{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* Focal update: v5.4.292 upstream stable release (LP: #2109357) // CVE-url:\n https://ubuntu.com/security/CVE-2025-37937\n - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()\n * Focal update: v5.4.287 upstream stable release (LP: #2095145) // CVE-url:\n https://ubuntu.com/security/CVE-2024-53197\n - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox\n devices\n * Bionic update: upstream stable patchset 2023-01-20 (LP: #2003596) // CVE-\n url: https://ubuntu.com/security/CVE-2022-49909\n - Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()\n * Bionic update: upstream stable patchset 2022-07-25 (LP: #1982782) // CVE-\n url: https://ubuntu.com/security/CVE-2022-49530\n - drm/amd/pm: fix double free in si_parse_power_table()\n * CVE-url: https://ubuntu.com/security/CVE-2025-39688\n - nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()\n * CVE-url: https://ubuntu.com/security/CVE-2024-50106\n - nfsd: simplify nfs4_put_deleg_lease calls\n - nfsd: factor out common delegation-destruction code\n - nfsd: Fix race to FREE_STATEID and cl_revoked\n - nfsd: don't call functions with side-effecting inside WARN_ON()\n - nfsd: remove fault injection code\n - nfsd: avoid race after unhash_delegation_locked()\n - nfsd: split sc_status out of sc_type\n - nfsd: fix race between laundromat and free_stateid\n * CVE-url: https://ubuntu.com/security/CVE-2024-35937\n - wifi: cfg80211: check A-MSDU format more carefully\n * CVE-url: https://ubuntu.com/security/CVE-2024-49966\n - ocfs2: cancel dqi_sync_work before freeing oinfo\n * CVE-url: https://ubuntu.com/security/CVE-2023-52588\n - f2fs: fix to tag gcing flag on page during block migration\n * CVE-url: https://ubuntu.com/security/CVE-2024-57798\n - drm/dp-mst-helper: Remove hotplug callback\n - drm/dp_mst: Remove huge conditional in drm_dp_mst_handle_up_req()\n - drm/dp_mst: Refactor drm_dp_mst_handle_up_req()\n - drm/dp_mst: Rename drm_dp_add_port and drm_dp_update_port\n - drm/dp_mst: Handle UP requests asynchronously\n - drm/dp_mst: Ensure mst_primary pointer is valid in\n drm_dp_mst_handle_up_req()\n * Miscellaneous Ubuntu changes\n - [Config] updateconfigs for NFSD_FAULT_INJECTION", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/advisories/2025/clsa-2025_1753083094.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753083094", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753083094" } ], "tracking": { "current_release_date": "2025-07-21T07:33:22Z", "generator": { "date": "2025-07-21T07:33:22Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1753083094", "initial_release_date": "2025-07-21T07:33:22Z", "revision_history": [ { "date": "2025-07-21T07:33:22Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "Fix of 10 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 16.04", "product": { "name": "Ubuntu 16.04", "product_id": "Ubuntu-16", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "product": { "name": "linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "product_id": "linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency@4.4.0-276.310?arch=amd64" } } }, { "category": "product_version", "name": "linux-libc-dev-0:4.4.0-276.310.amd64", "product": { "name": "linux-libc-dev-0:4.4.0-276.310.amd64", "product_id": "linux-libc-dev-0:4.4.0-276.310.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-libc-dev@4.4.0-276.310?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "product": { "name": "linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "product_id": "linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-4.4.0-276-tuxcare.els47-lowlatency@4.4.0-276.310?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "product": { "name": "linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "product_id": "linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-headers-4.4.0-276-tuxcare.els47-generic@4.4.0-276.310?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "product": { "name": "linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "product_id": "linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-modules-extra-4.4.0-276-tuxcare.els47-generic@4.4.0-276.310?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "product": { "name": "linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "product_id": "linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-image-unsigned-4.4.0-276-tuxcare.els47-generic@4.4.0-276.310?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "product": { "name": "linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "product_id": "linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-4.4.0-276-tuxcare.els47@4.4.0-276.310?arch=amd64" } } }, { "category": "product_version", "name": "linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "product": { "name": "linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "product_id": "linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency@4.4.0-276.310?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "linux-tools-host-0:4.4.0-276.310.all", "product": { "name": "linux-tools-host-0:4.4.0-276.310.all", "product_id": "linux-tools-host-0:4.4.0-276.310.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-host@4.4.0-276.310?arch=all" } } }, { "category": "product_version", "name": "linux-source-4.4.0-0:4.4.0-276.310.all", "product": { "name": "linux-source-4.4.0-0:4.4.0-276.310.all", "product_id": "linux-source-4.4.0-0:4.4.0-276.310.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-source-4.4.0@4.4.0-276.310?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" }, "product_reference": "linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-libc-dev-0:4.4.0-276.310.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64" }, "product_reference": "linux-libc-dev-0:4.4.0-276.310.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-host-0:4.4.0-276.310.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all" }, "product_reference": "linux-tools-host-0:4.4.0-276.310.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-source-4.4.0-0:4.4.0-276.310.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all" }, "product_reference": "linux-source-4.4.0-0:4.4.0-276.310.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" }, "product_reference": "linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64" }, "product_reference": "linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64" }, "product_reference": "linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64" }, "product_reference": "linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64" }, "product_reference": "linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" }, "product_reference": "linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "relates_to_product_reference": "Ubuntu-16" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-49909", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: fix use-after-free in l2cap_conn_del()\n\nWhen l2cap_recv_frame() is invoked to receive data, and the cid is\nL2CAP_CID_A2MP, if the channel does not exist, it will create a channel.\nHowever, after a channel is created, the hold operation of the channel\nis not performed. In this case, the value of channel reference counting\nis 1. As a result, after hci_error_reset() is triggered, l2cap_conn_del()\ninvokes the close hook function of A2MP to release the channel. Then\n l2cap_chan_unlock(chan) will trigger UAF issue.\n\nThe process is as follows:\nReceive data:\nl2cap_data_channel()\n a2mp_channel_create() --->channel ref is 2\n l2cap_chan_put() --->channel ref is 1\n\nTriger event:\n hci_error_reset()\n hci_dev_do_close()\n ...\n l2cap_disconn_cfm()\n l2cap_conn_del()\n l2cap_chan_hold() --->channel ref is 2\n l2cap_chan_del() --->channel ref is 1\n a2mp_chan_close_cb() --->channel ref is 0, release channel\n l2cap_chan_unlock() --->UAF of channel\n\nThe detailed Call Trace is as follows:\nBUG: KASAN: use-after-free in __mutex_unlock_slowpath+0xa6/0x5e0\nRead of size 8 at addr ffff8880160664b8 by task kworker/u11:1/7593\nWorkqueue: hci0 hci_error_reset\nCall Trace:\n \n dump_stack_lvl+0xcd/0x134\n print_report.cold+0x2ba/0x719\n kasan_report+0xb1/0x1e0\n kasan_check_range+0x140/0x190\n __mutex_unlock_slowpath+0xa6/0x5e0\n l2cap_conn_del+0x404/0x7b0\n l2cap_disconn_cfm+0x8c/0xc0\n hci_conn_hash_flush+0x11f/0x260\n hci_dev_close_sync+0x5f5/0x11f0\n hci_dev_do_close+0x2d/0x70\n hci_error_reset+0x9e/0x140\n process_one_work+0x98a/0x1620\n worker_thread+0x665/0x1080\n kthread+0x2e4/0x3a0\n ret_from_fork+0x1f/0x30\n \n\nAllocated by task 7593:\n kasan_save_stack+0x1e/0x40\n __kasan_kmalloc+0xa9/0xd0\n l2cap_chan_create+0x40/0x930\n amp_mgr_create+0x96/0x990\n a2mp_channel_create+0x7d/0x150\n l2cap_recv_frame+0x51b8/0x9a70\n l2cap_recv_acldata+0xaa3/0xc00\n hci_rx_work+0x702/0x1220\n process_one_work+0x98a/0x1620\n worker_thread+0x665/0x1080\n kthread+0x2e4/0x3a0\n ret_from_fork+0x1f/0x30\n\nFreed by task 7593:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_set_free_info+0x20/0x30\n ____kasan_slab_free+0x167/0x1c0\n slab_free_freelist_hook+0x89/0x1c0\n kfree+0xe2/0x580\n l2cap_chan_put+0x22a/0x2d0\n l2cap_conn_del+0x3fc/0x7b0\n l2cap_disconn_cfm+0x8c/0xc0\n hci_conn_hash_flush+0x11f/0x260\n hci_dev_close_sync+0x5f5/0x11f0\n hci_dev_do_close+0x2d/0x70\n hci_error_reset+0x9e/0x140\n process_one_work+0x98a/0x1620\n worker_thread+0x665/0x1080\n kthread+0x2e4/0x3a0\n ret_from_fork+0x1f/0x30\n\nLast potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0xbe/0xd0\n call_rcu+0x99/0x740\n netlink_release+0xe6a/0x1cf0\n __sock_release+0xcd/0x280\n sock_close+0x18/0x20\n __fput+0x27c/0xa90\n task_work_run+0xdd/0x1a0\n exit_to_user_mode_prepare+0x23c/0x250\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x42/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x1e/0x40\n __kasan_record_aux_stack+0xbe/0xd0\n call_rcu+0x99/0x740\n netlink_release+0xe6a/0x1cf0\n __sock_release+0xcd/0x280\n sock_close+0x18/0x20\n __fput+0x27c/0xa90\n task_work_run+0xdd/0x1a0\n exit_to_user_mode_prepare+0x23c/0x250\n syscall_exit_to_user_mode+0x19/0x50\n do_syscall_64+0x42/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49909" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0d0e2d032811280b927650ff3c15fe5020e82533", "url": "https://git.kernel.org/stable/c/0d0e2d032811280b927650ff3c15fe5020e82533" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/17c6164854f8bb80bf76f32b2c2f199c16b53703", "url": "https://git.kernel.org/stable/c/17c6164854f8bb80bf76f32b2c2f199c16b53703" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7f7bfdd9a9af3b12c33d9da9a012e7f4d5c91f4b", "url": "https://git.kernel.org/stable/c/7f7bfdd9a9af3b12c33d9da9a012e7f4d5c91f4b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f7e4cf0694149a5d999d676ebd9ecf1b4cb2cc9", "url": "https://git.kernel.org/stable/c/8f7e4cf0694149a5d999d676ebd9ecf1b4cb2cc9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a3a7b2ac64de232edb67279e804932cb42f0b52a", "url": "https://git.kernel.org/stable/c/a3a7b2ac64de232edb67279e804932cb42f0b52a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab", "url": "https://git.kernel.org/stable/c/c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd", "url": "https://git.kernel.org/stable/c/d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/db4a0783ed78beb2ebaa32f5f785bfd79c580689", "url": "https://git.kernel.org/stable/c/db4a0783ed78beb2ebaa32f5f785bfd79c580689" } ], "release_date": "2025-05-01T15:16:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37937", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nobjtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()\nIf dib8000_set_dds()'s call to dib8000_read32() returns zero, the result\nis a divide-by-zero. Prevent that from happening.\nFixes the following warning with an UBSAN kernel:\ndrivers/media/dvb-frontends/dib8000.o: warning: objtool: dib8000_tune() falls through to next function dib8096p_cfg_DibRx()", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37937" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2024-35937", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: check A-MSDU format more carefully\n\nIf it looks like there's another subframe in the A-MSDU\nbut the header isn't fully there, we can end up reading\ndata out of bounds, only to discard later. Make this a\nbit more careful and check if the subframe header can\neven be present.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-35937" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544", "url": "https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9", "url": "https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc", "url": "https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e", "url": "https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e" } ], "release_date": "2024-05-19T11:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-50106", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix race between laundromat and free_stateid\n\nThere is a race between laundromat handling of revoked delegations\nand a client sending free_stateid operation. Laundromat thread\nfinds that delegation has expired and needs to be revoked so it\nmarks the delegation stid revoked and it puts it on a reaper list\nbut then it unlock the state lock and the actual delegation revocation\nhappens without the lock. Once the stid is marked revoked a racing\nfree_stateid processing thread does the following (1) it calls\nlist_del_init() which removes it from the reaper list and (2) frees\nthe delegation stid structure. The laundromat thread ends up not\ncalling the revoke_delegation() function for this particular delegation\nbut that means it will no release the lock lease that exists on\nthe file.\n\nNow, a new open for this file comes in and ends up finding that\nlease list isn't empty and calls nfsd_breaker_owns_lease() which ends\nup trying to derefence a freed delegation stateid. Leading to the\nfollowint use-after-free KASAN warning:\n\nkernel: ==================================================================\nkernel: BUG: KASAN: slab-use-after-free in nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: Read of size 8 at addr ffff0000e73cd0c8 by task nfsd/6205\nkernel:\nkernel: CPU: 2 UID: 0 PID: 6205 Comm: nfsd Kdump: loaded Not tainted 6.11.0-rc7+ #9\nkernel: Hardware name: Apple Inc. Apple Virtualization Generic Platform, BIOS 2069.0.0.0.0 08/03/2024\nkernel: Call trace:\nkernel: dump_backtrace+0x98/0x120\nkernel: show_stack+0x1c/0x30\nkernel: dump_stack_lvl+0x80/0xe8\nkernel: print_address_description.constprop.0+0x84/0x390\nkernel: print_report+0xa4/0x268\nkernel: kasan_report+0xb4/0xf8\nkernel: __asan_report_load8_noabort+0x1c/0x28\nkernel: nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd]\nkernel: nfsd_file_acquire_opened+0x84/0x110 [nfsd]\nkernel: nfs4_get_vfs_file+0x634/0x958 [nfsd]\nkernel: nfsd4_process_open2+0xa40/0x1a40 [nfsd]\nkernel: nfsd4_open+0xa08/0xe80 [nfsd]\nkernel: nfsd4_proc_compound+0xb8c/0x2130 [nfsd]\nkernel: nfsd_dispatch+0x22c/0x718 [nfsd]\nkernel: svc_process_common+0x8e8/0x1960 [sunrpc]\nkernel: svc_process+0x3d4/0x7e0 [sunrpc]\nkernel: svc_handle_xprt+0x828/0xe10 [sunrpc]\nkernel: svc_recv+0x2cc/0x6a8 [sunrpc]\nkernel: nfsd+0x270/0x400 [nfsd]\nkernel: kthread+0x288/0x310\nkernel: ret_from_fork+0x10/0x20\n\nThis patch proposes a fixed that's based on adding 2 new additional\nstid's sc_status values that help coordinate between the laundromat\nand other operations (nfsd4_free_stateid() and nfsd4_delegreturn()).\n\nFirst to make sure, that once the stid is marked revoked, it is not\nremoved by the nfsd4_free_stateid(), the laundromat take a reference\non the stateid. Then, coordinating whether the stid has been put\non the cl_revoked list or we are processing FREE_STATEID and need to\nmake sure to remove it from the list, each check that state and act\naccordingly. If laundromat has added to the cl_revoke list before\nthe arrival of FREE_STATEID, then nfsd4_free_stateid() knows to remove\nit from the list. If nfsd4_free_stateid() finds that operations arrived\nbefore laundromat has placed it on cl_revoke list, it marks the state\nfreed and then laundromat will no longer add it to the list.\n\nAlso, for nfsd4_delegreturn() when looking for the specified stid,\nwe need to access stid that are marked removed or freeable, it means\nthe laundromat has started processing it but hasn't finished and this\ndelegreturn needs to return nfserr_deleg_revoked and not\nnfserr_bad_stateid. The latter will not trigger a FREE_STATEID and the\nlack of it will leave this stid on the cl_revoked list indefinitely.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50106" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a", "url": "https://git.kernel.org/stable/c/8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/967faa26f313a62e7bebc55d5b8122eaee43b929", "url": "https://git.kernel.org/stable/c/967faa26f313a62e7bebc55d5b8122eaee43b929" } ], "release_date": "2024-11-05T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-39688", "cwe": { "id": "CWE-99", "name": "Improper Control of Resource Identifiers ('Resource Injection')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()\nThe pynfs DELEG8 test fails when run against nfsd. It acquires a\ndelegation and then lets the lease time out. It then tries to use the\ndeleg stateid and expects to see NFS4ERR_DELEG_REVOKED, but it gets\nbad NFS4ERR_BAD_STATEID instead.\nWhen a delegation is revoked, it's initially marked with\nSC_STATUS_REVOKED, or SC_STATUS_ADMIN_REVOKED and later, it's marked\nwith the SC_STATUS_FREEABLE flag, which denotes that it is waiting for\ns FREE_STATEID call.\nnfs4_lookup_stateid() accepts a statusmask that includes the status\nflags that a found stateid is allowed to have. Currently, that mask\nnever includes SC_STATUS_FREEABLE, which means that revoked delegations\nare (almost) never found.\nAdd SC_STATUS_FREEABLE to the always-allowed status flags, and remove it\nfrom nfsd4_delegreturn() since it's now always implied.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39688" } ], "release_date": "2025-04-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-53197", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices\nA bogus device can provide a bNumConfigurations value that exceeds the\ninitial value used in usb_get_configuration for allocating dev->config.\nThis can lead to out-of-bounds accesses later, e.g. in\nusb_destroy_configuration.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-53197" } ], "release_date": "2024-12-27T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2022-49530", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fix double free in si_parse_power_table()\n\nIn function si_parse_power_table(), array adev->pm.dpm.ps and its member\nis allocated. If the allocation of each member fails, the array itself\nis freed and returned with an error code. However, the array is later\nfreed again in si_dpm_fini() function which is called when the function\nreturns an error.\n\nThis leads to potential double free of the array adev->pm.dpm.ps, as\nwell as leak of its array members, since the members are not freed in\nthe allocation function and the array is not nulled when freed.\nIn addition adev->pm.dpm.num_ps, which keeps track of the allocated\narray member, is not updated until the member allocation is\nsuccessfully finished, this could also lead to either use after free,\nor uninitialized variable access in si_dpm_fini().\n\nFix this by postponing the free of the array until si_dpm_fini() and\nincrement adev->pm.dpm.num_ps everytime the array member is allocated.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49530" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2615464854505188f909d0c07c37a6623693b5c7", "url": "https://git.kernel.org/stable/c/2615464854505188f909d0c07c37a6623693b5c7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/43eb9b667b95f2a31c63e8949b0d2161b9be59c3", "url": "https://git.kernel.org/stable/c/43eb9b667b95f2a31c63e8949b0d2161b9be59c3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6c5bdaa1325be7f04b79ea992ab216739192d342", "url": "https://git.kernel.org/stable/c/6c5bdaa1325be7f04b79ea992ab216739192d342" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a5ce7051db044290b1a95045ff03c249005a3aa4", "url": "https://git.kernel.org/stable/c/a5ce7051db044290b1a95045ff03c249005a3aa4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/af832028af6f44c6c45645757079c4ed6884ade5", "url": "https://git.kernel.org/stable/c/af832028af6f44c6c45645757079c4ed6884ade5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c0e811c4ccf3b42705976285e3a94cc82dea7300", "url": "https://git.kernel.org/stable/c/c0e811c4ccf3b42705976285e3a94cc82dea7300" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ca1ce206894dd976275c78ee38dbc19873f22de9", "url": "https://git.kernel.org/stable/c/ca1ce206894dd976275c78ee38dbc19873f22de9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f3fa2becf2fc25b6ac7cf8d8b1a2e4a86b3b72bd", "url": "https://git.kernel.org/stable/c/f3fa2becf2fc25b6ac7cf8d8b1a2e4a86b3b72bd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fd2eff8b9dcbe469c3b7bbbc7083ab5ed94de07b", "url": "https://git.kernel.org/stable/c/fd2eff8b9dcbe469c3b7bbbc7083ab5ed94de07b" } ], "release_date": "2025-02-26T07:01:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-49966", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: cancel dqi_sync_work before freeing oinfo\n\nocfs2_global_read_info() will initialize and schedule dqi_sync_work at the\nend, if error occurs after successfully reading global quota, it will\ntrigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled:\n\nODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c\n\nThis reports that there is an active delayed work when freeing oinfo in\nerror handling, so cancel dqi_sync_work first. BTW, return status instead\nof -1 when .read_file_info fails.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-49966" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0d707a33c84b371cb66120e198eed3374726ddd8", "url": "https://git.kernel.org/stable/c/0d707a33c84b371cb66120e198eed3374726ddd8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/14114d8148db07e7946fb06b56a50cfa425e26c7", "url": "https://git.kernel.org/stable/c/14114d8148db07e7946fb06b56a50cfa425e26c7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/35fccce29feb3706f649726d410122dd81b92c18", "url": "https://git.kernel.org/stable/c/35fccce29feb3706f649726d410122dd81b92c18" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4173d1277c00baeedaaca76783e98b8fd0e3c08d", "url": "https://git.kernel.org/stable/c/4173d1277c00baeedaaca76783e98b8fd0e3c08d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/89043e7ed63c7fc141e68ea5a79758ed24b6c699", "url": "https://git.kernel.org/stable/c/89043e7ed63c7fc141e68ea5a79758ed24b6c699" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a4346c04d055bf7e184c18a73dbd23b6a9811118", "url": "https://git.kernel.org/stable/c/a4346c04d055bf7e184c18a73dbd23b6a9811118" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bbf41277df8b33fbedf4750a9300c147e8f104eb", "url": "https://git.kernel.org/stable/c/bbf41277df8b33fbedf4750a9300c147e8f104eb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ef768020366f47d23f39c4f57bcb03af6d1e24b3", "url": "https://git.kernel.org/stable/c/ef768020366f47d23f39c4f57bcb03af6d1e24b3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fc5cc716dfbdc5fd5f373ff3b51358174cf88bfc", "url": "https://git.kernel.org/stable/c/fc5cc716dfbdc5fd5f373ff3b51358174cf88bfc" } ], "release_date": "2024-10-21T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2023-52588", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to tag gcing flag on page during block migration\n\nIt needs to add missing gcing flag on page during block migration,\nin order to garantee migrated data be persisted during checkpoint,\notherwise out-of-order persistency between data and node may cause\ndata corruption after SPOR.\n\nSimilar issue was fixed by commit 2d1fe8a86bf5 (\"f2fs: fix to tag\ngcing flag on page during file defragment\").", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52588" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/417b8a91f4e8831cadaf85c3f15c6991c1f54dde", "url": "https://git.kernel.org/stable/c/417b8a91f4e8831cadaf85c3f15c6991c1f54dde" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4961acdd65c956e97c1a000c82d91a8c1cdbe44b", "url": "https://git.kernel.org/stable/c/4961acdd65c956e97c1a000c82d91a8c1cdbe44b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7c972c89457511007dfc933814c06786905e515c", "url": "https://git.kernel.org/stable/c/7c972c89457511007dfc933814c06786905e515c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7ea0f29d9fd84905051be020c0df7d557e286136", "url": "https://git.kernel.org/stable/c/7ea0f29d9fd84905051be020c0df7d557e286136" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b8094c0f1aae329b1c60a275a780d6c2c9ff7aa3", "url": "https://git.kernel.org/stable/c/b8094c0f1aae329b1c60a275a780d6c2c9ff7aa3" } ], "release_date": "2024-03-06T07:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-57798", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()\n\nWhile receiving an MST up request message from one thread in\ndrm_dp_mst_handle_up_req(), the MST topology could be removed from\nanother thread via drm_dp_mst_topology_mgr_set_mst(false), freeing\nmst_primary and setting drm_dp_mst_topology_mgr::mst_primary to NULL.\nThis could lead to a NULL deref/use-after-free of mst_primary in\ndrm_dp_mst_handle_up_req().\n\nAvoid the above by holding a reference for mst_primary in\ndrm_dp_mst_handle_up_req() while it's used.\n\nv2: Fix kfreeing the request if getting an mst_primary reference fails.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-57798" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9735d40f5fde9970aa46e828ecc85c32571d58a2", "url": "https://git.kernel.org/stable/c/9735d40f5fde9970aa46e828ecc85c32571d58a2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ce55818b2d3a999f886af91679589e4644ff1dc8", "url": "https://git.kernel.org/stable/c/ce55818b2d3a999f886af91679589e4644ff1dc8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e54b00086f7473dbda1a7d6fc47720ced157c6a8", "url": "https://git.kernel.org/stable/c/e54b00086f7473dbda1a7d6fc47720ced157c6a8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f61b2e5e7821f868d6afc22382a66a30ee780ba0", "url": "https://git.kernel.org/stable/c/f61b2e5e7821f868d6afc22382a66a30ee780ba0" } ], "release_date": "2025-01-11T13:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-276.310.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-276.310.all", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-headers-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-276-tuxcare.els47-generic-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-tools-4.4.0-276-tuxcare.els47-0:4.4.0-276.310.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-276-tuxcare.els47-lowlatency-0:4.4.0-276.310.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }