com/security/CVE-2023-52572\n - cifs: Fix UAF in cifs_demultiplex_thread()\n * CVE-url: https://ubuntu.com/security/CVE-2025-37785\n - ext4: fix OOB read when checking dotdot dir\n * Bionic update: upstream stable patchset 2021-07-14 (LP: #1936231) // CVE-\n url: https://ubuntu.com/security/CVE-2021-47277\n - kvm: avoid speculation-based attacks from out-of-range memslot accesses\n * CVE-url: https://ubuntu.com/security/CVE-2022-49740\n - wifi: brcmfmac: Check the count value of channel spec to prevent out-of-\n bounds reads\n * Bionic update: upstream stable patchset 2022-07-25 (LP: #1982782) // CVE-\n url: https://ubuntu.com/security/CVE-2022-49404\n - RDMA/hfi1: Fix potential integer multiplication overflow errors\n * Bionic update: upstream stable patchset 2023-03-03 (LP: #2009237) // CVE-\n url: https://ubuntu.com/security/CVE-2022-49757\n - EDAC/highbank: Fix memory leak in highbank_mc_probe()\n * Bionic update: upstream stable patchset 2022-07-25 (LP: #1982782) // CVE-\n url: https://ubuntu.com/security/CVE-2022-49395\n - um: Fix out-of-bounds read in LDT setup\n * CVE-url: https://ubuntu.com/security/CVE-2022-49738\n - f2fs: fix to do sanity check on summary info\n - f2fs: should put a page when checking the summary info\n - f2fs: fix to do sanity check on i_extra_isize in is_alive()\n * CVE-url: https://ubuntu.com/security/\n - ipv6: Define dscp_t and stop taking ECN bits into account in fib6-rules\n * CVE-url: https://ubuntu.com/security/CVE-2025-21891\n - ipvlan: ensure network headers are in skb linear part\n * CVE-url: https://ubuntu.com/security/CVE-2025-21969\n - Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n * CVE-url: https://ubuntu.com/security/CVE-2025-21957\n - scsi: qla1280: Fix kernel oops when debug level > 2\n * CVE-url: https://ubuntu.com/security/CVE-2025-21948\n - HID: appleir: Fix potential NULL dereference at raw event handle\n * Bionic update: upstream stable patchset 2023-04-05 (LP: #2015399) // CVE-\n url: https://ubuntu.com/security/CVE-2023-52989\n - firewire: fix memory leak for payload of request subaction to IEC 61883-1\n FCP region\n * Bionic update: upstream stable patchset 2023-04-05 (LP: #2015399) // CVE-\n url: https://ubuntu.com/security/CVE-2023-52932\n - mm/swapfile: add cond_resched() in get_swap_pages()\n * Bionic update: upstream stable patchset 2023-03-03 (LP: #2009237) // CVE-\n url: https://ubuntu.com/security/CVE-2023-53015\n - HID: betop: check shape of output reports\n * Bionic update: upstream stable patchset 2023-03-03 (LP: #2009237) // CVE-\n url: https://ubuntu.com/security/CVE-2023-52993\n - x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL\n * CVE-url: https://ubuntu.com/security/CVE-2025-21912\n - gpio: rcar: Use raw_spinlock to protect register access\n * CVE-url: https://ubuntu.com/security/CVE-2025-21922\n - ppp: Fix KMSAN uninit-value warning with bpf\n * CVE-url: https://ubuntu.com/security/CVE-2025-21959\n - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in\n insert_tree()\n * Bionic update: upstream stable patchset 2023-04-05 (LP: #2015399) // CVE-\n url: https://ubuntu.com/security/CVE-2023-52988\n - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()\n * CVE-url: https://ubuntu.com/security/CVE-2025-21996\n - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()\n * CVE-url: https://ubuntu.com/security/CVE-2025-21917\n - usb: renesas_usbhs: Flush the notify_hotplug_work\n * CVE-url: https://ubuntu.com/security/CVE-2023-53001\n - drm/drm_vma_manager: Add drm_vma_node_allow_once()\n * CVE-url: https://ubuntu.com/security/CVE-2025-21920\n - vlan: enforce underlying device type\n * CVE-url: https://ubuntu.com/security/CVE-2025-21904\n - caif_virtio: fix wrong pointer check in cfv_probe()\n * Bionic update: upstream stable patchset 2021-06-23 (LP: #1933375) // CVE-\n url: https://ubuntu.com/security/CVE-2021-47320\n - net: caif: added cfserl_release function\n - net: caif: add proper error handling\n - net: caif: fix memory leak in caif_device_notify\n * CVE-url: https://ubuntu.com/security/CVE-2021-47342\n - ext4: fix memory leak in ext4_fill_super\n - ext4: fix timer use-after-free on failed mount\n * Bionic update: upstream stable patchset 2021-08-03 (LP: #1938824) // CVE-\n url: https://ubuntu.com/security/CVE-2021-47320\n - nfs: fix acl memory leak of posix_acl_create()\n * Bionic update: upstream stable patchset 2022-01-14 (LP: #1957957) // CVE-\n url: https://ubuntu.com/security/CVE-2021-47602\n - mac80211: track only QoS data frames for admission control\n * CVE-url: https://ubuntu.com/security/CVE-2021-47328\n - scsi: iscsi: Fix conn use after free during resets\n * CVE-url: https://ubuntu.com/security/CVE-2025-21702\n - pfifo_tail_enqueue: Drop new packet when sch->limit == 0\n * CVE-url: https://ubuntu.com/security/CVE-2024-56658\n - net: defer final 'struct net' free in netns dismantle\n * CVE-url: https://ubuntu.com/security/CVE-2024-50265\n - ocfs2: remove entry once instead of null-ptr-dereference in\n ocfs2_xa_remove()\n * CVE-url: https://ubuntu.com/security/CVE-2024-46826\n - ELF: fix kernel.randomize_va_space double read\n * CVE-url: https://ubuntu.com/security/CVE-2025-21700\n - net: sched: Disallow replacing of child qdisc from one parent to another\n * CVE-url: https://ubuntu.com/security/CVE-2024-50167\n - be2net: fix potential memory leak in be_xmit()\n * CVE-url: https://ubuntu.com/security/CVE-2024-49952\n - netfilter: nf_tables: prevent nf_skb_duplicated corruption\n * CVE-url: https://ubuntu.com/security/CVE-2024-49948\n - net: add more sanity checks to qdisc_pkt_len_init()",
"title": "Details"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://tuxcare.com/contact/",
"name": "TuxCare",
"namespace": "https://tuxcare.com/"
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/advisories/2025/clsa-2025_1747430034.json"
},
{
"category": "self",
"summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747430034",
"url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747430034"
}
],
"tracking": {
"current_release_date": "2025-05-19T15:19:48Z",
"generator": {
"date": "2025-05-19T15:19:48Z",
"engine": {
"name": "pyCSAF"
}
},
"id": "CLSA-2025:1747430034",
"initial_release_date": "2025-05-16T21:13:56Z",
"revision_history": [
{
"date": "2025-05-16T21:13:56Z",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-19T15:19:48Z",
"number": "2",
"summary": "Official Publication"
}
],
"status": "final",
"version": "2"
},
"title": "Fix of 54 CVEs"
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu 16.04",
"product": {
"name": "Ubuntu 16.04",
"product_id": "Ubuntu-16",
"product_identification_helper": {
"cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Ubuntu"
}
],
"category": "vendor",
"name": "Canonical Ltd."
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "linux-libc-dev-0:4.4.0-274.308.amd64",
"product": {
"name": "linux-libc-dev-0:4.4.0-274.308.amd64",
"product_id": "linux-libc-dev-0:4.4.0-274.308.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-libc-dev@4.4.0-274.308?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"product": {
"name": "linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"product_id": "linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-cloud-tools-4.4.0-274-tuxcare.els45-generic@4.4.0-274.308?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-tools-generic-0:4.4.0.274.308.amd64",
"product": {
"name": "linux-tools-generic-0:4.4.0.274.308.amd64",
"product_id": "linux-tools-generic-0:4.4.0.274.308.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-tools-generic@4.4.0.274.308?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-image-lowlatency-0:4.4.0.274.308.amd64",
"product": {
"name": "linux-image-lowlatency-0:4.4.0.274.308.amd64",
"product_id": "linux-image-lowlatency-0:4.4.0.274.308.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-image-lowlatency@4.4.0.274.308?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-lowlatency-0:4.4.0.274.308.amd64",
"product": {
"name": "linux-lowlatency-0:4.4.0.274.308.amd64",
"product_id": "linux-lowlatency-0:4.4.0.274.308.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-lowlatency@4.4.0.274.308?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"product": {
"name": "linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"product_id": "linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-headers-lowlatency@4.4.0.274.308?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"product": {
"name": "linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"product_id": "linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency@4.4.0-274.308?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-tools-lowlatency-0:4.4.0.274.308.amd64",
"product": {
"name": "linux-tools-lowlatency-0:4.4.0.274.308.amd64",
"product_id": "linux-tools-lowlatency-0:4.4.0.274.308.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-tools-lowlatency@4.4.0.274.308?arch=amd64"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "linux-tools-host-0:4.4.0-274.308.all",
"product": {
"name": "linux-tools-host-0:4.4.0-274.308.all",
"product_id": "linux-tools-host-0:4.4.0-274.308.all",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-tools-host@4.4.0-274.308?arch=all"
}
}
},
{
"category": "product_version",
"name": "linux-source-4.4.0-0:4.4.0-274.308.all",
"product": {
"name": "linux-source-4.4.0-0:4.4.0-274.308.all",
"product_id": "linux-source-4.4.0-0:4.4.0-274.308.all",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-source-4.4.0@4.4.0-274.308?arch=all"
}
}
}
],
"category": "architecture",
"name": "all"
}
],
"category": "vendor",
"name": "CloudLinux"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-libc-dev-0:4.4.0-274.308.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64"
},
"product_reference": "linux-libc-dev-0:4.4.0-274.308.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64"
},
"product_reference": "linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-tools-host-0:4.4.0-274.308.all as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all"
},
"product_reference": "linux-tools-host-0:4.4.0-274.308.all",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-tools-generic-0:4.4.0.274.308.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64"
},
"product_reference": "linux-tools-generic-0:4.4.0.274.308.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-source-4.4.0-0:4.4.0-274.308.all as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all"
},
"product_reference": "linux-source-4.4.0-0:4.4.0-274.308.all",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-image-lowlatency-0:4.4.0.274.308.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64"
},
"product_reference": "linux-image-lowlatency-0:4.4.0.274.308.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-lowlatency-0:4.4.0.274.308.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64"
},
"product_reference": "linux-lowlatency-0:4.4.0.274.308.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-headers-lowlatency-0:4.4.0.274.308.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64"
},
"product_reference": "linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64"
},
"product_reference": "linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-tools-lowlatency-0:4.4.0.274.308.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
},
"product_reference": "linux-tools-lowlatency-0:4.4.0.274.308.amd64",
"relates_to_product_reference": "Ubuntu-16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-47277",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkvm: avoid speculation-based attacks from out-of-range memslot accesses\n\nKVM's mechanism for accessing guest memory translates a guest physical\naddress (gpa) to a host virtual address using the right-shifted gpa\n(also known as gfn) and a struct kvm_memory_slot. The translation is\nperformed in __gfn_to_hva_memslot using the following formula:\n\n hva = slot->userspace_addr + (gfn - slot->base_gfn) * PAGE_SIZE\n\nIt is expected that gfn falls within the boundaries of the guest's\nphysical memory. However, a guest can access invalid physical addresses\nin such a way that the gfn is invalid.\n\n__gfn_to_hva_memslot is called from kvm_vcpu_gfn_to_hva_prot, which first\nretrieves a memslot through __gfn_to_memslot. While __gfn_to_memslot\ndoes check that the gfn falls within the boundaries of the guest's\nphysical memory or not, a CPU can speculate the result of the check and\ncontinue execution speculatively using an illegal gfn. The speculation\ncan result in calculating an out-of-bounds hva. If the resulting host\nvirtual address is used to load another guest physical address, this\nis effectively a Spectre gadget consisting of two consecutive reads,\nthe second of which is data dependent on the first.\n\nRight now it's not clear if there are any cases in which this is\nexploitable. One interesting case was reported by the original author\nof this patch, and involves visiting guest page tables on x86. Right\nnow these are not vulnerable because the hva read goes through get_user(),\nwhich contains an LFENCE speculation barrier. However, there are\npatches in progress for x86 uaccess.h to mask kernel addresses instead of\nusing LFENCE; once these land, a guest could use speculation to read\nfrom the VMM's ring 3 address space. Other architectures such as ARM\nalready use the address masking method, and would be susceptible to\nthis same kind of data-dependent access gadgets. Therefore, this patch\nproactively protects from these attacks by masking out-of-bounds gfns\nin __gfn_to_hva_memslot, which blocks speculation of invalid hvas.\n\nSean Christopherson noted that this patch does not cover\nkvm_read_guest_offset_cached. This however is limited to a few bytes\npast the end of the cache, and therefore it is unlikely to be useful in\nthe context of building a chain of data dependent accesses.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2021-47277"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/22b87fb17a28d37331bb9c1110737627b17f6781",
"url": "https://git.kernel.org/stable/c/22b87fb17a28d37331bb9c1110737627b17f6781"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3098b86390a6b9ea52657689f08410baf130ceff",
"url": "https://git.kernel.org/stable/c/3098b86390a6b9ea52657689f08410baf130ceff"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/361ce3b917aff93123e9e966d8608655c967f438",
"url": "https://git.kernel.org/stable/c/361ce3b917aff93123e9e966d8608655c967f438"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/740621309b25bbf619b8a0ba5fd50a8e58989441",
"url": "https://git.kernel.org/stable/c/740621309b25bbf619b8a0ba5fd50a8e58989441"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7af299b97734c7e7f465b42a2139ce4d77246975",
"url": "https://git.kernel.org/stable/c/7af299b97734c7e7f465b42a2139ce4d77246975"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/bff1fbf0cf0712686f1df59a83fba6e31d2746a0",
"url": "https://git.kernel.org/stable/c/bff1fbf0cf0712686f1df59a83fba6e31d2746a0"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/da27a83fd6cc7780fea190e1f5c19e87019da65c",
"url": "https://git.kernel.org/stable/c/da27a83fd6cc7780fea190e1f5c19e87019da65c"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ed0e2a893092c7fcb4ff7ba74e5efce53a6f5940",
"url": "https://git.kernel.org/stable/c/ed0e2a893092c7fcb4ff7ba74e5efce53a6f5940"
}
],
"release_date": "2024-05-21T15:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2023-52932",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/swapfile: add cond_resched() in get_swap_pages()\n\nThe softlockup still occurs in get_swap_pages() under memory pressure. 64\nCPU cores, 64GB memory, and 28 zram devices, the disksize of each zram\ndevice is 50MB with same priority as si. Use the stress-ng tool to\nincrease memory pressure, causing the system to oom frequently.\n\nThe plist_for_each_entry_safe() loops in get_swap_pages() could reach tens\nof thousands of times to find available space (extreme case:\ncond_resched() is not called in scan_swap_map_slots()). Let's add\ncond_resched() into get_swap_pages() when failed to find available space\nto avoid softlockup.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2023-52932"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/29f0349c5c76b627fe06b87d4b13fa03a6ce8e64",
"url": "https://git.kernel.org/stable/c/29f0349c5c76b627fe06b87d4b13fa03a6ce8e64"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/30187be29052bba9203b0ae2bdd815e0bc2faaab",
"url": "https://git.kernel.org/stable/c/30187be29052bba9203b0ae2bdd815e0bc2faaab"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/387217b97e99699c34e6d95ce2b91b327fcd853e",
"url": "https://git.kernel.org/stable/c/387217b97e99699c34e6d95ce2b91b327fcd853e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/49178d4d61e78aed8c837dfeea8a450700f196e2",
"url": "https://git.kernel.org/stable/c/49178d4d61e78aed8c837dfeea8a450700f196e2"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5dbe1ebd56470d03b78fc31491a9e4d433106ef2",
"url": "https://git.kernel.org/stable/c/5dbe1ebd56470d03b78fc31491a9e4d433106ef2"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7717fc1a12f88701573f9ed897cc4f6699c661e3",
"url": "https://git.kernel.org/stable/c/7717fc1a12f88701573f9ed897cc4f6699c661e3"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d49c85a1913385eed46dd16a25ad0928253767f0",
"url": "https://git.kernel.org/stable/c/d49c85a1913385eed46dd16a25ad0928253767f0"
}
],
"release_date": "2025-03-27T17:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-56658",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final 'struct net' free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net->xfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst->ops->destroy)\n dst->ops->destroy(dst);\n\ndst->ops points to the old net->xfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the 'struct net' to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \n \nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-56658"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0f6ede9fbc747e2553612271bce108f7517e7a45",
"url": "https://git.kernel.org/stable/c/0f6ede9fbc747e2553612271bce108f7517e7a45"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3267b254dc0a04dfa362a2be24573cfa6d2d78f5",
"url": "https://git.kernel.org/stable/c/3267b254dc0a04dfa362a2be24573cfa6d2d78f5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/6610c7f8a8d47fd1123eed55ba8c11c2444d8842",
"url": "https://git.kernel.org/stable/c/6610c7f8a8d47fd1123eed55ba8c11c2444d8842"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b7a79e51297f7b82adb687086f5cb2da446f1e40",
"url": "https://git.kernel.org/stable/c/b7a79e51297f7b82adb687086f5cb2da446f1e40"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c261dcd61c9e88a8f1a66654354d32295a975230",
"url": "https://git.kernel.org/stable/c/c261dcd61c9e88a8f1a66654354d32295a975230"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/dac465986a4a38cd2f13e934f562b6ca344e5720",
"url": "https://git.kernel.org/stable/c/dac465986a4a38cd2f13e934f562b6ca344e5720"
}
],
"release_date": "2024-12-27T15:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2024-49944",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start\n\nIn sctp_listen_start() invoked by sctp_inet_listen(), it should set the\nsk_state back to CLOSED if sctp_autobind() fails due to whatever reason.\n\nOtherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)->reuse\nis already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash will\nbe dereferenced as sk_state is LISTENING, which causes a crash as bind_hash\nis NULL.\n\n KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617\n Call Trace:\n \n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-49944"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0e4e2e60556c6ed00e8450b720f106a268d23062",
"url": "https://git.kernel.org/stable/c/0e4e2e60556c6ed00e8450b720f106a268d23062"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7f64cb5b4d8c872296eda0fdce3bcf099eec7aa7",
"url": "https://git.kernel.org/stable/c/7f64cb5b4d8c872296eda0fdce3bcf099eec7aa7"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/89bbead9d897c77d0b566349c8643030ff2abeba",
"url": "https://git.kernel.org/stable/c/89bbead9d897c77d0b566349c8643030ff2abeba"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/8beee4d8dee76b67c75dc91fd8185d91e845c160",
"url": "https://git.kernel.org/stable/c/8beee4d8dee76b67c75dc91fd8185d91e845c160"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9230a59eda0878d7ecaa901d876aec76f57bd455",
"url": "https://git.kernel.org/stable/c/9230a59eda0878d7ecaa901d876aec76f57bd455"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/dd70c8a89ef99c3d53127fe19e51ef47c3f860fa",
"url": "https://git.kernel.org/stable/c/dd70c8a89ef99c3d53127fe19e51ef47c3f860fa"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e7a8442195e8ebd97df467ce4742980ab57edcce",
"url": "https://git.kernel.org/stable/c/e7a8442195e8ebd97df467ce4742980ab57edcce"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e914bf68dab88815a7ae7b7a3a5e8913c8ff14a5",
"url": "https://git.kernel.org/stable/c/e914bf68dab88815a7ae7b7a3a5e8913c8ff14a5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f032e1dac30b3376c7d6026fb01a8c403c47a80d",
"url": "https://git.kernel.org/stable/c/f032e1dac30b3376c7d6026fb01a8c403c47a80d"
}
],
"release_date": "2024-10-21T18:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2022-49740",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads\n\nThis patch fixes slab-out-of-bounds reads in brcmfmac that occur in\nbrcmf_construct_chaninfo() and brcmf_enable_bw40_2g() when the count\nvalue of channel specifications provided by the device is greater than\nthe length of 'list->element[]', decided by the size of the 'list'\nallocated with kzalloc(). The patch adds checks that make the functions\nfree the buffer and return -EINVAL if that is the case. Note that the\nnegative return is handled by the caller, brcmf_setup_wiphybands() or\nbrcmf_cfg80211_attach().\n\nFound by a modified version of syzkaller.\n\nCrash Report from brcmf_construct_chaninfo():\n==================================================================\nBUG: KASAN: slab-out-of-bounds in brcmf_setup_wiphybands+0x1238/0x1430\nRead of size 4 at addr ffff888115f24600 by task kworker/0:2/1896\n\nCPU: 0 PID: 1896 Comm: kworker/0:2 Tainted: G W O 5.14.0+ #132\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n dump_stack_lvl+0x57/0x7d\n print_address_description.constprop.0.cold+0x93/0x334\n kasan_report.cold+0x83/0xdf\n brcmf_setup_wiphybands+0x1238/0x1430\n brcmf_cfg80211_attach+0x2118/0x3fd0\n brcmf_attach+0x389/0xd40\n brcmf_usb_probe+0x12de/0x1690\n usb_probe_interface+0x25f/0x710\n really_probe+0x1be/0xa90\n __driver_probe_device+0x2ab/0x460\n driver_probe_device+0x49/0x120\n __device_attach_driver+0x18a/0x250\n bus_for_each_drv+0x123/0x1a0\n __device_attach+0x207/0x330\n bus_probe_device+0x1a2/0x260\n device_add+0xa61/0x1ce0\n usb_set_configuration+0x984/0x1770\n usb_generic_driver_probe+0x69/0x90\n usb_probe_device+0x9c/0x220\n really_probe+0x1be/0xa90\n __driver_probe_device+0x2ab/0x460\n driver_probe_device+0x49/0x120\n __device_attach_driver+0x18a/0x250\n bus_for_each_drv+0x123/0x1a0\n __device_attach+0x207/0x330\n bus_probe_device+0x1a2/0x260\n device_add+0xa61/0x1ce0\n usb_new_device.cold+0x463/0xf66\n hub_event+0x10d5/0x3330\n process_one_work+0x873/0x13e0\n worker_thread+0x8b/0xd10\n kthread+0x379/0x450\n ret_from_fork+0x1f/0x30\n\nAllocated by task 1896:\n kasan_save_stack+0x1b/0x40\n __kasan_kmalloc+0x7c/0x90\n kmem_cache_alloc_trace+0x19e/0x330\n brcmf_setup_wiphybands+0x290/0x1430\n brcmf_cfg80211_attach+0x2118/0x3fd0\n brcmf_attach+0x389/0xd40\n brcmf_usb_probe+0x12de/0x1690\n usb_probe_interface+0x25f/0x710\n really_probe+0x1be/0xa90\n __driver_probe_device+0x2ab/0x460\n driver_probe_device+0x49/0x120\n __device_attach_driver+0x18a/0x250\n bus_for_each_drv+0x123/0x1a0\n __device_attach+0x207/0x330\n bus_probe_device+0x1a2/0x260\n device_add+0xa61/0x1ce0\n usb_set_configuration+0x984/0x1770\n usb_generic_driver_probe+0x69/0x90\n usb_probe_device+0x9c/0x220\n really_probe+0x1be/0xa90\n __driver_probe_device+0x2ab/0x460\n driver_probe_device+0x49/0x120\n __device_attach_driver+0x18a/0x250\n bus_for_each_drv+0x123/0x1a0\n __device_attach+0x207/0x330\n bus_probe_device+0x1a2/0x260\n device_add+0xa61/0x1ce0\n usb_new_device.cold+0x463/0xf66\n hub_event+0x10d5/0x3330\n process_one_work+0x873/0x13e0\n worker_thread+0x8b/0xd10\n kthread+0x379/0x450\n ret_from_fork+0x1f/0x30\n\nThe buggy address belongs to the object at ffff888115f24000\n which belongs to the cache kmalloc-2k of size 2048\nThe buggy address is located 1536 bytes inside of\n 2048-byte region [ffff888115f24000, ffff888115f24800)\n\nMemory state around the buggy address:\n ffff888115f24500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888115f24580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n>ffff888115f24600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ^\n ffff888115f24680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffff888115f24700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n==================================================================\n\nCrash Report from brcmf_enable_bw40_2g():\n==========\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-49740"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/4920ab131b2dbae7464b72bdcac465d070254209",
"url": "https://git.kernel.org/stable/c/4920ab131b2dbae7464b72bdcac465d070254209"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9cf5e99c1ae1a85286a76c9a970202750538394c",
"url": "https://git.kernel.org/stable/c/9cf5e99c1ae1a85286a76c9a970202750538394c"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b2e412879595821ff1b5545cbed5f108fba7f5b6",
"url": "https://git.kernel.org/stable/c/b2e412879595821ff1b5545cbed5f108fba7f5b6"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e4991910f15013db72f6ec0db7038ea67a57052e",
"url": "https://git.kernel.org/stable/c/e4991910f15013db72f6ec0db7038ea67a57052e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f06de1bb6d61f0c18b0213bbc6298960037f9d42",
"url": "https://git.kernel.org/stable/c/f06de1bb6d61f0c18b0213bbc6298960037f9d42"
}
],
"release_date": "2025-03-27T17:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2023-53001",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drm_vma_manager: Add drm_vma_node_allow_once()\n\nCurrently there is no easy way for a drm driver to safely check and allow\ndrm_vma_offset_node for a drm file just once. Allow drm drivers to call\nnon-refcounted version of drm_vma_node_allow() so that a driver doesn't\nneed to keep track of each drm_vma_node_allow() to call subsequent\ndrm_vma_node_revoke() to prevent memory leak.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2023-53001"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/67444f8ca31cdaf45e0b761241ad49b1ae04bcf9",
"url": "https://git.kernel.org/stable/c/67444f8ca31cdaf45e0b761241ad49b1ae04bcf9"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/899d3a3c19ac0e5da013ce34833dccb97d19b5e4",
"url": "https://git.kernel.org/stable/c/899d3a3c19ac0e5da013ce34833dccb97d19b5e4"
}
],
"release_date": "2025-03-27T17:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2025-21969",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n\nAfter the hci sync command releases l2cap_conn, the hci receive data work\nqueue references the released l2cap_conn when sending to the upper layer.\nAdd hci dev lock to the hci receive data work queue to synchronize the two.\n\n[1]\nBUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\nRead of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837\n\nCPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci1 hci_rx_work\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline]\n l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\n l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline]\n l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817\n hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline]\n hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \n\nAllocated by task 5837:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860\n l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726\n hci_event_func net/bluetooth/hci_event.c:7473 [inline]\n hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525\n hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nFreed by task 54:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266\n hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21969"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7790a79c6fce8d5d552bc64f5c82819f719e4f28",
"url": "https://git.kernel.org/stable/c/7790a79c6fce8d5d552bc64f5c82819f719e4f28"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b4f82f9ed43aefa79bec2504ae8c29be0c0f5d1d",
"url": "https://git.kernel.org/stable/c/b4f82f9ed43aefa79bec2504ae8c29be0c0f5d1d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c96cce853542b3b13da3738f35ef1be8cfcc9d1d",
"url": "https://git.kernel.org/stable/c/c96cce853542b3b13da3738f35ef1be8cfcc9d1d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f8094625a591eeb0b75b1bd9e713fac1d93f5ca9",
"url": "https://git.kernel.org/stable/c/f8094625a591eeb0b75b1bd9e713fac1d93f5ca9"
}
],
"release_date": "2025-04-01T16:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-21912",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: rcar: Use raw_spinlock to protect register access\n\nUse raw_spinlock in order to fix spurious messages about invalid context\nwhen spinlock debugging is enabled. The lock is only used to serialize\nregister access.\n\n [ 4.239592] =============================\n [ 4.239595] [ BUG: Invalid wait context ]\n [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted\n [ 4.239603] -----------------------------\n [ 4.239606] kworker/u8:5/76 is trying to lock:\n [ 4.239609] ffff0000091898a0 (&p->lock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.239641] other info that might help us debug this:\n [ 4.239643] context-{5:5}\n [ 4.239646] 5 locks held by kworker/u8:5/76:\n [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c\n [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property 'frame-master' with a value.\n [ 4.254094] #1: ffff80008299bd80 ((work_completion)(&entry->work)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c\n [ 4.254109] #2: ffff00000920c8f8\n [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'bitclock-master' with a value.\n [ 4.264803] (&dev->mutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc\n [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690\n [ 4.264840] #4:\n [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'frame-master' with a value.\n [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690\n [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz\n [ 4.304082] stack backtrace:\n [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35\n [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT)\n [ 4.304097] Workqueue: async async_run_entry_fn\n [ 4.304106] Call trace:\n [ 4.304110] show_stack+0x14/0x20 (C)\n [ 4.304122] dump_stack_lvl+0x6c/0x90\n [ 4.304131] dump_stack+0x14/0x1c\n [ 4.304138] __lock_acquire+0xdfc/0x1584\n [ 4.426274] lock_acquire+0x1c4/0x33c\n [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80\n [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8\n [ 4.444422] __irq_set_trigger+0x5c/0x178\n [ 4.448435] __setup_irq+0x2e4/0x690\n [ 4.452012] request_threaded_irq+0xc4/0x190\n [ 4.456285] devm_request_threaded_irq+0x7c/0xf4\n [ 4.459398] ata1: link resume succeeded after 1 retries\n [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0\n [ 4.470660] mmc_start_host+0x50/0xac\n [ 4.474327] mmc_add_host+0x80/0xe4\n [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440\n [ 4.482094] renesas_sdhi_probe+0x488/0x6f4\n [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78\n [ 4.491509] platform_probe+0x64/0xd8\n [ 4.495178] really_probe+0xb8/0x2a8\n [ 4.498756] __driver_probe_device+0x74/0x118\n [ 4.503116] driver_probe_device+0x3c/0x154\n [ 4.507303] __device_attach_driver+0xd4/0x160\n [ 4.511750] bus_for_each_drv+0x84/0xe0\n [ 4.515588] __device_attach_async_helper+0xb0/0xdc\n [ 4.520470] async_run_entry_fn+0x30/0xd8\n [ 4.524481] process_one_work+0x210/0x62c\n [ 4.528494] worker_thread+0x1ac/0x340\n [ 4.532245] kthread+0x10c/0x110\n [ 4.535476] ret_from_fork+0x10/0x20",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21912"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3e300913c42041e81c5b17a970c4e078086ff2d1",
"url": "https://git.kernel.org/stable/c/3e300913c42041e81c5b17a970c4e078086ff2d1"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/51ef3073493e2a25dced05fdd59dfb059e7e284d",
"url": "https://git.kernel.org/stable/c/51ef3073493e2a25dced05fdd59dfb059e7e284d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7c1f36f9c9aca507d317479a3d3388150ae40a87",
"url": "https://git.kernel.org/stable/c/7c1f36f9c9aca507d317479a3d3388150ae40a87"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b42c84f9e4ec5bc2885e7fd80c79ec0352f5d2af",
"url": "https://git.kernel.org/stable/c/b42c84f9e4ec5bc2885e7fd80c79ec0352f5d2af"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c10365031f16514a29c812cd909085a6e4ea4b61",
"url": "https://git.kernel.org/stable/c/c10365031f16514a29c812cd909085a6e4ea4b61"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f02c41f87cfe61440c18bf77d1ef0a884b9ee2b5",
"url": "https://git.kernel.org/stable/c/f02c41f87cfe61440c18bf77d1ef0a884b9ee2b5"
}
],
"release_date": "2025-04-01T16:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2022-49738",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on i_extra_isize in is_alive()\n\nsyzbot found a f2fs bug:\n\nBUG: KASAN: slab-out-of-bounds in data_blkaddr fs/f2fs/f2fs.h:2891 [inline]\nBUG: KASAN: slab-out-of-bounds in is_alive fs/f2fs/gc.c:1117 [inline]\nBUG: KASAN: slab-out-of-bounds in gc_data_segment fs/f2fs/gc.c:1520 [inline]\nBUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734\nRead of size 4 at addr ffff888076557568 by task kworker/u4:3/52\n\nCPU: 1 PID: 52 Comm: kworker/u4:3 Not tainted 6.1.0-rc4-syzkaller-00362-gfef7fd48922d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nWorkqueue: writeback wb_workfn (flush-7:0)\nCall Trace:\n\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:284 [inline]\nprint_report+0x15e/0x45d mm/kasan/report.c:395\nkasan_report+0xbb/0x1f0 mm/kasan/report.c:495\ndata_blkaddr fs/f2fs/f2fs.h:2891 [inline]\nis_alive fs/f2fs/gc.c:1117 [inline]\ngc_data_segment fs/f2fs/gc.c:1520 [inline]\ndo_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734\nf2fs_gc+0x88c/0x20a0 fs/f2fs/gc.c:1831\nf2fs_balance_fs+0x544/0x6b0 fs/f2fs/segment.c:410\nf2fs_write_inode+0x57e/0xe20 fs/f2fs/inode.c:753\nwrite_inode fs/fs-writeback.c:1440 [inline]\n__writeback_single_inode+0xcfc/0x1440 fs/fs-writeback.c:1652\nwriteback_sb_inodes+0x54d/0xf90 fs/fs-writeback.c:1870\nwb_writeback+0x2c5/0xd70 fs/fs-writeback.c:2044\nwb_do_writeback fs/fs-writeback.c:2187 [inline]\nwb_workfn+0x2dc/0x12f0 fs/fs-writeback.c:2227\nprocess_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\nworker_thread+0x665/0x1080 kernel/workqueue.c:2436\nkthread+0x2e4/0x3a0 kernel/kthread.c:376\nret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n\nThe root cause is that we forgot to do sanity check on .i_extra_isize\nin below path, result in accessing invalid address later, fix it.\n- gc_data_segment\n - is_alive\n - data_blkaddr\n - offset_in_addr",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2022-49738"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5b25035fb888cb2f78bf0b9c9f95b1dc54480d36",
"url": "https://git.kernel.org/stable/c/5b25035fb888cb2f78bf0b9c9f95b1dc54480d36"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/914e38f02a490dafd980ff0f39cccedc074deb29",
"url": "https://git.kernel.org/stable/c/914e38f02a490dafd980ff0f39cccedc074deb29"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/97ccfffcc061e54ce87e4a51a40e2e9cb0b7076a",
"url": "https://git.kernel.org/stable/c/97ccfffcc061e54ce87e4a51a40e2e9cb0b7076a"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d3b7b4afd6b2c344eabf9cc26b8bfa903c164c7c",
"url": "https://git.kernel.org/stable/c/d3b7b4afd6b2c344eabf9cc26b8bfa903c164c7c"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e5142a4935c1f15841d06047b8130078fc4d7b8f",
"url": "https://git.kernel.org/stable/c/e5142a4935c1f15841d06047b8130078fc4d7b8f"
}
],
"release_date": "2025-03-27T17:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-21904",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncaif_virtio: fix wrong pointer check in cfv_probe()\n\ndel_vqs() frees virtqueues, therefore cfv->vq_tx pointer should be checked\nfor NULL before calling it, not cfv->vdev. Also the current implementation\nis redundant because the pointer cfv->vdev is dereferenced before it is\nchecked for NULL.\n\nFix this by checking cfv->vq_tx for NULL instead of cfv->vdev before\ncalling del_vqs().",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21904"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/29e0cd296c87240278e2f7ea4cf3f496b60c03af",
"url": "https://git.kernel.org/stable/c/29e0cd296c87240278e2f7ea4cf3f496b60c03af"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/56cddf71cce3b15b078e937fadab29962b6f6643",
"url": "https://git.kernel.org/stable/c/56cddf71cce3b15b078e937fadab29962b6f6643"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/597c27e5f04cb50e56cc9aeda75d3e42b6b89c3e",
"url": "https://git.kernel.org/stable/c/597c27e5f04cb50e56cc9aeda75d3e42b6b89c3e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7b5fe58959822e6cfa884327cabba6be3b01883d",
"url": "https://git.kernel.org/stable/c/7b5fe58959822e6cfa884327cabba6be3b01883d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/8e4e08ca4cc634b337bb74bc9a70758fdeda0bcb",
"url": "https://git.kernel.org/stable/c/8e4e08ca4cc634b337bb74bc9a70758fdeda0bcb"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/90d302619ee7ce5ed0c69c29c290bdccfde66418",
"url": "https://git.kernel.org/stable/c/90d302619ee7ce5ed0c69c29c290bdccfde66418"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/990fff6980d0c1693d60a812f58dbf93eab0473f",
"url": "https://git.kernel.org/stable/c/990fff6980d0c1693d60a812f58dbf93eab0473f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a466fd7e9fafd975949e5945e2f70c33a94b1a70",
"url": "https://git.kernel.org/stable/c/a466fd7e9fafd975949e5945e2f70c33a94b1a70"
}
],
"release_date": "2025-04-01T16:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-libc-dev-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-274-tuxcare.els45-generic-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-274.308.all",
"Ubuntu-16:linux-tools-generic-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-274.308.all",
"Ubuntu-16:linux-image-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-headers-lowlatency-0:4.4.0.274.308.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-274-tuxcare.els45-lowlatency-0:4.4.0-274.308.amd64",
"Ubuntu-16:linux-tools-lowlatency-0:4.4.0.274.308.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
}
]
}