{
"document": {
"aggregate_severity": {
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "TuxCare License Agreement",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.",
"title": "Terms of Use"
},
{
"category": "details",
"text": "* CVE-url: https://ubuntu.com/security/CVE-2024-57896\n - btrfs: flush delalloc workers queue before stopping cleaner kthread during\n unmount\n * CVE-url: https://ubuntu.com/security/CVE-2024-56551\n - drm/amdgpu: fix usage slab after free\n * CVE-url: https://ubuntu.com/security/CVE-2021-47211\n - ALSA: usb-audio: fix null pointer dereference on pointer cs_desc\n * CVE-url: https://ubuntu.com/security/CVE-2024-56661\n - tipc: fix NULL deref in cleanup_bearer()\n * CVE-url: https://ubuntu.com/security/CVE-2024-56642\n - tipc: Fix use-after-free of kernel socket in cleanup_bearer().\n * CVE-url: https://ubuntu.com/security/CVE-2021-47163\n - tipc: wait and exit until all work queues are done\n * Miscellaneous upstream changes\n - Revert \"block: add check that partition length needs to be aligned with\n block size\"",
"title": "Details"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://tuxcare.com/contact/",
"name": "TuxCare",
"namespace": "https://tuxcare.com/"
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/advisories/2025/clsa-2025_1749548218.json"
},
{
"category": "self",
"summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1749548218",
"url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1749548218"
}
],
"tracking": {
"current_release_date": "2025-06-10T09:38:30Z",
"generator": {
"date": "2025-06-10T09:38:30Z",
"engine": {
"name": "pyCSAF"
}
},
"id": "CLSA-2025:1749548218",
"initial_release_date": "2025-06-10T09:38:30Z",
"revision_history": [
{
"date": "2025-06-10T09:38:30Z",
"number": "1",
"summary": "Initial version"
}
],
"status": "final",
"version": "1"
},
"title": "Fix of 6 CVEs"
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu 16.04",
"product": {
"name": "Ubuntu 16.04",
"product_id": "Ubuntu-16",
"product_identification_helper": {
"cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Ubuntu"
}
],
"category": "vendor",
"name": "Canonical Ltd."
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"product": {
"name": "linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"product_id": "linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-tools-4.4.0-275-tuxcare.els46@4.4.0-275.309?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-libc-dev-0:4.4.0-275.309.amd64",
"product": {
"name": "linux-libc-dev-0:4.4.0-275.309.amd64",
"product_id": "linux-libc-dev-0:4.4.0-275.309.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-libc-dev@4.4.0-275.309?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"product": {
"name": "linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"product_id": "linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-tools-4.4.0-275-tuxcare.els46-lowlatency@4.4.0-275.309?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"product": {
"name": "linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"product_id": "linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-modules-4.4.0-275-tuxcare.els46-generic@4.4.0-275.309?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"product": {
"name": "linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"product_id": "linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-modules-extra-4.4.0-275-tuxcare.els46-generic@4.4.0-275.309?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"product": {
"name": "linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"product_id": "linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-headers-4.4.0-275-tuxcare.els46-lowlatency@4.4.0-275.309?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"product": {
"name": "linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"product_id": "linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency@4.4.0-275.309?arch=amd64"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "linux-tools-host-0:4.4.0-275.309.all",
"product": {
"name": "linux-tools-host-0:4.4.0-275.309.all",
"product_id": "linux-tools-host-0:4.4.0-275.309.all",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-tools-host@4.4.0-275.309?arch=all"
}
}
},
{
"category": "product_version",
"name": "linux-source-4.4.0-0:4.4.0-275.309.all",
"product": {
"name": "linux-source-4.4.0-0:4.4.0-275.309.all",
"product_id": "linux-source-4.4.0-0:4.4.0-275.309.all",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-source-4.4.0@4.4.0-275.309?arch=all"
}
}
},
{
"category": "product_version",
"name": "linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"product": {
"name": "linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"product_id": "linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-headers-4.4.0-275-tuxcare.els46@4.4.0-275.309?arch=all"
}
}
}
],
"category": "architecture",
"name": "all"
}
],
"category": "vendor",
"name": "CloudLinux"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64"
},
"product_reference": "linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-libc-dev-0:4.4.0-275.309.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64"
},
"product_reference": "linux-libc-dev-0:4.4.0-275.309.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
},
"product_reference": "linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64"
},
"product_reference": "linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64"
},
"product_reference": "linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-tools-host-0:4.4.0-275.309.all as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all"
},
"product_reference": "linux-tools-host-0:4.4.0-275.309.all",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-source-4.4.0-0:4.4.0-275.309.all as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all"
},
"product_reference": "linux-source-4.4.0-0:4.4.0-275.309.all",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all"
},
"product_reference": "linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
},
"product_reference": "linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
},
"product_reference": "linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"relates_to_product_reference": "Ubuntu-16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-56551",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix usage slab after free\n\n[ +0.000021] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000027] Read of size 8 at addr ffff8881b8605f88 by task amd_pci_unplug/2147\n\n[ +0.000023] CPU: 6 PID: 2147 Comm: amd_pci_unplug Not tainted 6.10.0+ #1\n[ +0.000016] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020\n[ +0.000016] Call Trace:\n[ +0.000008] \n[ +0.000009] dump_stack_lvl+0x76/0xa0\n[ +0.000017] print_report+0xce/0x5f0\n[ +0.000017] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000019] ? srso_return_thunk+0x5/0x5f\n[ +0.000015] ? kasan_complete_mode_report_info+0x72/0x200\n[ +0.000016] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000019] kasan_report+0xbe/0x110\n[ +0.000015] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000023] __asan_report_load8_noabort+0x14/0x30\n[ +0.000014] drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000020] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? __kasan_check_write+0x14/0x30\n[ +0.000016] ? __pfx_drm_sched_entity_flush+0x10/0x10 [gpu_sched]\n[ +0.000020] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? __kasan_check_write+0x14/0x30\n[ +0.000013] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? enable_work+0x124/0x220\n[ +0.000015] ? __pfx_enable_work+0x10/0x10\n[ +0.000013] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? free_large_kmalloc+0x85/0xf0\n[ +0.000016] drm_sched_entity_destroy+0x18/0x30 [gpu_sched]\n[ +0.000020] amdgpu_vce_sw_fini+0x55/0x170 [amdgpu]\n[ +0.000735] ? __kasan_check_read+0x11/0x20\n[ +0.000016] vce_v4_0_sw_fini+0x80/0x110 [amdgpu]\n[ +0.000726] amdgpu_device_fini_sw+0x331/0xfc0 [amdgpu]\n[ +0.000679] ? mutex_unlock+0x80/0xe0\n[ +0.000017] ? __pfx_amdgpu_device_fini_sw+0x10/0x10 [amdgpu]\n[ +0.000662] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? __kasan_check_write+0x14/0x30\n[ +0.000013] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? mutex_unlock+0x80/0xe0\n[ +0.000016] amdgpu_driver_release_kms+0x16/0x80 [amdgpu]\n[ +0.000663] drm_minor_release+0xc9/0x140 [drm]\n[ +0.000081] drm_release+0x1fd/0x390 [drm]\n[ +0.000082] __fput+0x36c/0xad0\n[ +0.000018] __fput_sync+0x3c/0x50\n[ +0.000014] __x64_sys_close+0x7d/0xe0\n[ +0.000014] x64_sys_call+0x1bc6/0x2680\n[ +0.000014] do_syscall_64+0x70/0x130\n[ +0.000014] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? irqentry_exit_to_user_mode+0x60/0x190\n[ +0.000015] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? irqentry_exit+0x43/0x50\n[ +0.000012] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? exc_page_fault+0x7c/0x110\n[ +0.000015] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ +0.000014] RIP: 0033:0x7ffff7b14f67\n[ +0.000013] Code: ff e8 0d 16 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 73 ba f7 ff\n[ +0.000026] RSP: 002b:00007fffffffe378 EFLAGS: 00000246 ORIG_RAX: 0000000000000003\n[ +0.000019] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffff7b14f67\n[ +0.000014] RDX: 0000000000000000 RSI: 00007ffff7f6f47a RDI: 0000000000000003\n[ +0.000014] RBP: 00007fffffffe3a0 R08: 0000555555569890 R09: 0000000000000000\n[ +0.000014] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffffffe5c8\n[ +0.000013] R13: 00005555555552a9 R14: 0000555555557d48 R15: 00007ffff7ffd040\n[ +0.000020] \n\n[ +0.000016] Allocated by task 383 on cpu 7 at 26.880319s:\n[ +0.000014] kasan_save_stack+0x28/0x60\n[ +0.000008] kasan_save_track+0x18/0x70\n[ +0.000007] kasan_save_alloc_info+0x38/0x60\n[ +0.000007] __kasan_kmalloc+0xc1/0xd0\n[ +0.000007] kmalloc_trace_noprof+0x180/0x380\n[ +0.000007] drm_sched_init+0x411/0xec0 [gpu_sched]\n[ +0.000012] amdgpu_device_init+0x695f/0xa610 [amdgpu]\n[ +0.000658] amdgpu_driver_load_kms+0x1a/0x120 [amdgpu]\n[ +0.000662] amdgpu_pci_p\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-56551"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/05b1b33936b71e5f189a813a517f72e8a27fcb2f",
"url": "https://git.kernel.org/stable/c/05b1b33936b71e5f189a813a517f72e8a27fcb2f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3990ef742c064e22189b954522930db04fc6b1a7",
"url": "https://git.kernel.org/stable/c/3990ef742c064e22189b954522930db04fc6b1a7"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3cc1116de10953f0265a05d9f351b02a9ec3b497",
"url": "https://git.kernel.org/stable/c/3cc1116de10953f0265a05d9f351b02a9ec3b497"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/6383199ada42d30562b4249c393592a2a9c38165",
"url": "https://git.kernel.org/stable/c/6383199ada42d30562b4249c393592a2a9c38165"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b61badd20b443eabe132314669bb51a263982e5c",
"url": "https://git.kernel.org/stable/c/b61badd20b443eabe132314669bb51a263982e5c"
}
],
"release_date": "2024-12-27T15:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2024-57896",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: flush delalloc workers queue before stopping cleaner kthread during unmount\n\nDuring the unmount path, at close_ctree(), we first stop the cleaner\nkthread, using kthread_stop() which frees the associated task_struct, and\nthen stop and destroy all the work queues. However after we stopped the\ncleaner we may still have a worker from the delalloc_workers queue running\ninode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput(),\nwhich in turn tries to wake up the cleaner kthread - which was already\ndestroyed before, resulting in a use-after-free on the task_struct.\n\nSyzbot reported this with the following stack traces:\n\n BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089\n Read of size 8 at addr ffff8880259d2818 by task kworker/u8:3/52\n\n CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n Workqueue: btrfs-delalloc btrfs_work_helper\n Call Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849\n __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162\n class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]\n try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205\n submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615\n run_ordered_work fs/btrfs/async-thread.c:288 [inline]\n btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \n\n Allocated by task 2:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:319 [inline]\n __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345\n kasan_slab_alloc include/linux/kasan.h:250 [inline]\n slab_post_alloc_hook mm/slub.c:4104 [inline]\n slab_alloc_node mm/slub.c:4153 [inline]\n kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4205\n alloc_task_struct_node kernel/fork.c:180 [inline]\n dup_task_struct+0x57/0x8c0 kernel/fork.c:1113\n copy_process+0x5d1/0x3d50 kernel/fork.c:2225\n kernel_clone+0x223/0x870 kernel/fork.c:2807\n kernel_thread+0x1bc/0x240 kernel/fork.c:2869\n create_kthread kernel/kthread.c:412 [inline]\n kthreadd+0x60d/0x810 kernel/kthread.c:767\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\n Freed by task 24:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2338 [inline]\n slab_free mm/slub.c:4598 [inline]\n kmem_cache_free+0x195/0x410 mm/slub.c:4700\n put_task_struct include/linux/sched/task.h:144 [inline]\n delayed_put_task_struct+0x125/0x300 kernel/exit.c:227\n rcu_do_batch kernel/rcu/tree.c:2567 [inline]\n rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823\n handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554\n run_ksoftirqd+0xca/0x130 kernel/softirq.c:943\n \n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-57896"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/1ea629e7bb2fb40555e5e01a1b5095df31287017",
"url": "https://git.kernel.org/stable/c/1ea629e7bb2fb40555e5e01a1b5095df31287017"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/35916b2f96505a18dc7242a115611b718d9de725",
"url": "https://git.kernel.org/stable/c/35916b2f96505a18dc7242a115611b718d9de725"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/63f4b594a688bf922e8691f0784679aa7af7988c",
"url": "https://git.kernel.org/stable/c/63f4b594a688bf922e8691f0784679aa7af7988c"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a2718ed1eb8c3611b63f8933c7e68c8821fe2808",
"url": "https://git.kernel.org/stable/c/a2718ed1eb8c3611b63f8933c7e68c8821fe2808"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d77a3a99b53d12c061c007cdc96df38825dee476",
"url": "https://git.kernel.org/stable/c/d77a3a99b53d12c061c007cdc96df38825dee476"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f10bef73fb355e3fc85e63a50386798be68ff486",
"url": "https://git.kernel.org/stable/c/f10bef73fb355e3fc85e63a50386798be68ff486"
}
],
"release_date": "2025-01-15T13:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2021-47211",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix null pointer dereference on pointer cs_desc\n\nThe pointer cs_desc return from snd_usb_find_clock_source could\nbe null, so there is a potential null pointer dereference issue.\nFix this by adding a null check before dereference.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2021-47211"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/58fa50de595f152900594c28ec9915c169643739",
"url": "https://git.kernel.org/stable/c/58fa50de595f152900594c28ec9915c169643739"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b97053df0f04747c3c1e021ecbe99db675342954",
"url": "https://git.kernel.org/stable/c/b97053df0f04747c3c1e021ecbe99db675342954"
}
],
"release_date": "2024-04-10T19:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-56642",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free of kernel socket in cleanup_bearer().\n\nsyzkaller reported a use-after-free of UDP kernel socket\nin cleanup_bearer() without repro. [0][1]\n\nWhen bearer_disable() calls tipc_udp_disable(), cleanup\nof the UDP kernel socket is deferred by work calling\ncleanup_bearer().\n\ntipc_exit_net() waits for such works to finish by checking\ntipc_net(net)->wq_count. However, the work decrements the\ncount too early before releasing the kernel socket,\nunblocking cleanup_net() and resulting in use-after-free.\n\nLet's move the decrement after releasing the socket in\ncleanup_bearer().\n\n[0]:\nref_tracker: net notrefcnt@000000009b3d1faf has 1/1 users at\n sk_alloc+0x438/0x608\n inet_create+0x4c8/0xcb0\n __sock_create+0x350/0x6b8\n sock_create_kern+0x58/0x78\n udp_sock_create4+0x68/0x398\n udp_sock_create+0x88/0xc8\n tipc_udp_enable+0x5e8/0x848\n __tipc_nl_bearer_enable+0x84c/0xed8\n tipc_nl_bearer_enable+0x38/0x60\n genl_family_rcv_msg_doit+0x170/0x248\n genl_rcv_msg+0x400/0x5b0\n netlink_rcv_skb+0x1dc/0x398\n genl_rcv+0x44/0x68\n netlink_unicast+0x678/0x8b0\n netlink_sendmsg+0x5e4/0x898\n ____sys_sendmsg+0x500/0x830\n\n[1]:\nBUG: KMSAN: use-after-free in udp_hashslot include/net/udp.h:85 [inline]\nBUG: KMSAN: use-after-free in udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979\n udp_hashslot include/net/udp.h:85 [inline]\n udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979\n sk_common_release+0xaf/0x3f0 net/core/sock.c:3820\n inet_release+0x1e0/0x260 net/ipv4/af_inet.c:437\n inet6_release+0x6f/0xd0 net/ipv6/af_inet6.c:489\n __sock_release net/socket.c:658 [inline]\n sock_release+0xa0/0x210 net/socket.c:686\n cleanup_bearer+0x42d/0x4c0 net/tipc/udp_media.c:819\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310\n worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391\n kthread+0x531/0x6b0 kernel/kthread.c:389\n ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244\n\nUninit was created at:\n slab_free_hook mm/slub.c:2269 [inline]\n slab_free mm/slub.c:4580 [inline]\n kmem_cache_free+0x207/0xc40 mm/slub.c:4682\n net_free net/core/net_namespace.c:454 [inline]\n cleanup_net+0x16f2/0x19d0 net/core/net_namespace.c:647\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310\n worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391\n kthread+0x531/0x6b0 kernel/kthread.c:389\n ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/0:2 Not tainted 6.12.0-rc1-00131-gf66ebf37d69c #7 91723d6f74857f70725e1583cba3cf4adc716cfa\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: events cleanup_bearer",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-56642"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/4e69457f9dfae67435f3ccf29008768eae860415",
"url": "https://git.kernel.org/stable/c/4e69457f9dfae67435f3ccf29008768eae860415"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/650ee9a22d7a2de8999fac2d45983597a0c22359",
"url": "https://git.kernel.org/stable/c/650ee9a22d7a2de8999fac2d45983597a0c22359"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/6a2fa13312e51a621f652d522d7e2df7066330b6",
"url": "https://git.kernel.org/stable/c/6a2fa13312e51a621f652d522d7e2df7066330b6"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d00d4470bf8c4282617a3a10e76b20a9c7e4cffa",
"url": "https://git.kernel.org/stable/c/d00d4470bf8c4282617a3a10e76b20a9c7e4cffa"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d2a4894f238551eae178904e7f45af87577074fd",
"url": "https://git.kernel.org/stable/c/d2a4894f238551eae178904e7f45af87577074fd"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d62d5180c036eeac09f80660edc7a602b369125f",
"url": "https://git.kernel.org/stable/c/d62d5180c036eeac09f80660edc7a602b369125f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e48b211c4c59062cb6dd6c2c37c51a7cc235a464",
"url": "https://git.kernel.org/stable/c/e48b211c4c59062cb6dd6c2c37c51a7cc235a464"
}
],
"release_date": "2024-12-27T15:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2024-56661",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix NULL deref in cleanup_bearer()\n\nsyzbot found [1] that after blamed commit, ub->ubsock->sk\nwas NULL when attempting the atomic_dec() :\n\natomic_dec(&tipc_net(sock_net(ub->ubsock->sk))->wq_count);\n\nFix this by caching the tipc_net pointer.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 0 UID: 0 PID: 5896 Comm: kworker/0:3 Not tainted 6.13.0-rc1-next-20241203-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events cleanup_bearer\n RIP: 0010:read_pnet include/net/net_namespace.h:387 [inline]\n RIP: 0010:sock_net include/net/sock.h:655 [inline]\n RIP: 0010:cleanup_bearer+0x1f7/0x280 net/tipc/udp_media.c:820\nCode: 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3c f7 99 f6 48 8b 1b 48 83 c3 30 e8 f0 e4 60 00 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 1a f7 99 f6 49 83 c7 e8 48 8b 1b\nRSP: 0018:ffffc9000410fb70 EFLAGS: 00010206\nRAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff88802fe45a00\nRDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000410f900\nRBP: ffff88807e1f0908 R08: ffffc9000410f907 R09: 1ffff92000821f20\nR10: dffffc0000000000 R11: fffff52000821f21 R12: ffff888031d19980\nR13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88807e1f0918\nFS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556ca050b000 CR3: 0000000031c0c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-56661"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/07b569eda6fe6a1e83be5a587abee12d1303f95e",
"url": "https://git.kernel.org/stable/c/07b569eda6fe6a1e83be5a587abee12d1303f95e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/754ec823ee53422361da7958a8c8bf3275426912",
"url": "https://git.kernel.org/stable/c/754ec823ee53422361da7958a8c8bf3275426912"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/89ecda492d0a37fd00aaffc4151f1f44c26d93ac",
"url": "https://git.kernel.org/stable/c/89ecda492d0a37fd00aaffc4151f1f44c26d93ac"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a771f349c95d3397636861a0a6462d4a7a7ecb25",
"url": "https://git.kernel.org/stable/c/a771f349c95d3397636861a0a6462d4a7a7ecb25"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a852c82eda4991e21610837aaa160965be71f5cc",
"url": "https://git.kernel.org/stable/c/a852c82eda4991e21610837aaa160965be71f5cc"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b04d86fff66b15c07505d226431f808c15b1703c",
"url": "https://git.kernel.org/stable/c/b04d86fff66b15c07505d226431f808c15b1703c"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d1d4dfb189a115734bff81c411bc58d9e348db7d",
"url": "https://git.kernel.org/stable/c/d1d4dfb189a115734bff81c411bc58d9e348db7d"
}
],
"release_date": "2024-12-27T15:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2021-47163",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: wait and exit until all work queues are done\n\nOn some host, a crash could be triggered simply by repeating these\ncommands several times:\n\n # modprobe tipc\n # tipc bearer enable media udp name UDP1 localip 127.0.0.1\n # rmmod tipc\n\n [] BUG: unable to handle kernel paging request at ffffffffc096bb00\n [] Workqueue: events 0xffffffffc096bb00\n [] Call Trace:\n [] ? process_one_work+0x1a7/0x360\n [] ? worker_thread+0x30/0x390\n [] ? create_worker+0x1a0/0x1a0\n [] ? kthread+0x116/0x130\n [] ? kthread_flush_work_fn+0x10/0x10\n [] ? ret_from_fork+0x35/0x40\n\nWhen removing the TIPC module, the UDP tunnel sock will be delayed to\nrelease in a work queue as sock_release() can't be done in rtnl_lock().\nIf the work queue is schedule to run after the TIPC module is removed,\nkernel will crash as the work queue function cleanup_beareri() code no\nlonger exists when trying to invoke it.\n\nTo fix it, this patch introduce a member wq_count in tipc_net to track\nthe numbers of work queues in schedule, and wait and exit until all\nwork queues are done in tipc_exit_net().",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2021-47163"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/04c26faa51d1e2fe71cf13c45791f5174c37f986",
"url": "https://git.kernel.org/stable/c/04c26faa51d1e2fe71cf13c45791f5174c37f986"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5195ec5e365a2a9331bfeb585b613a6e94f98dba",
"url": "https://git.kernel.org/stable/c/5195ec5e365a2a9331bfeb585b613a6e94f98dba"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d",
"url": "https://git.kernel.org/stable/c/b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa",
"url": "https://git.kernel.org/stable/c/d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa"
}
],
"release_date": "2024-03-25T10:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-275-tuxcare.els46-generic-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-275.309.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-0:4.4.0-275.309.all",
"Ubuntu-16:linux-headers-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-275-tuxcare.els46-lowlatency-0:4.4.0-275.309.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
}
]
}