{
"document": {
"aggregate_severity": {
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "TuxCare License Agreement",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.",
"title": "Terms of Use"
},
{
"category": "details",
"text": "* Bionic update: upstream stable patchset 2021-06-11 (LP: #1931740) // CVE-\n url: https://ubuntu.com/security/CVE-2021-34981\n - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails\n * CVE-url: https://ubuntu.com/security/CVE-2025-37797\n - net_sched: hfsc: Fix a UAF vulnerability in class handling\n * CVE-url: https://ubuntu.com/security/CVE-2024-57996 // CVE-url:\n https://ubuntu.com/security/CVE-2025-37752\n - net_sched: sch_sfq: move the limit validation\n * Focal update: v5.4.285 upstream stable release (LP: #2089233) //\n CVE-2024-50202 // CVE-url: https://ubuntu.com/security/CVE-2024-50202\n - nilfs2: propagate directory read errors from nilfs_find_entry()\n * Focal update: v5.4.279 upstream stable release (LP: #2073621) // CVE-url:\n https://ubuntu.com/security/CVE-2024-50202\n - nilfs2: Remove check for PageError\n - nilfs2: return the mapped address from nilfs_get_page()\n * CVE-url: https://ubuntu.com/security/CVE-2024-50202\n - make ext2_get_page() and friends work without external serialization\n * Bionic update: upstream stable patchset 2021-08-03 (LP: #1938824) // CVE-\n url: https://ubuntu.com/security/CVE-2021-47345\n - RDMA/cma: Fix rdma_resolve_route() memory leak\n * Focal update: v5.4.287 upstream stable release (LP: #2095145) // CVE-url:\n https://ubuntu.com/security/CVE-2024-53131\n - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint\n * Focal update: v5.4.287 upstream stable release (LP: #2095145) // CVE-url:\n https://ubuntu.com/security/CVE-2024-53130\n - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint\n * CVE-url: https://ubuntu.com/security/CVE-2025-37798\n - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()\n * CVE-url: https://ubuntu.com/security/CVE-2025-21640\n - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy\n * CVE-url: https://ubuntu.com/security/CVE-2024-57913\n - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind\n * CVE-url: https://ubuntu.com/security/CVE-2025-21638\n - sctp: sysctl: auth_enable: avoid using current->nsproxy\n * CVE-url: https://ubuntu.com/security/CVE-2024-50195\n - posix-clock: Fix missing timespec64 check in pc_clock_settime()\n * CVE-url: https://ubuntu.com/security/CVE-2024-50299\n - sctp: properly validate chunk size in sctp_sf_ootb()\n * CVE-url: https://ubuntu.com/security/CVE-2024-41016\n - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\n * CVE-url: https://ubuntu.com/security/CVE-2024-50287\n - media: v4l2-tpg: prevent the risk of a division by zero\n * CVE-url: https://ubuntu.com/security/CVE-2024-49965\n - ocfs2: remove unreasonable unlock in ocfs2_read_blocks\n * CVE-url: https://ubuntu.com/security/CVE-2024-50179\n - ceph: remove the incorrect Fw reference check when dirtying pages\n * CVE-url: https://ubuntu.com/security/CVE-2024-40953\n - KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()\n * CVE-url: https://ubuntu.com/security/CVE-2024-50290\n - media: cx24116: prevent overflows on SNR calculus\n * CVE-url: https://ubuntu.com/security/CVE-2024-49877\n - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate\n * CVE-url: https://ubuntu.com/security/CVE-2024-50008\n - wifi: mwifiex: Fix memcpy() field-spanning write warning in\n mwifiex_cmd_802_11_scan_ext()\n * CVE-url: https://ubuntu.com/security/CVE-2024-49959\n - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error\n * CVE-url: https://ubuntu.com/security/CVE-2024-49963\n - mailbox: bcm2835: Fix timeout during suspend mode\n * CVE-url: https://ubuntu.com/security/CVE-2024-47709\n - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().\n * CVE-url: https://ubuntu.com/security/CVE-2025-21699\n - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n * CVE-url: https://ubuntu.com/security/CVE-2025-21689\n - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n * CVE-url: https://ubuntu.com/security/CVE-2024-53101\n - fs: Fix uninitialized value issue in from_kuid and from_kgid",
"title": "Details"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://tuxcare.com/contact/",
"name": "TuxCare",
"namespace": "https://tuxcare.com/"
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/advisories/2025/clsa-2025_1758009836.json"
},
{
"category": "self",
"summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1758009836",
"url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1758009836"
}
],
"tracking": {
"current_release_date": "2025-09-16T08:07:58Z",
"generator": {
"date": "2025-09-16T08:07:58Z",
"engine": {
"name": "pyCSAF"
}
},
"id": "CLSA-2025:1758009836",
"initial_release_date": "2025-09-16T08:07:58Z",
"revision_history": [
{
"date": "2025-09-16T08:07:58Z",
"number": "1",
"summary": "Initial version"
}
],
"status": "final",
"version": "1"
},
"title": "Fix of 28 CVEs"
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu 16.04",
"product": {
"name": "Ubuntu 16.04",
"product_id": "Ubuntu-16",
"product_identification_helper": {
"cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Ubuntu"
}
],
"category": "vendor",
"name": "Canonical Ltd."
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"product_id": "linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-tools-4.4.0-278-tuxcare.els49@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product_id": "linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-headers-4.4.0-278-tuxcare.els49-generic@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-libc-dev-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-libc-dev-0:4.4.0-278.312.amd64",
"product_id": "linux-libc-dev-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-libc-dev@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product_id": "linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-modules-4.4.0-278-tuxcare.els49-lowlatency@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product_id": "linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-buildinfo-4.4.0-278-tuxcare.els49-generic@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product_id": "linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product_id": "linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-modules-extra-4.4.0-278-tuxcare.els49-generic@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product_id": "linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-modules-4.4.0-278-tuxcare.els49-generic@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product_id": "linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-headers-4.4.0-278-tuxcare.els49-lowlatency@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"product_id": "linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-cloud-tools-4.4.0-278-tuxcare.els49@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product_id": "linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-tools-4.4.0-278-tuxcare.els49-lowlatency@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product_id": "linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-cloud-tools-4.4.0-278-tuxcare.els49-generic@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product_id": "linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product_id": "linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-tools-4.4.0-278-tuxcare.els49-generic@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product_id": "linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-image-unsigned-4.4.0-278-tuxcare.els49-generic@4.4.0-278.312?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product": {
"name": "linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product_id": "linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency@4.4.0-278.312?arch=amd64"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "linux-tools-host-0:4.4.0-278.312.all",
"product": {
"name": "linux-tools-host-0:4.4.0-278.312.all",
"product_id": "linux-tools-host-0:4.4.0-278.312.all",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-tools-host@4.4.0-278.312?arch=all"
}
}
},
{
"category": "product_version",
"name": "linux-source-4.4.0-0:4.4.0-278.312.all",
"product": {
"name": "linux-source-4.4.0-0:4.4.0-278.312.all",
"product_id": "linux-source-4.4.0-0:4.4.0-278.312.all",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-source-4.4.0@4.4.0-278.312?arch=all"
}
}
},
{
"category": "product_version",
"name": "linux-tools-common-0:4.4.0-278.312.all",
"product": {
"name": "linux-tools-common-0:4.4.0-278.312.all",
"product_id": "linux-tools-common-0:4.4.0-278.312.all",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-tools-common@4.4.0-278.312?arch=all"
}
}
},
{
"category": "product_version",
"name": "linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"product": {
"name": "linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"product_id": "linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-headers-4.4.0-278-tuxcare.els49@4.4.0-278.312?arch=all"
}
}
},
{
"category": "product_version",
"name": "linux-cloud-tools-common-0:4.4.0-278.312.all",
"product": {
"name": "linux-cloud-tools-common-0:4.4.0-278.312.all",
"product_id": "linux-cloud-tools-common-0:4.4.0-278.312.all",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-cloud-tools-common@4.4.0-278.312?arch=all"
}
}
},
{
"category": "product_version",
"name": "linux-doc-0:4.4.0-278.312.all",
"product": {
"name": "linux-doc-0:4.4.0-278.312.all",
"product_id": "linux-doc-0:4.4.0-278.312.all",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-doc@4.4.0-278.312?arch=all"
}
}
}
],
"category": "architecture",
"name": "all"
}
],
"category": "vendor",
"name": "CloudLinux"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-libc-dev-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-libc-dev-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-tools-host-0:4.4.0-278.312.all as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all"
},
"product_reference": "linux-tools-host-0:4.4.0-278.312.all",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-source-4.4.0-0:4.4.0-278.312.all as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all"
},
"product_reference": "linux-source-4.4.0-0:4.4.0-278.312.all",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-tools-common-0:4.4.0-278.312.all as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all"
},
"product_reference": "linux-tools-common-0:4.4.0-278.312.all",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all"
},
"product_reference": "linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-cloud-tools-common-0:4.4.0-278.312.all as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all"
},
"product_reference": "linux-cloud-tools-common-0:4.4.0-278.312.all",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-doc-0:4.4.0-278.312.all as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-doc-0:4.4.0-278.312.all"
},
"product_reference": "linux-doc-0:4.4.0-278.312.all",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64 as a component of Ubuntu 16.04",
"product_id": "Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
},
"product_reference": "linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"relates_to_product_reference": "Ubuntu-16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50290",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nmedia: cx24116: prevent overflows on SNR calculus\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\nPrevent that.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-50290"
}
],
"release_date": "2024-11-19T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-49965",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove unreasonable unlock in ocfs2_read_blocks\n\nPatch series \"Misc fixes for ocfs2_read_blocks\", v5.\n\nThis series contains 2 fixes for ocfs2_read_blocks(). The first patch fix\nthe issue reported by syzbot, which detects bad unlock balance in\nocfs2_read_blocks(). The second patch fixes an issue reported by Heming\nZhao when reviewing above fix.\n\n\nThis patch (of 2):\n\nThere was a lock release before exiting, so remove the unreasonable unlock.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-49965"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/39a88623af3f1c686bf6db1e677ed865ffe6fccc",
"url": "https://git.kernel.org/stable/c/39a88623af3f1c686bf6db1e677ed865ffe6fccc"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3f1ca6ba5452d53c598a45d21267a2c0c221eef3",
"url": "https://git.kernel.org/stable/c/3f1ca6ba5452d53c598a45d21267a2c0c221eef3"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5245f109b4afb6595360d4c180d483a6d2009a59",
"url": "https://git.kernel.org/stable/c/5245f109b4afb6595360d4c180d483a6d2009a59"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/81aba693b129e82e11bb54f569504d943d018de9",
"url": "https://git.kernel.org/stable/c/81aba693b129e82e11bb54f569504d943d018de9"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/84543da867c967edffd5065fa910ebf56aaae49d",
"url": "https://git.kernel.org/stable/c/84543da867c967edffd5065fa910ebf56aaae49d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9753bcb17b36c9add9b32c61766ddf8d2d161911",
"url": "https://git.kernel.org/stable/c/9753bcb17b36c9add9b32c61766ddf8d2d161911"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c03a82b4a0c935774afa01fd6d128b444fd930a1",
"url": "https://git.kernel.org/stable/c/c03a82b4a0c935774afa01fd6d128b444fd930a1"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/df4f20fc3673cee11abf2c571987a95733cb638d",
"url": "https://git.kernel.org/stable/c/df4f20fc3673cee11abf2c571987a95733cb638d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f55a33fe0fb5274ef185fd61947cf142138958af",
"url": "https://git.kernel.org/stable/c/f55a33fe0fb5274ef185fd61947cf142138958af"
}
],
"release_date": "2024-10-21T18:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-49877",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate\n\nWhen doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger\nNULL pointer dereference in the following ocfs2_set_buffer_uptodate() if\nbh is NULL.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-49877"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/01cb2e751cc61ade454c9bc1aaa2eac1f8197112",
"url": "https://git.kernel.org/stable/c/01cb2e751cc61ade454c9bc1aaa2eac1f8197112"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/190d98bcd61117a78fe185222d162180f061a6ca",
"url": "https://git.kernel.org/stable/c/190d98bcd61117a78fe185222d162180f061a6ca"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/33b525cef4cff49e216e4133cc48452e11c0391e",
"url": "https://git.kernel.org/stable/c/33b525cef4cff49e216e4133cc48452e11c0391e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/46b1edf0536a5291a8ad2337f88c926214b209d9",
"url": "https://git.kernel.org/stable/c/46b1edf0536a5291a8ad2337f88c926214b209d9"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/4846e72ab5a0726e49ad4188b9d9df091ae78c64",
"url": "https://git.kernel.org/stable/c/4846e72ab5a0726e49ad4188b9d9df091ae78c64"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/61b84013e560382cbe7dd56758be3154d43a3988",
"url": "https://git.kernel.org/stable/c/61b84013e560382cbe7dd56758be3154d43a3988"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d52c5652e7dcb7a0648bbb8642cc3e617070ab49",
"url": "https://git.kernel.org/stable/c/d52c5652e7dcb7a0648bbb8642cc3e617070ab49"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/df944dc46d06af65a75191183d52be017e6b9dbe",
"url": "https://git.kernel.org/stable/c/df944dc46d06af65a75191183d52be017e6b9dbe"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e68c8323355e8cedfbe0bec7d5a39009f61640b6",
"url": "https://git.kernel.org/stable/c/e68c8323355e8cedfbe0bec7d5a39009f61640b6"
}
],
"release_date": "2024-10-21T18:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-47709",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: Clear bo->bcm_proc_read after remove_proc_entry().\n\nsyzbot reported a warning in bcm_release(). [0]\n\nThe blamed change fixed another warning that is triggered when\nconnect() is issued again for a socket whose connect()ed device has\nbeen unregistered.\n\nHowever, if the socket is just close()d without the 2nd connect(), the\nremaining bo->bcm_proc_read triggers unnecessary remove_proc_entry()\nin bcm_release().\n\nLet's clear bo->bcm_proc_read after remove_proc_entry() in bcm_notify().\n\n[0]\nname '4986'\nWARNING: CPU: 0 PID: 5234 at fs/proc/generic.c:711 remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 0 UID: 0 PID: 5234 Comm: syz-executor606 Not tainted 6.11.0-rc5-syzkaller-00178-g5517ae241919 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nRIP: 0010:remove_proc_entry+0x2e7/0x5d0 fs/proc/generic.c:711\nCode: ff eb 05 e8 cb 1e 5e ff 48 8b 5c 24 10 48 c7 c7 e0 f7 aa 8e e8 2a 38 8e 09 90 48 c7 c7 60 3a 1b 8c 48 89 de e8 da 42 20 ff 90 <0f> 0b 90 90 48 8b 44 24 18 48 c7 44 24 40 0e 36 e0 45 49 c7 04 07\nRSP: 0018:ffffc9000345fa20 EFLAGS: 00010246\nRAX: 2a2d0aee2eb64600 RBX: ffff888032f1f548 RCX: ffff888029431e00\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc9000345fb08 R08: ffffffff8155b2f2 R09: 1ffff1101710519a\nR10: dffffc0000000000 R11: ffffed101710519b R12: ffff888011d38640\nR13: 0000000000000004 R14: 0000000000000000 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fcfb52722f0 CR3: 000000000e734000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n bcm_release+0x250/0x880 net/can/bcm.c:1578\n __sock_release net/socket.c:659 [inline]\n sock_close+0xbc/0x240 net/socket.c:1421\n __fput+0x24a/0x8a0 fs/file_table.c:422\n task_work_run+0x24f/0x310 kernel/task_work.c:228\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0xa2f/0x27f0 kernel/exit.c:882\n do_group_exit+0x207/0x2c0 kernel/exit.c:1031\n __do_sys_exit_group kernel/exit.c:1042 [inline]\n __se_sys_exit_group kernel/exit.c:1040 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1040\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fcfb51ee969\nCode: Unable to access opcode bytes at 0x7fcfb51ee93f.\nRSP: 002b:00007ffce0109ca8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fcfb51ee969\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001\nRBP: 00007fcfb526f3b0 R08: ffffffffffffffb8 R09: 0000555500000000\nR10: 0000555500000000 R11: 0000000000000246 R12: 00007fcfb526f3b0\nR13: 0000000000000000 R14: 00007fcfb5271ee0 R15: 00007fcfb51bf160\n ",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-47709"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5cc00913c1fdcab861c4e65fa20d1f1e1bbbf977",
"url": "https://git.kernel.org/stable/c/5cc00913c1fdcab861c4e65fa20d1f1e1bbbf977"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/770b463264426cc3c167b1d44efa85f6a526ce5b",
"url": "https://git.kernel.org/stable/c/770b463264426cc3c167b1d44efa85f6a526ce5b"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7a145d6ec2124bdb94bd6fc436b342ff6ddf2b70",
"url": "https://git.kernel.org/stable/c/7a145d6ec2124bdb94bd6fc436b342ff6ddf2b70"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/94b0818fa63555a65f6ba107080659ea6bcca63e",
"url": "https://git.kernel.org/stable/c/94b0818fa63555a65f6ba107080659ea6bcca63e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9550baada4c8ef8cebefccc746384842820b4dff",
"url": "https://git.kernel.org/stable/c/9550baada4c8ef8cebefccc746384842820b4dff"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a833da8eec20b51af39643faa7067b25c8b20f3e",
"url": "https://git.kernel.org/stable/c/a833da8eec20b51af39643faa7067b25c8b20f3e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b02ed2f01240b226570b4a19b5041d61f5125784",
"url": "https://git.kernel.org/stable/c/b02ed2f01240b226570b4a19b5041d61f5125784"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c3d941cc734e0c8dc486c062926d5249070af5e4",
"url": "https://git.kernel.org/stable/c/c3d941cc734e0c8dc486c062926d5249070af5e4"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f5059fae5ed518fc56494ce5bdd4f5360de4b3bc",
"url": "https://git.kernel.org/stable/c/f5059fae5ed518fc56494ce5bdd4f5360de4b3bc"
}
],
"release_date": "2024-10-21T12:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-41016",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()\nxattr in ocfs2 maybe 'non-indexed', which saved with additional space\nrequested. It's better to check if the memory is out of bound before\nmemcmp, although this possibility mainly comes from crafted poisonous\nimages.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-41016"
}
],
"release_date": "2024-07-29T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-40953",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nKVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()\nUse {READ,WRITE}_ONCE() to access kvm->last_boosted_vcpu to ensure the\nloads and stores are atomic. In the extremely unlikely scenario the\ncompiler tears the stores, it's theoretically possible for KVM to attempt\nto get a vCPU using an out-of-bounds index, e.g. if the write is split\ninto multiple 8-bit stores, and is paired with a 32-bit load on a VM with\n257 vCPUs:\nCPU0 CPU1\nlast_boosted_vcpu = 0xff;\n(last_boosted_vcpu = 0x100)\nlast_boosted_vcpu[15:8] = 0x01;\ni = (last_boosted_vcpu = 0x1ff)\nlast_boosted_vcpu[7:0] = 0x00;\nvcpu = kvm->vcpu_array[0x1ff];\nAs detected by KCSAN:\nBUG: KCSAN: data-race in kvm_vcpu_on_spin [kvm] / kvm_vcpu_on_spin [kvm]\nwrite to 0xffffc90025a92344 of 4 bytes by task 4340 on cpu 16:\nkvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4112) kvm\nhandle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel\nvmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?\narch/x86/kvm/vmx/vmx.c:6606) kvm_intel\nvcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm\nkvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm\nkvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm\n__se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)\n__x64_sys_ioctl (fs/ioctl.c:890)\nx64_sys_call (arch/x86/entry/syscall_64.c:33)\ndo_syscall_64 (arch/x86/entry/common.c:?)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nread to 0xffffc90025a92344 of 4 bytes by task 4342 on cpu 4:\nkvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4069) kvm\nhandle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel\nvmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?\narch/x86/kvm/vmx/vmx.c:6606) kvm_intel\nvcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm\nkvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm\nkvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm\n__se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)\n__x64_sys_ioctl (fs/ioctl.c:890)\nx64_sys_call (arch/x86/entry/syscall_64.c:33)\ndo_syscall_64 (arch/x86/entry/common.c:?)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\nvalue changed: 0x00000012 -> 0x00000000",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-40953"
}
],
"release_date": "2024-07-12T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2025-37752",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: sch_sfq: move the limit validation\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\nThis fixes the following syzkaller reported crash:\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type 'struct sfq_head[128]'\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\nubsan_epilogue lib/ubsan.c:231 [inline]\n__ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\nsfq_link net/sched/sch_sfq.c:203 [inline]\nsfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\nsfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\nsfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\nqdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\ntbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\nqdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\ndev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\nnetdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\ndev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-37752"
}
],
"release_date": "2025-05-01T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2021-34981",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "description",
"text": "Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11977.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2021-34981"
},
{
"category": "external",
"summary": "https://www.zerodayinitiative.com/advisories/ZDI-21-1223/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1223/"
}
],
"release_date": "2024-05-07T23:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2025-37797",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\ncodel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\nthe class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\nare in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn't emptied.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-37797"
}
],
"release_date": "2025-05-02T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-37798",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\ncodel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()\nAfter making all ->qlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-37798"
}
],
"release_date": "2025-05-02T00:00:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2025-21638",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: auth_enable: avoid using current->nsproxy\n\nAs mentioned in a previous commit of this series, using the 'net'\nstructure via 'current' is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader's/writer's netns vs only\n from the opener's netns.\n\n- current->nsproxy can be NULL in some cases, resulting in an 'Oops'\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe 'net' structure can be obtained from the table->data using\ncontainer_of().\n\nNote that table->data could also be used directly, but that would\nincrease the size of this fix, while 'sctp.ctl_sock' still needs to be\nretrieved from 'net' structure.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21638"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/15649fd5415eda664ef35780c2013adeb5d9c695",
"url": "https://git.kernel.org/stable/c/15649fd5415eda664ef35780c2013adeb5d9c695"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/1b67030d39f2b00f94ac1f0af11ba6657589e4d3",
"url": "https://git.kernel.org/stable/c/1b67030d39f2b00f94ac1f0af11ba6657589e4d3"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7ec30c54f339c640aa7e49d7e9f7bbed6bd42bf6",
"url": "https://git.kernel.org/stable/c/7ec30c54f339c640aa7e49d7e9f7bbed6bd42bf6"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/bd2a2939423566c654545fa3e96a656662a0af9e",
"url": "https://git.kernel.org/stable/c/bd2a2939423566c654545fa3e96a656662a0af9e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c184bc621e3cef03ac9ba81a50dda2dae6a21d36",
"url": "https://git.kernel.org/stable/c/c184bc621e3cef03ac9ba81a50dda2dae6a21d36"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/cf387cdebfaebae228dfba162f94c567a67610c3",
"url": "https://git.kernel.org/stable/c/cf387cdebfaebae228dfba162f94c567a67610c3"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/dc583e7e5f8515ca489c0df28e4362a70eade382",
"url": "https://git.kernel.org/stable/c/dc583e7e5f8515ca489c0df28e4362a70eade382"
}
],
"release_date": "2025-01-19T11:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-50195",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-clock: Fix missing timespec64 check in pc_clock_settime()\n\nAs Andrew pointed out, it will make sense that the PTP core\nchecked timespec64 struct's tv_sec and tv_nsec range before calling\nptp->info->settime64().\n\nAs the man manual of clock_settime() said, if tp.tv_sec is negative or\ntp.tv_nsec is outside the range [0..999,999,999], it should return EINVAL,\nwhich include dynamic clocks which handles PTP clock, and the condition is\nconsistent with timespec64_valid(). As Thomas suggested, timespec64_valid()\nonly check the timespec is valid, but not ensure that the time is\nin a valid range, so check it ahead using timespec64_valid_strict()\nin pc_clock_settime() and return -EINVAL if not valid.\n\nThere are some drivers that use tp->tv_sec and tp->tv_nsec directly to\nwrite registers without validity checks and assume that the higher layer\nhas checked it, which is dangerous and will benefit from this, such as\nhclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(),\nand some drivers can remove the checks of itself.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-50195"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/1ff7247101af723731ea42ed565d54fb8f341264",
"url": "https://git.kernel.org/stable/c/1ff7247101af723731ea42ed565d54fb8f341264"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/27abbde44b6e71ee3891de13e1a228aa7ce95bfe",
"url": "https://git.kernel.org/stable/c/27abbde44b6e71ee3891de13e1a228aa7ce95bfe"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/29f085345cde24566efb751f39e5d367c381c584",
"url": "https://git.kernel.org/stable/c/29f085345cde24566efb751f39e5d367c381c584"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/673a1c5a2998acbd429d6286e6cad10f17f4f073",
"url": "https://git.kernel.org/stable/c/673a1c5a2998acbd429d6286e6cad10f17f4f073"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a3f169e398215e71361774d13bf91a0101283ac2",
"url": "https://git.kernel.org/stable/c/a3f169e398215e71361774d13bf91a0101283ac2"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c8789fbe2bbf75845e45302cba6ffa44e1884d01",
"url": "https://git.kernel.org/stable/c/c8789fbe2bbf75845e45302cba6ffa44e1884d01"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d8794ac20a299b647ba9958f6d657051fc51a540",
"url": "https://git.kernel.org/stable/c/d8794ac20a299b647ba9958f6d657051fc51a540"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e0c966bd3e31911b57ef76cec4c5796ebd88e512",
"url": "https://git.kernel.org/stable/c/e0c966bd3e31911b57ef76cec4c5796ebd88e512"
}
],
"release_date": "2024-11-08T06:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-50299",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: properly validate chunk size in sctp_sf_ootb()\n\nA size validation fix similar to that in Commit 50619dbf8db7 (\"sctp: add\nsize validation when walking chunks\") is also required in sctp_sf_ootb()\nto address a crash reported by syzbot:\n\n BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712\n sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712\n sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166\n sctp_endpoint_bh_rcv+0xc38/0xf90 net/sctp/endpointola.c:407\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_rcv+0x3831/0x3b20 net/sctp/input.c:243\n sctp4_rcv+0x42/0x50 net/sctp/protocol.c:1159\n ip_protocol_deliver_rcu+0xb51/0x13d0 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-50299"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0ead60804b64f5bd6999eec88e503c6a1a242d41",
"url": "https://git.kernel.org/stable/c/0ead60804b64f5bd6999eec88e503c6a1a242d41"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/40b283ba76665437bc2ac72079c51b57b25bff9e",
"url": "https://git.kernel.org/stable/c/40b283ba76665437bc2ac72079c51b57b25bff9e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/67b9a278b80f71ec62091ded97c6bcbea33b5ec3",
"url": "https://git.kernel.org/stable/c/67b9a278b80f71ec62091ded97c6bcbea33b5ec3"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/8820d2d6589f62ee5514793fff9b50c9f8101182",
"url": "https://git.kernel.org/stable/c/8820d2d6589f62ee5514793fff9b50c9f8101182"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9b5d42aeaf1a52f73b003a33da6deef7df34685f",
"url": "https://git.kernel.org/stable/c/9b5d42aeaf1a52f73b003a33da6deef7df34685f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a758aa6a773bb872196bcc3173171ef8996bddf0",
"url": "https://git.kernel.org/stable/c/a758aa6a773bb872196bcc3173171ef8996bddf0"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/bf9bff13225baf5f658577f7d985fc4933d79527",
"url": "https://git.kernel.org/stable/c/bf9bff13225baf5f658577f7d985fc4933d79527"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d3fb3cc83cf313e4f87063ce0f3fea76b071567b",
"url": "https://git.kernel.org/stable/c/d3fb3cc83cf313e4f87063ce0f3fea76b071567b"
}
],
"release_date": "2024-11-19T02:16:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2025-21689",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()\n\nThis patch addresses a null-ptr-deref in qt2_process_read_urb() due to\nan incorrect bounds check in the following:\n\n if (newport > serial->num_ports) {\n dev_err(&port->dev,\n \"%s - port change to invalid port: %i\\n\",\n __func__, newport);\n break;\n }\n\nThe condition doesn't account for the valid range of the serial->port\nbuffer, which is from 0 to serial->num_ports - 1. When newport is equal\nto serial->num_ports, the assignment of \"port\" in the\nfollowing code is out-of-bounds and NULL:\n\n serial_priv->current_port = newport;\n port = serial->port[serial_priv->current_port];\n\nThe fix checks if newport is greater than or equal to serial->num_ports\nindicating it is out-of-bounds.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21689"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/4b9b41fabcd38990f69ef0cee9c631d954a2b530",
"url": "https://git.kernel.org/stable/c/4b9b41fabcd38990f69ef0cee9c631d954a2b530"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/575a5adf48b06a2980c9eeffedf699ed5534fade",
"url": "https://git.kernel.org/stable/c/575a5adf48b06a2980c9eeffedf699ed5534fade"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe",
"url": "https://git.kernel.org/stable/c/6068dcff7f19e9fa6fa23ee03453ad6a40fa4efe"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/6377838560c03b36e1153a42ef727533def9b68f",
"url": "https://git.kernel.org/stable/c/6377838560c03b36e1153a42ef727533def9b68f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/8542b33622571f54dfc2a267fce378b6e3840b8b",
"url": "https://git.kernel.org/stable/c/8542b33622571f54dfc2a267fce378b6e3840b8b"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/94770cf7c5124f0268d481886829dc2beecc4507",
"url": "https://git.kernel.org/stable/c/94770cf7c5124f0268d481886829dc2beecc4507"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f371471708c7d997f763b0e70565026eb67cc470",
"url": "https://git.kernel.org/stable/c/f371471708c7d997f763b0e70565026eb67cc470"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/fa4c7472469d97c4707698b4c0e098f8cfc2bf22",
"url": "https://git.kernel.org/stable/c/fa4c7472469d97c4707698b4c0e098f8cfc2bf22"
}
],
"release_date": "2025-02-10T16:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-53130",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint\n\nWhen using the \"block:block_dirty_buffer\" tracepoint, mark_buffer_dirty()\nmay cause a NULL pointer dereference, or a general protection fault when\nKASAN is enabled.\n\nThis happens because, since the tracepoint was added in\nmark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev\nregardless of whether the buffer head has a pointer to a block_device\nstructure.\n\nIn the current implementation, nilfs_grab_buffer(), which grabs a buffer\nto read (or create) a block of metadata, including b-tree node blocks,\ndoes not set the block device, but instead does so only if the buffer is\nnot in the \"uptodate\" state for each of its caller block reading\nfunctions. However, if the uptodate flag is set on a folio/page, and the\nbuffer heads are detached from it by try_to_free_buffers(), and new buffer\nheads are then attached by create_empty_buffers(), the uptodate flag may\nbe restored to each buffer without the block device being set to\nbh->b_bdev, and mark_buffer_dirty() may be called later in that state,\nresulting in the bug mentioned above.\n\nFix this issue by making nilfs_grab_buffer() always set the block device\nof the super block structure to the buffer head, regardless of the state\nof the buffer's uptodate flag.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-53130"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0a5014ad37c77ac6a2c525137c00a0e1724f6020",
"url": "https://git.kernel.org/stable/c/0a5014ad37c77ac6a2c525137c00a0e1724f6020"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0ce59fb1c73fdd5b6028226aeb46259a0cdc0957",
"url": "https://git.kernel.org/stable/c/0ce59fb1c73fdd5b6028226aeb46259a0cdc0957"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/2026559a6c4ce34db117d2db8f710fe2a9420d5a",
"url": "https://git.kernel.org/stable/c/2026559a6c4ce34db117d2db8f710fe2a9420d5a"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7af3309c7a2ef26831a67125b11c34a7e01c1b2a",
"url": "https://git.kernel.org/stable/c/7af3309c7a2ef26831a67125b11c34a7e01c1b2a"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/86b19031dbc79abc378dfae357f6ea33ebeb0c95",
"url": "https://git.kernel.org/stable/c/86b19031dbc79abc378dfae357f6ea33ebeb0c95"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b0e4765740040c44039282057ecacd7435d1d2ba",
"url": "https://git.kernel.org/stable/c/b0e4765740040c44039282057ecacd7435d1d2ba"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d904e4d845aafbcfd8a40c1df7d999f02f062be8",
"url": "https://git.kernel.org/stable/c/d904e4d845aafbcfd8a40c1df7d999f02f062be8"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ffc440a76a0f476a7e6ea838ec0dc8e9979944d1",
"url": "https://git.kernel.org/stable/c/ffc440a76a0f476a7e6ea838ec0dc8e9979944d1"
}
],
"release_date": "2024-12-04T15:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2021-47345",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Fix rdma_resolve_route() memory leak\n\nFix a memory leak when \"mda_resolve_route() is called more than once on\nthe same \"rdma_cm_id\".\n\nThis is possible if cma_query_handler() triggers the\nRDMA_CM_EVENT_ROUTE_ERROR flow which puts the state machine back and\nallows rdma_resolve_route() to be called again.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2021-47345"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/032c68b4f5be128a2167f35b558b7cec88fe4972",
"url": "https://git.kernel.org/stable/c/032c68b4f5be128a2167f35b558b7cec88fe4972"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/07583ba2e2d8947c3d365d97608cb436510885ac",
"url": "https://git.kernel.org/stable/c/07583ba2e2d8947c3d365d97608cb436510885ac"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3d08b5917984f737f32d5bee9737b9075c3895c6",
"url": "https://git.kernel.org/stable/c/3d08b5917984f737f32d5bee9737b9075c3895c6"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/40b613db3a95bc27998e4097d74c2f7e5d083a0b",
"url": "https://git.kernel.org/stable/c/40b613db3a95bc27998e4097d74c2f7e5d083a0b"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/4893c938f2a140a74be91779e45e4a7fa111198f",
"url": "https://git.kernel.org/stable/c/4893c938f2a140a74be91779e45e4a7fa111198f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/74f160ead74bfe5f2b38afb4fcf86189f9ff40c9",
"url": "https://git.kernel.org/stable/c/74f160ead74bfe5f2b38afb4fcf86189f9ff40c9"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e2da8ce2a9543f3ca5c93369bd1fe6eeb572101a",
"url": "https://git.kernel.org/stable/c/e2da8ce2a9543f3ca5c93369bd1fe6eeb572101a"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e4e062da082a199357ba4911145f331d40139ad8",
"url": "https://git.kernel.org/stable/c/e4e062da082a199357ba4911145f331d40139ad8"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f4f553d67236145fa5fd203ed7b35b9377e19939",
"url": "https://git.kernel.org/stable/c/f4f553d67236145fa5fd203ed7b35b9377e19939"
}
],
"release_date": "2024-05-21T15:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-53131",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix null-ptr-deref in block_touch_buffer tracepoint\n\nPatch series \"nilfs2: fix null-ptr-deref bugs on block tracepoints\".\n\nThis series fixes null pointer dereference bugs that occur when using\nnilfs2 and two block-related tracepoints.\n\n\nThis patch (of 2):\n\nIt has been reported that when using \"block:block_touch_buffer\"\ntracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a\nNULL pointer dereference, or a general protection fault when KASAN is\nenabled.\n\nThis happens because since the tracepoint was added in touch_buffer(), it\nreferences the dev_t member bh->b_bdev->bd_dev regardless of whether the\nbuffer head has a pointer to a block_device structure. In the current\nimplementation, the block_device structure is set after the function\nreturns to the caller.\n\nHere, touch_buffer() is used to mark the folio/page that owns the buffer\nhead as accessed, but the common search helper for folio/page used by the\ncaller function was optimized to mark the folio/page as accessed when it\nwas reimplemented a long time ago, eliminating the need to call\ntouch_buffer() here in the first place.\n\nSo this solves the issue by eliminating the touch_buffer() call itself.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-53131"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/085556bf8c70e2629e02e79268dac3016a08b8bf",
"url": "https://git.kernel.org/stable/c/085556bf8c70e2629e02e79268dac3016a08b8bf"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/19c71cdd77973f99a9adc3190130bc3aa7ae5423",
"url": "https://git.kernel.org/stable/c/19c71cdd77973f99a9adc3190130bc3aa7ae5423"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3b2a4fd9bbee77afdd3ed5a05a0c02b6cde8d3b9",
"url": "https://git.kernel.org/stable/c/3b2a4fd9bbee77afdd3ed5a05a0c02b6cde8d3b9"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/59b49ca67cca7b007a5afd3de0283c8008157665",
"url": "https://git.kernel.org/stable/c/59b49ca67cca7b007a5afd3de0283c8008157665"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/6438f3f42cda825f6f59b4e45ac3a1da28a6f2c9",
"url": "https://git.kernel.org/stable/c/6438f3f42cda825f6f59b4e45ac3a1da28a6f2c9"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/77e47f89d32c2d72eb33d0becbce7abe14d061f4",
"url": "https://git.kernel.org/stable/c/77e47f89d32c2d72eb33d0becbce7abe14d061f4"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b017697a517f8779ada4e8ce1c2c75dbf60a2636",
"url": "https://git.kernel.org/stable/c/b017697a517f8779ada4e8ce1c2c75dbf60a2636"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/cd45e963e44b0f10d90b9e6c0e8b4f47f3c92471",
"url": "https://git.kernel.org/stable/c/cd45e963e44b0f10d90b9e6c0e8b4f47f3c92471"
}
],
"release_date": "2024-12-04T15:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-57996",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don't allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type 'struct sfq_head[128]'\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q->tail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-57996"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/10685681bafce6febb39770f3387621bf5d67d0b",
"url": "https://git.kernel.org/stable/c/10685681bafce6febb39770f3387621bf5d67d0b"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/1b562b7f9231432da40d12e19786c1bd7df653a7",
"url": "https://git.kernel.org/stable/c/1b562b7f9231432da40d12e19786c1bd7df653a7"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/1e6d9d87626cf89eeffb4d943db12cb5b10bf961",
"url": "https://git.kernel.org/stable/c/1e6d9d87626cf89eeffb4d943db12cb5b10bf961"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/35d0137305ae2f97260a9047f445bd4434bd6cc7",
"url": "https://git.kernel.org/stable/c/35d0137305ae2f97260a9047f445bd4434bd6cc7"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7d8947f2153ee9c5ab4cb17861a11cc45f30e8c4",
"url": "https://git.kernel.org/stable/c/7d8947f2153ee9c5ab4cb17861a11cc45f30e8c4"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7fefc294204f10a3405f175f4ac2be16d63f135e",
"url": "https://git.kernel.org/stable/c/7fefc294204f10a3405f175f4ac2be16d63f135e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/833e9a1c27b82024db7ff5038a51651f48f05e5e",
"url": "https://git.kernel.org/stable/c/833e9a1c27b82024db7ff5038a51651f48f05e5e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e12f6013d0a69660e8b99bfe381b9546ae667328",
"url": "https://git.kernel.org/stable/c/e12f6013d0a69660e8b99bfe381b9546ae667328"
}
],
"release_date": "2025-02-27T02:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2025-21699",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode's address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21699"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/2a40a140e11fec699e128170ccaa98b6b82cb503",
"url": "https://git.kernel.org/stable/c/2a40a140e11fec699e128170ccaa98b6b82cb503"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/2b0bd5051ad1c1e9ef4879f18e15a7712c974f3e",
"url": "https://git.kernel.org/stable/c/2b0bd5051ad1c1e9ef4879f18e15a7712c974f3e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/4516febe325342555bb09ca5b396fb816d655821",
"url": "https://git.kernel.org/stable/c/4516febe325342555bb09ca5b396fb816d655821"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/4dd57d1f0e9844311c635a7fb39abce4f2ac5a61",
"url": "https://git.kernel.org/stable/c/4dd57d1f0e9844311c635a7fb39abce4f2ac5a61"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/4e3ded34f3f3c9d7ed2aac7be8cf51153646574a",
"url": "https://git.kernel.org/stable/c/4e3ded34f3f3c9d7ed2aac7be8cf51153646574a"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5bb1fd0855bb0abc7d97e44758d6ffed7882d2d0",
"url": "https://git.kernel.org/stable/c/5bb1fd0855bb0abc7d97e44758d6ffed7882d2d0"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7c9d9223802fbed4dee1ae301661bf346964c9d2",
"url": "https://git.kernel.org/stable/c/7c9d9223802fbed4dee1ae301661bf346964c9d2"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/8c41abc11aa8438c9ed2d973f97e66674c0355df",
"url": "https://git.kernel.org/stable/c/8c41abc11aa8438c9ed2d973f97e66674c0355df"
}
],
"release_date": "2025-02-12T14:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2025-21640",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy\n\nAs mentioned in a previous commit of this series, using the 'net'\nstructure via 'current' is not recommended for different reasons:\n\n- Inconsistency: getting info from the reader's/writer's netns vs only\n from the opener's netns.\n\n- current->nsproxy can be NULL in some cases, resulting in an 'Oops'\n (null-ptr-deref), e.g. when the current task is exiting, as spotted by\n syzbot [1] using acct(2).\n\nThe 'net' structure can be obtained from the table->data using\ncontainer_of().\n\nNote that table->data could also be used directly, as this is the only\nmember needed from the 'net' structure, but that would increase the size\nof this fix, to use '*data' everywhere 'net->sctp.sctp_hmac_alg' is\nused.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21640"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/03ca51faba2b017bf6c90e139434c4117d0afcdc",
"url": "https://git.kernel.org/stable/c/03ca51faba2b017bf6c90e139434c4117d0afcdc"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3cd0659deb9c03535fd61839e91d4d4d3e51ac71",
"url": "https://git.kernel.org/stable/c/3cd0659deb9c03535fd61839e91d4d4d3e51ac71"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5599b212d2f4466e1832a94e9932684aaa364587",
"url": "https://git.kernel.org/stable/c/5599b212d2f4466e1832a94e9932684aaa364587"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/86ddf8118123cb58a0fb8724cad6979c4069065b",
"url": "https://git.kernel.org/stable/c/86ddf8118123cb58a0fb8724cad6979c4069065b"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ad673e514b2793b8d5902f6ba6ab7e890dea23d5",
"url": "https://git.kernel.org/stable/c/ad673e514b2793b8d5902f6ba6ab7e890dea23d5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ea62dd1383913b5999f3d16ae99d411f41b528d4",
"url": "https://git.kernel.org/stable/c/ea62dd1383913b5999f3d16ae99d411f41b528d4"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f0bb3935470684306e4e04793a20ac4c4b08de0b",
"url": "https://git.kernel.org/stable/c/f0bb3935470684306e4e04793a20ac4c4b08de0b"
}
],
"release_date": "2025-01-19T11:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-50008",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()\n\nReplace one-element array with a flexible-array member in\n`struct host_cmd_ds_802_11_scan_ext`.\n\nWith this, fix the following warning:\n\nelo 16 17:51:58 surfacebook kernel: ------------[ cut here ]------------\nelo 16 17:51:58 surfacebook kernel: memcpy: detected field-spanning write (size 243) of single field \"ext_scan->tlv_buffer\" at drivers/net/wireless/marvell/mwifiex/scan.c:2239 (size 1)\nelo 16 17:51:58 surfacebook kernel: WARNING: CPU: 0 PID: 498 at drivers/net/wireless/marvell/mwifiex/scan.c:2239 mwifiex_cmd_802_11_scan_ext+0x83/0x90 [mwifiex]",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-50008"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/17199b69a84798efffc475040fbef44374ef1de1",
"url": "https://git.kernel.org/stable/c/17199b69a84798efffc475040fbef44374ef1de1"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/1756918f51e9ab247a0f4782cc28853c2bb457c1",
"url": "https://git.kernel.org/stable/c/1756918f51e9ab247a0f4782cc28853c2bb457c1"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/498365e52bebcbc36a93279fe7e9d6aec8479cee",
"url": "https://git.kernel.org/stable/c/498365e52bebcbc36a93279fe7e9d6aec8479cee"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/71267bd4e8c752d7af6c6b96bb83984a6a95273d",
"url": "https://git.kernel.org/stable/c/71267bd4e8c752d7af6c6b96bb83984a6a95273d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a3a12c30f9510f3753286fadbc6cdb7dad78c1d5",
"url": "https://git.kernel.org/stable/c/a3a12c30f9510f3753286fadbc6cdb7dad78c1d5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b55c8848fdc81514ec047b2a0ec782ffe9ab5323",
"url": "https://git.kernel.org/stable/c/b55c8848fdc81514ec047b2a0ec782ffe9ab5323"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e59bdb1ba594104cd0ee0af3ee9e4435d842a8fe",
"url": "https://git.kernel.org/stable/c/e59bdb1ba594104cd0ee0af3ee9e4435d842a8fe"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f9310a6704bf52e2493480edea896e1f9b795d40",
"url": "https://git.kernel.org/stable/c/f9310a6704bf52e2493480edea896e1f9b795d40"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/fef7b51f22cf2049b0ca6740adeb0ba6f2e671dc",
"url": "https://git.kernel.org/stable/c/fef7b51f22cf2049b0ca6740adeb0ba6f2e671dc"
}
],
"release_date": "2024-10-21T19:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-53101",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Fix uninitialized value issue in from_kuid and from_kgid\n\nocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in\na trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren't set.\n\nInitialize all fields of newattrs to avoid uninitialized variables, by\nchecking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-53101"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/15f34347481648a567db67fb473c23befb796af5",
"url": "https://git.kernel.org/stable/c/15f34347481648a567db67fb473c23befb796af5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/17ecb40c5cc7755a321fb6148cba5797431ee5b8",
"url": "https://git.kernel.org/stable/c/17ecb40c5cc7755a321fb6148cba5797431ee5b8"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/1c28bca1256aecece6e94b26b85cd07e08b0dc90",
"url": "https://git.kernel.org/stable/c/1c28bca1256aecece6e94b26b85cd07e08b0dc90"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/1cb5bfc5bfc651982b6203c224d49b7ddacf28bc",
"url": "https://git.kernel.org/stable/c/1cb5bfc5bfc651982b6203c224d49b7ddacf28bc"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5a72b0d3497b818d8f000c347a7c11801eb27bfc",
"url": "https://git.kernel.org/stable/c/5a72b0d3497b818d8f000c347a7c11801eb27bfc"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9db25c2b41c34963c3ccf473b08171f87670652e",
"url": "https://git.kernel.org/stable/c/9db25c2b41c34963c3ccf473b08171f87670652e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a0c77e5e3dcbffc7c6080ccc89c037f0c86496cf",
"url": "https://git.kernel.org/stable/c/a0c77e5e3dcbffc7c6080ccc89c037f0c86496cf"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b3e612bd8f64ce62e731e95f635e06a2efe3c80c",
"url": "https://git.kernel.org/stable/c/b3e612bd8f64ce62e731e95f635e06a2efe3c80c"
}
],
"release_date": "2024-11-25T22:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-57913",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Remove WARN_ON in functionfs_bind\n\nThis commit addresses an issue related to below kernel panic where\npanic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON\nin functionsfs_bind, which easily leads to the following scenarios.\n\n1.adb_write in adbd 2. UDC write via configfs\n =================\t =====================\n\n->usb_ffs_open_thread() ->UDC write\n ->open_functionfs() ->configfs_write_iter()\n ->adb_open() ->gadget_dev_desc_UDC_store()\n ->adb_write() ->usb_gadget_register_driver_owner\n ->driver_register()\n->StartMonitor() ->bus_add_driver()\n ->adb_read() ->gadget_bind_driver()\n ->configfs_composite_bind()\n ->usb_add_function()\n->open_functionfs() ->ffs_func_bind()\n ->adb_open() ->functionfs_bind()\n state !=FFS_ACTIVE>\n\nThe adb_open, adb_read, and adb_write operations are invoked from the\ndaemon, but trying to bind the function is a process that is invoked by\nUDC write through configfs, which opens up the possibility of a race\ncondition between the two paths. In this race scenario, the kernel panic\noccurs due to the WARN_ON from functionfs_bind when panic_on_warn is\nenabled. This commit fixes the kernel panic by removing the unnecessary\nWARN_ON.\n\nKernel panic - not syncing: kernel: panic_on_warn set ...\n[ 14.542395] Call trace:\n[ 14.542464] ffs_func_bind+0x1c8/0x14a8\n[ 14.542468] usb_add_function+0xcc/0x1f0\n[ 14.542473] configfs_composite_bind+0x468/0x588\n[ 14.542478] gadget_bind_driver+0x108/0x27c\n[ 14.542483] really_probe+0x190/0x374\n[ 14.542488] __driver_probe_device+0xa0/0x12c\n[ 14.542492] driver_probe_device+0x3c/0x220\n[ 14.542498] __driver_attach+0x11c/0x1fc\n[ 14.542502] bus_for_each_dev+0x104/0x160\n[ 14.542506] driver_attach+0x24/0x34\n[ 14.542510] bus_add_driver+0x154/0x270\n[ 14.542514] driver_register+0x68/0x104\n[ 14.542518] usb_gadget_register_driver_owner+0x48/0xf4\n[ 14.542523] gadget_dev_desc_UDC_store+0xf8/0x144\n[ 14.542526] configfs_write_iter+0xf0/0x138",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-57913"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/19fc1c83454ca9d5699e39633ec79ce26355251c",
"url": "https://git.kernel.org/stable/c/19fc1c83454ca9d5699e39633ec79ce26355251c"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3e4d32cc145955d5c56c5498a3ff057e4aafa9d1",
"url": "https://git.kernel.org/stable/c/3e4d32cc145955d5c56c5498a3ff057e4aafa9d1"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/82f60f3600aecd9ffcd0fbc4e193694511c85b47",
"url": "https://git.kernel.org/stable/c/82f60f3600aecd9ffcd0fbc4e193694511c85b47"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2",
"url": "https://git.kernel.org/stable/c/a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/bfe60030fcd976e3546e1f73d6d0eb3fea26442e",
"url": "https://git.kernel.org/stable/c/bfe60030fcd976e3546e1f73d6d0eb3fea26442e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/dfc51e48bca475bbee984e90f33fdc537ce09699",
"url": "https://git.kernel.org/stable/c/dfc51e48bca475bbee984e90f33fdc537ce09699"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ea6a1498742430eb2effce0d1439ff29ef37dd7d",
"url": "https://git.kernel.org/stable/c/ea6a1498742430eb2effce0d1439ff29ef37dd7d"
}
],
"release_date": "2025-01-19T12:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-50287",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-tpg: prevent the risk of a division by zero\n\nAs reported by Coverity, the logic at tpg_precalculate_line()\nblindly rescales the buffer even when scaled_witdh is equal to\nzero. If this ever happens, this will cause a division by zero.\n\nInstead, add a WARN_ON_ONCE() to trigger such cases and return\nwithout doing any precalculation.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-50287"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/054931ca3cfcb8e8fa036e887d6f379942b02565",
"url": "https://git.kernel.org/stable/c/054931ca3cfcb8e8fa036e887d6f379942b02565"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0bfc6e38ee2250f0503d96f1a1de441c31d88715",
"url": "https://git.kernel.org/stable/c/0bfc6e38ee2250f0503d96f1a1de441c31d88715"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0cdb42ba0b28f548c1a4e86bb8489dba0d78fc21",
"url": "https://git.kernel.org/stable/c/0cdb42ba0b28f548c1a4e86bb8489dba0d78fc21"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/2d0f01aa602fd15a805771bdf3f4d9a9b4df7f47",
"url": "https://git.kernel.org/stable/c/2d0f01aa602fd15a805771bdf3f4d9a9b4df7f47"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a749c15dccc58d9cbad9cd23bd8ab4b5fa96cf47",
"url": "https://git.kernel.org/stable/c/a749c15dccc58d9cbad9cd23bd8ab4b5fa96cf47"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c63c30c9d9f2c8de34b16cd2b8400240533b914e",
"url": "https://git.kernel.org/stable/c/c63c30c9d9f2c8de34b16cd2b8400240533b914e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e3c36d0bde309f690ed1f9cd5f7e63b3a513f94a",
"url": "https://git.kernel.org/stable/c/e3c36d0bde309f690ed1f9cd5f7e63b3a513f94a"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e6a3ea83fbe15d4818d01804e904cbb0e64e543b",
"url": "https://git.kernel.org/stable/c/e6a3ea83fbe15d4818d01804e904cbb0e64e543b"
}
],
"release_date": "2024-11-19T02:16:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-50179",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: remove the incorrect Fw reference check when dirtying pages\n\nWhen doing the direct-io reads it will also try to mark pages dirty,\nbut for the read path it won't hold the Fw caps and there is case\nwill it get the Fw reference.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-50179"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/11ab19d48ab877430eed0c7d83810970bbcbc4f6",
"url": "https://git.kernel.org/stable/c/11ab19d48ab877430eed0c7d83810970bbcbc4f6"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/126b567a2ef65fc38a71d832bf1216c56816f231",
"url": "https://git.kernel.org/stable/c/126b567a2ef65fc38a71d832bf1216c56816f231"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/74b302ebad5b43ac17460fa58092d892a3cba6eb",
"url": "https://git.kernel.org/stable/c/74b302ebad5b43ac17460fa58092d892a3cba6eb"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9d4f619153bab7fa59736462967821d6521a38cb",
"url": "https://git.kernel.org/stable/c/9d4f619153bab7fa59736462967821d6521a38cb"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c08dfb1b49492c09cf13838c71897493ea3b424e",
"url": "https://git.kernel.org/stable/c/c08dfb1b49492c09cf13838c71897493ea3b424e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c26c5ec832dd9e9dcd0a0a892a485c99889b68f0",
"url": "https://git.kernel.org/stable/c/c26c5ec832dd9e9dcd0a0a892a485c99889b68f0"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ea98284fc4fb05f276737d2043b02b62be5a8dfb",
"url": "https://git.kernel.org/stable/c/ea98284fc4fb05f276737d2043b02b62be5a8dfb"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f55e003d261baa7c57d51ae5c8ec1f5c26a35c89",
"url": "https://git.kernel.org/stable/c/f55e003d261baa7c57d51ae5c8ec1f5c26a35c89"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f863bfd0a2c6c99011c62ea71ac04f8e78707da9",
"url": "https://git.kernel.org/stable/c/f863bfd0a2c6c99011c62ea71ac04f8e78707da9"
}
],
"release_date": "2024-11-08T06:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-49963",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: bcm2835: Fix timeout during suspend mode\n\nDuring noirq suspend phase the Raspberry Pi power driver suffer of\nfirmware property timeouts. The reason is that the IRQ of the underlying\nBCM2835 mailbox is disabled and rpi_firmware_property_list() will always\nrun into a timeout [1].\n\nSince the VideoCore side isn't consider as a wakeup source, set the\nIRQF_NO_SUSPEND flag for the mailbox IRQ in order to keep it enabled\nduring suspend-resume cycle.\n\n[1]\nPM: late suspend of devices complete after 1.754 msecs\nWARNING: CPU: 0 PID: 438 at drivers/firmware/raspberrypi.c:128\n rpi_firmware_property_list+0x204/0x22c\nFirmware transaction 0x00028001 timeout\nModules linked in:\nCPU: 0 PID: 438 Comm: bash Tainted: G C 6.9.3-dirty #17\nHardware name: BCM2835\nCall trace:\nunwind_backtrace from show_stack+0x18/0x1c\nshow_stack from dump_stack_lvl+0x34/0x44\ndump_stack_lvl from __warn+0x88/0xec\n__warn from warn_slowpath_fmt+0x7c/0xb0\nwarn_slowpath_fmt from rpi_firmware_property_list+0x204/0x22c\nrpi_firmware_property_list from rpi_firmware_property+0x68/0x8c\nrpi_firmware_property from rpi_firmware_set_power+0x54/0xc0\nrpi_firmware_set_power from _genpd_power_off+0xe4/0x148\n_genpd_power_off from genpd_sync_power_off+0x7c/0x11c\ngenpd_sync_power_off from genpd_finish_suspend+0xcc/0xe0\ngenpd_finish_suspend from dpm_run_callback+0x78/0xd0\ndpm_run_callback from device_suspend_noirq+0xc0/0x238\ndevice_suspend_noirq from dpm_suspend_noirq+0xb0/0x168\ndpm_suspend_noirq from suspend_devices_and_enter+0x1b8/0x5ac\nsuspend_devices_and_enter from pm_suspend+0x254/0x2e4\npm_suspend from state_store+0xa8/0xd4\nstate_store from kernfs_fop_write_iter+0x154/0x1a0\nkernfs_fop_write_iter from vfs_write+0x12c/0x184\nvfs_write from ksys_write+0x78/0xc0\nksys_write from ret_fast_syscall+0x0/0x54\nException stack(0xcc93dfa8 to 0xcc93dff0)\n[...]\nPM: noirq suspend of devices complete after 3095.584 msecs",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-49963"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/10a58555e0bb5cc4673c8bb73b8afc5fa651f0ac",
"url": "https://git.kernel.org/stable/c/10a58555e0bb5cc4673c8bb73b8afc5fa651f0ac"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/32ee78823dea2d54adaf6e05f86622eba359e091",
"url": "https://git.kernel.org/stable/c/32ee78823dea2d54adaf6e05f86622eba359e091"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/4e1e03760ee7cc4779b6306867fe0fc02921b963",
"url": "https://git.kernel.org/stable/c/4e1e03760ee7cc4779b6306867fe0fc02921b963"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/90320cfc07b7d6e7a58fd8168f6380ec52ff0251",
"url": "https://git.kernel.org/stable/c/90320cfc07b7d6e7a58fd8168f6380ec52ff0251"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b0de20de29b13950493a36bd4cf531200eb0e807",
"url": "https://git.kernel.org/stable/c/b0de20de29b13950493a36bd4cf531200eb0e807"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/dc09f007caed3b2f6a3b6bd7e13777557ae22bfd",
"url": "https://git.kernel.org/stable/c/dc09f007caed3b2f6a3b6bd7e13777557ae22bfd"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/df293ea78740a41384d648041f38f645700288e1",
"url": "https://git.kernel.org/stable/c/df293ea78740a41384d648041f38f645700288e1"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/dfeb67b2194ecc55ef8065468c5adda3cdf59114",
"url": "https://git.kernel.org/stable/c/dfeb67b2194ecc55ef8065468c5adda3cdf59114"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e65a9af05a0b59ebeba28e5e82265a233db7bc27",
"url": "https://git.kernel.org/stable/c/e65a9af05a0b59ebeba28e5e82265a233db7bc27"
}
],
"release_date": "2024-10-21T18:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-50202",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: propagate directory read errors from nilfs_find_entry()\n\nSyzbot reported that a task hang occurs in vcs_open() during a fuzzing\ntest for nilfs2.\n\nThe root cause of this problem is that in nilfs_find_entry(), which\nsearches for directory entries, ignores errors when loading a directory\npage/folio via nilfs_get_folio() fails.\n\nIf the filesystem images is corrupted, and the i_size of the directory\ninode is large, and the directory page/folio is successfully read but\nfails the sanity check, for example when it is zero-filled,\nnilfs_check_folio() may continue to spit out error messages in bursts.\n\nFix this issue by propagating the error to the callers when loading a\npage/folio fails in nilfs_find_entry().\n\nThe current interface of nilfs_find_entry() and its callers is outdated\nand cannot propagate error codes such as -EIO and -ENOMEM returned via\nnilfs_find_entry(), so fix it together.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-50202"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/08cfa12adf888db98879dbd735bc741360a34168",
"url": "https://git.kernel.org/stable/c/08cfa12adf888db98879dbd735bc741360a34168"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/270a6f9df35fa2aea01ec23770dc9b3fc9a12989",
"url": "https://git.kernel.org/stable/c/270a6f9df35fa2aea01ec23770dc9b3fc9a12989"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9698088ac7704e260f492d9c254e29ed7dd8729a",
"url": "https://git.kernel.org/stable/c/9698088ac7704e260f492d9c254e29ed7dd8729a"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b4b3dc9e7e604be98a222e9f941f5e93798ca475",
"url": "https://git.kernel.org/stable/c/b4b3dc9e7e604be98a222e9f941f5e93798ca475"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/bb857ae1efd3138c653239ed1e7aef14e1242c81",
"url": "https://git.kernel.org/stable/c/bb857ae1efd3138c653239ed1e7aef14e1242c81"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c1d0476885d708a932980b0f28cd90d9bd71db39",
"url": "https://git.kernel.org/stable/c/c1d0476885d708a932980b0f28cd90d9bd71db39"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/edf8146057264191d5bfe5b91773f13d936dadd3",
"url": "https://git.kernel.org/stable/c/edf8146057264191d5bfe5b91773f13d936dadd3"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/efa810b15a25531cbc2f527330947b9fe16916e7",
"url": "https://git.kernel.org/stable/c/efa810b15a25531cbc2f527330947b9fe16916e7"
}
],
"release_date": "2024-11-08T06:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-49959",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error\n\nIn __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail()\nto recover some journal space. But if an error occurs while executing\njbd2_cleanup_journal_tail() (e.g., an EIO), we don't stop waiting for free\nspace right away, we try other branches, and if j_committing_transaction\nis NULL (i.e., the tid is 0), we will get the following complain:\n\n============================================\nJBD2: I/O error when updating journal superblock for sdd-8.\n__jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available\n__jbd2_log_wait_for_space: no way to get more journal space in sdd-8\n------------[ cut here ]------------\nWARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0\nModules linked in:\nCPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1\nRIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0\nCall Trace:\n \n add_transaction_credits+0x5d1/0x5e0\n start_this_handle+0x1ef/0x6a0\n jbd2__journal_start+0x18b/0x340\n ext4_dirty_inode+0x5d/0xb0\n __mark_inode_dirty+0xe4/0x5d0\n generic_update_time+0x60/0x70\n[...]\n============================================\n\nSo only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to\nclean up at the moment, continue to try to reclaim free space in other ways.\n\nNote that this fix relies on commit 6f6a6fda2945 (\"jbd2: fix ocfs2 corrupt\nwhen updating journal superblock fails\") to make jbd2_cleanup_journal_tail\nreturn the correct error code.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-49959"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/1c62dc0d82c62f0dc8fcdc4843208e522acccaf5",
"url": "https://git.kernel.org/stable/c/1c62dc0d82c62f0dc8fcdc4843208e522acccaf5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3ced0fe6c0eff032733ea8b38778b34707270138",
"url": "https://git.kernel.org/stable/c/3ced0fe6c0eff032733ea8b38778b34707270138"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed",
"url": "https://git.kernel.org/stable/c/481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/70bae48377a2c4296fd3caf4caf8f11079111019",
"url": "https://git.kernel.org/stable/c/70bae48377a2c4296fd3caf4caf8f11079111019"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/801a35dfef6996f3d5eaa96a59caf00440d9165e",
"url": "https://git.kernel.org/stable/c/801a35dfef6996f3d5eaa96a59caf00440d9165e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c6bf043b210eac67d35a114e345c4e5585672913",
"url": "https://git.kernel.org/stable/c/c6bf043b210eac67d35a114e345c4e5585672913"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d5dc65370a746750dbb2f03eabcf86b18db65f32",
"url": "https://git.kernel.org/stable/c/d5dc65370a746750dbb2f03eabcf86b18db65f32"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ec7f8337c98ad281020ad1f11ba492462d80737a",
"url": "https://git.kernel.org/stable/c/ec7f8337c98ad281020ad1f11ba492462d80737a"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a",
"url": "https://git.kernel.org/stable/c/f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a"
}
],
"release_date": "2024-10-21T18:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-libc-dev-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-host-0:4.4.0-278.312.all",
"Ubuntu-16:linux-source-4.4.0-0:4.4.0-278.312.all",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-buildinfo-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-extra-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-modules-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-headers-4.4.0-278-tuxcare.els49-0:4.4.0-278.312.all",
"Ubuntu-16:linux-cloud-tools-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-cloud-tools-common-0:4.4.0-278.312.all",
"Ubuntu-16:linux-tools-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-doc-0:4.4.0-278.312.all",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-generic-0:4.4.0-278.312.amd64",
"Ubuntu-16:linux-image-unsigned-4.4.0-278-tuxcare.els49-lowlatency-0:4.4.0-278.312.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
}
]
}