{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* CVE-url: https://ubuntu.com/security/CVE-2024-41069\n - ASoC: topology: Fix references to freed memory\n - ASoC: topology: Do not assign fields that are already set\n - ASoC: topology: Clean up route loading\n * Bionic update: upstream stable patchset 2021-06-11 (LP: #1931740) // CVE-\n url: https://ubuntu.com/security/CVE-2021-47149\n - net: fujitsu: fix potential null-ptr-deref\n * CVE-url: https://ubuntu.com/security/CVE-2024-35849\n - btrfs: fix information leak in btrfs_ioctl_logical_to_ino()\n * CVE-url: https://ubuntu.com/security/CVE-2025-38618\n - vsock: Do not allow binding to VMADDR_PORT_ANY\n * CVE-url: https://ubuntu.com/security/CVE-2025-38617\n - net/packet: fix a race in packet_set_ring() and packet_notifier()\n * CVE-url: https://ubuntu.com/security/CVE-2025-21796\n - nfsd: clear acl_access/acl_default after releasing them\n * Bionic update: upstream stable patchset 2021-08-03 (LP: #1938824) // CVE-\n url: https://ubuntu.com/security/CVE-2021-47319\n - virtio-blk: Fix memory leak among suspend/resume procedure\n * Focal update: v5.4.285 upstream stable release (LP: #2089233) //\n CVE-2024-49924 // CVE-url: https://ubuntu.com/security/CVE-2024-49924\n - fbdev: pxafb: Fix possible use after free in pxafb_task()\n * CVE-url: https://ubuntu.com/security/CVE-2022-48827\n - NFSD: Fix the behavior of READ near OFFSET_MAX\n * Bionic update: upstream stable patchset 2022-03-04 (LP: #1963717) // CVE-\n url: https://ubuntu.com/security/CVE-2022-48737\n - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()\n - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()\n * Focal update: v5.4.261 upstream stable release (LP: #2049049) // CVE-url:\n https://ubuntu.com/security/CVE-2023-52868\n - thermal: core: prevent potential string overflow\n * Bionic update: upstream stable patchset 2022-05-17 (LP: #1973831) // CVE-\n url: https://ubuntu.com/security/CVE-2021-47633\n - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111\n * CVE-url: https://ubuntu.com/security/CVE-2021-47391\n - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests\n * Bionic update: upstream stable patchset 2021-12-03 (LP: #1953202) // CVE-\n url: https://ubuntu.com/security/CVE-2021-47475\n - comedi: vmk80xx: fix transfer-buffer overflows\n - comedi: vmk80xx: fix bulk-buffer overflow\n - comedi: vmk80xx: fix bulk and interrupt message timeouts\n * Bionic update: upstream stable patchset 2021-11-12 (LP: #1950816) // CVE-\n url: https://ubuntu.com/security/CVE-2021-47497\n - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells\n * CVE-2024-35965 // CVE-url: https://ubuntu.com/security/CVE-2024-35965\n - Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt()\n - Bluetooth: L2CAP: Fix not validating setsockopt user input\n * CVE-url: https://ubuntu.com/security/CVE-2024-56616\n - drm/dp_mst: Fix MST sideband message body length check\n * Bionic update: upstream stable patchset 2022-07-25 (LP: #1982782) // CVE-\n url: https://ubuntu.com/security/CVE-2022-49407\n - dlm: fix plock invalid read\n * Focal update: v5.4.188 upstream stable release (LP: #1971496) // CVE-url:\n https://ubuntu.com/security/CVE-2022-49292\n - ALSA: oss: Fix PCM OSS buffer allocation overflow\n * Focal update: v5.4.262 upstream stable release (LP: #2049069) // CVE-url:\n https://ubuntu.com/security/CVE-2023-52835\n - perf/core: Bail out early if the request AUX area is out of bound\n * Focal update: v5.4.262 upstream stable release (LP: #2049069) // CVE-url:\n https://ubuntu.com/security/CVE-2023-52764\n - media: gspca: cpia1: shift-out-of-bounds in set_flicker\n * CVE-2024-35966 // CVE-url: https://ubuntu.com/security/CVE-2024-35966\n - Bluetooth: RFCOMM: Fix not validating setsockopt user input\n * CVE-2024-35967 // CVE-url: https://ubuntu.com/security/CVE-2024-35966\n - Bluetooth: SCO: Fix not validating setsockopt user input\n * Focal update: v5.4.291 upstream stable release (LP: #2106002) //\n CVE-2025-21704 // CVE-url: https://ubuntu.com/security/CVE-2025-21704\n - usb: cdc-acm: Check control transfer buffer size before access\n * CVE-url: https://ubuntu.com/security/CVE-2025-21704\n - cdc-acm: reassemble fragmented notifications\n * CVE-url: https://ubuntu.com/security/CVE-2025-37798\n - sch_drr: make drr_qlen_notify() idempotent\n - sch_htb: make htb_qlen_notify() idempotent\n - sch_hfsc: make hfsc_qlen_notify() idempotent\n - sch_qfq: make qfq_qlen_notify() idempotent", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/advisories/2025/clsa-2025_1760983231.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760983231", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760983231" } ], "tracking": { "current_release_date": "2025-10-20T18:04:37Z", "generator": { "date": "2025-10-20T18:04:37Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1760983231", "initial_release_date": "2025-10-20T18:04:37Z", "revision_history": [ { "date": "2025-10-20T18:04:37Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "Fix of 25 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 16.04", "product": { "name": "Ubuntu 16.04", "product_id": "Ubuntu-16", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product": { "name": "linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product_id": "linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-libc-dev-0:4.4.0-279.313.amd64", "product": { "name": "linux-libc-dev-0:4.4.0-279.313.amd64", "product_id": "linux-libc-dev-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-libc-dev@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-generic-0:4.4.0.279.313.amd64", "product": { "name": "linux-tools-generic-0:4.4.0.279.313.amd64", "product_id": "linux-tools-generic-0:4.4.0.279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-generic@4.4.0.279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product": { "name": "linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product_id": "linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-buildinfo-4.4.0-279-tuxcare.els50-generic@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-lowlatency-0:4.4.0.279.313.amd64", "product": { "name": "linux-image-lowlatency-0:4.4.0.279.313.amd64", "product_id": "linux-image-lowlatency-0:4.4.0.279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-image-lowlatency@4.4.0.279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-lowlatency-0:4.4.0.279.313.amd64", "product": { "name": "linux-lowlatency-0:4.4.0.279.313.amd64", "product_id": "linux-lowlatency-0:4.4.0.279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-lowlatency@4.4.0.279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product": { "name": "linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product_id": "linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-cloud-tools-4.4.0-279-tuxcare.els50-generic@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-lowlatency-0:4.4.0.279.313.amd64", "product": { "name": "linux-headers-lowlatency-0:4.4.0.279.313.amd64", "product_id": "linux-headers-lowlatency-0:4.4.0.279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-headers-lowlatency@4.4.0.279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-lowlatency-0:4.4.0.279.313.amd64", "product": { "name": "linux-tools-lowlatency-0:4.4.0.279.313.amd64", "product_id": "linux-tools-lowlatency-0:4.4.0.279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-lowlatency@4.4.0.279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product": { "name": "linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product_id": "linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-headers-4.4.0-279-tuxcare.els50-lowlatency@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-generic-0:4.4.0.279.313.amd64", "product": { "name": "linux-image-generic-0:4.4.0.279.313.amd64", "product_id": "linux-image-generic-0:4.4.0.279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-image-generic@4.4.0.279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product": { "name": "linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product_id": "linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-modules-4.4.0-279-tuxcare.els50-lowlatency@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product": { "name": "linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product_id": "linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product": { "name": "linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product_id": "linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-modules-4.4.0-279-tuxcare.els50-generic@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product": { "name": "linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product_id": "linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-4.4.0-279-tuxcare.els50-lowlatency@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product": { "name": "linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product_id": "linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-4.4.0-279-tuxcare.els50-generic@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product": { "name": "linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product_id": "linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-image-unsigned-4.4.0-279-tuxcare.els50-generic@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "product": { "name": "linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "product_id": "linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-cloud-tools-4.4.0-279-tuxcare.els50@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-generic-0:4.4.0.279.313.amd64", "product": { "name": "linux-generic-0:4.4.0.279.313.amd64", "product_id": "linux-generic-0:4.4.0.279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-generic@4.4.0.279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product": { "name": "linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product_id": "linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-crashdump-0:4.4.0.279.313.amd64", "product": { "name": "linux-crashdump-0:4.4.0.279.313.amd64", "product_id": "linux-crashdump-0:4.4.0.279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-crashdump@4.4.0.279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "product": { "name": "linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "product_id": "linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-cloud-tools-generic@4.4.0.279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "product": { "name": "linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "product_id": "linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-cloud-tools-lowlatency@4.4.0.279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "product": { "name": "linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "product_id": "linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-4.4.0-279-tuxcare.els50@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-generic-0:4.4.0.279.313.amd64", "product": { "name": "linux-headers-generic-0:4.4.0.279.313.amd64", "product_id": "linux-headers-generic-0:4.4.0.279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-headers-generic@4.4.0.279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product": { "name": "linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product_id": "linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-headers-4.4.0-279-tuxcare.els50-generic@4.4.0-279.313?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product": { "name": "linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product_id": "linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-modules-extra-4.4.0-279-tuxcare.els50-generic@4.4.0-279.313?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "linux-tools-host-0:4.4.0-279.313.all", "product": { "name": "linux-tools-host-0:4.4.0-279.313.all", "product_id": "linux-tools-host-0:4.4.0-279.313.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-host@4.4.0-279.313?arch=all" } } }, { "category": "product_version", "name": "linux-source-4.4.0-0:4.4.0-279.313.all", "product": { "name": "linux-source-4.4.0-0:4.4.0-279.313.all", "product_id": "linux-source-4.4.0-0:4.4.0-279.313.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-source-4.4.0@4.4.0-279.313?arch=all" } } }, { "category": "product_version", "name": "linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "product": { "name": "linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "product_id": "linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-headers-4.4.0-279-tuxcare.els50@4.4.0-279.313?arch=all" } } }, { "category": "product_version", "name": "linux-tools-common-0:4.4.0-279.313.all", "product": { "name": "linux-tools-common-0:4.4.0-279.313.all", "product_id": "linux-tools-common-0:4.4.0-279.313.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-common@4.4.0-279.313?arch=all" } } }, { "category": "product_version", "name": "linux-source-0:4.4.0.279.313.all", "product": { "name": "linux-source-0:4.4.0.279.313.all", "product_id": "linux-source-0:4.4.0.279.313.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-source@4.4.0.279.313?arch=all" } } }, { "category": "product_version", "name": "linux-cloud-tools-common-0:4.4.0-279.313.all", "product": { "name": "linux-cloud-tools-common-0:4.4.0-279.313.all", "product_id": "linux-cloud-tools-common-0:4.4.0-279.313.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-cloud-tools-common@4.4.0-279.313?arch=all" } } }, { "category": "product_version", "name": "linux-doc-0:4.4.0-279.313.all", "product": { "name": "linux-doc-0:4.4.0-279.313.all", "product_id": "linux-doc-0:4.4.0-279.313.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-doc@4.4.0-279.313?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64" }, "product_reference": "linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-libc-dev-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64" }, "product_reference": "linux-libc-dev-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-host-0:4.4.0-279.313.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all" }, "product_reference": "linux-tools-host-0:4.4.0-279.313.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-generic-0:4.4.0.279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64" }, "product_reference": "linux-tools-generic-0:4.4.0.279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-source-4.4.0-0:4.4.0-279.313.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all" }, "product_reference": "linux-source-4.4.0-0:4.4.0-279.313.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64" }, "product_reference": "linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-lowlatency-0:4.4.0.279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64" }, "product_reference": "linux-image-lowlatency-0:4.4.0.279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-lowlatency-0:4.4.0.279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64" }, "product_reference": "linux-lowlatency-0:4.4.0.279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64" }, "product_reference": "linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-lowlatency-0:4.4.0.279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64" }, "product_reference": "linux-headers-lowlatency-0:4.4.0.279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-lowlatency-0:4.4.0.279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" }, "product_reference": "linux-tools-lowlatency-0:4.4.0.279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64" }, "product_reference": "linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-generic-0:4.4.0.279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64" }, "product_reference": "linux-image-generic-0:4.4.0.279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64" }, "product_reference": "linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64" }, "product_reference": "linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64" }, "product_reference": "linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all" }, "product_reference": "linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64" }, "product_reference": "linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64" }, "product_reference": "linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64" }, "product_reference": "linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64" }, "product_reference": "linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-generic-0:4.4.0.279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64" }, "product_reference": "linux-generic-0:4.4.0.279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64" }, "product_reference": "linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-common-0:4.4.0-279.313.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all" }, "product_reference": "linux-tools-common-0:4.4.0-279.313.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-crashdump-0:4.4.0.279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64" }, "product_reference": "linux-crashdump-0:4.4.0.279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-source-0:4.4.0.279.313.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-source-0:4.4.0.279.313.all" }, "product_reference": "linux-source-0:4.4.0.279.313.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-common-0:4.4.0-279.313.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all" }, "product_reference": "linux-cloud-tools-common-0:4.4.0-279.313.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-generic-0:4.4.0.279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64" }, "product_reference": "linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-doc-0:4.4.0-279.313.all as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-doc-0:4.4.0-279.313.all" }, "product_reference": "linux-doc-0:4.4.0-279.313.all", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64" }, "product_reference": "linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64" }, "product_reference": "linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-generic-0:4.4.0.279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64" }, "product_reference": "linux-headers-generic-0:4.4.0.279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64" }, "product_reference": "linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64" }, "product_reference": "linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "relates_to_product_reference": "Ubuntu-16" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-47633", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111\n\nThe bug was found during fuzzing. Stacktrace locates it in\nath5k_eeprom_convert_pcal_info_5111.\nWhen none of the curve is selected in the loop, idx can go\nup to AR5K_EEPROM_N_PD_CURVES. The line makes pd out of bound.\npd = &chinfo[pier].pd_curves[idx];\n\nThere are many OOB writes using pd later in the code. So I\nadded a sanity check for idx. Checks for other loops involving\nAR5K_EEPROM_N_PD_CURVES are not needed as the loop index is not\nused outside the loops.\n\nThe patch is NOT tested with real device.\n\nThe following is the fuzzing report\n\nBUG: KASAN: slab-out-of-bounds in ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\nWrite of size 1 at addr ffff8880174a4d60 by task modprobe/214\n\nCPU: 0 PID: 214 Comm: modprobe Not tainted 5.6.0 #1\nCall Trace:\n dump_stack+0x76/0xa0\n print_address_description.constprop.0+0x16/0x200\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n __kasan_report.cold+0x37/0x7c\n ? ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n kasan_report+0xe/0x20\n ath5k_eeprom_read_pcal_info_5111+0x126a/0x1390 [ath5k]\n ? apic_timer_interrupt+0xa/0x20\n ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]\n ? ath5k_pci_eeprom_read+0x228/0x3c0 [ath5k]\n ath5k_eeprom_init+0x2513/0x6290 [ath5k]\n ? ath5k_eeprom_init_11a_pcal_freq+0xbc0/0xbc0 [ath5k]\n ? usleep_range+0xb8/0x100\n ? apic_timer_interrupt+0xa/0x20\n ? ath5k_eeprom_read_pcal_info_2413+0x2f20/0x2f20 [ath5k]\n ath5k_hw_init+0xb60/0x1970 [ath5k]\n ath5k_init_ah+0x6fe/0x2530 [ath5k]\n ? kasprintf+0xa6/0xe0\n ? ath5k_stop+0x140/0x140 [ath5k]\n ? _dev_notice+0xf6/0xf6\n ? apic_timer_interrupt+0xa/0x20\n ath5k_pci_probe.cold+0x29a/0x3d6 [ath5k]\n ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]\n ? mutex_lock+0x89/0xd0\n ? ath5k_pci_eeprom_read+0x3c0/0x3c0 [ath5k]\n local_pci_probe+0xd3/0x160\n pci_device_probe+0x23f/0x3e0\n ? pci_device_remove+0x280/0x280\n ? pci_device_remove+0x280/0x280\n really_probe+0x209/0x5d0", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47633" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/25efc5d03455c3839249bc77fce5e29ecb54677e", "url": "https://git.kernel.org/stable/c/25efc5d03455c3839249bc77fce5e29ecb54677e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/564d4eceb97eaf381dd6ef6470b06377bb50c95a", "url": "https://git.kernel.org/stable/c/564d4eceb97eaf381dd6ef6470b06377bb50c95a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9d7d83d0399e23d66fd431b553842a84ac10398f", "url": "https://git.kernel.org/stable/c/9d7d83d0399e23d66fd431b553842a84ac10398f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/be2f81024e7981565d90a4c9ca3067d11b6bca7f", "url": "https://git.kernel.org/stable/c/be2f81024e7981565d90a4c9ca3067d11b6bca7f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c4e2f577271e158d87a916afb4e87415a88ce856", "url": "https://git.kernel.org/stable/c/c4e2f577271e158d87a916afb4e87415a88ce856" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cbd96d6cad6625feba9c8d101ed4977d53e82f8e", "url": "https://git.kernel.org/stable/c/cbd96d6cad6625feba9c8d101ed4977d53e82f8e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ed3dfdaa8b5f0579eabfc1c5818eed30cfe1fe84", "url": "https://git.kernel.org/stable/c/ed3dfdaa8b5f0579eabfc1c5818eed30cfe1fe84" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f4de974019a0adf34d0e7de6b86252f1bd266b06", "url": "https://git.kernel.org/stable/c/f4de974019a0adf34d0e7de6b86252f1bd266b06" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fc8f7752a82f4accb99c0f1a868906ba1eb7b86f", "url": "https://git.kernel.org/stable/c/fc8f7752a82f4accb99c0f1a868906ba1eb7b86f" } ], "release_date": "2025-02-26T06:37:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-49407", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndlm: fix plock invalid read\n\nThis patch fixes an invalid read showed by KASAN. A unlock will allocate a\n\"struct plock_op\" and a followed send_op() will append it to a global\nsend_list data structure. In some cases a followed dev_read() moves it\nto recv_list and dev_write() will cast it to \"struct plock_xop\" and access\nfields which are only available in those structures. At this point an\ninvalid read happens by accessing those fields.\n\nTo fix this issue the \"callback\" field is moved to \"struct plock_op\" to\nindicate that a cast to \"plock_xop\" is allowed and does the additional\n\"plock_xop\" handling if set.\n\nExample of the KASAN output which showed the invalid read:\n\n[ 2064.296453] ==================================================================\n[ 2064.304852] BUG: KASAN: slab-out-of-bounds in dev_write+0x52b/0x5a0 [dlm]\n[ 2064.306491] Read of size 8 at addr ffff88800ef227d8 by task dlm_controld/7484\n[ 2064.308168]\n[ 2064.308575] CPU: 0 PID: 7484 Comm: dlm_controld Kdump: loaded Not tainted 5.14.0+ #9\n[ 2064.310292] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n[ 2064.311618] Call Trace:\n[ 2064.312218] dump_stack_lvl+0x56/0x7b\n[ 2064.313150] print_address_description.constprop.8+0x21/0x150\n[ 2064.314578] ? dev_write+0x52b/0x5a0 [dlm]\n[ 2064.315610] ? dev_write+0x52b/0x5a0 [dlm]\n[ 2064.316595] kasan_report.cold.14+0x7f/0x11b\n[ 2064.317674] ? dev_write+0x52b/0x5a0 [dlm]\n[ 2064.318687] dev_write+0x52b/0x5a0 [dlm]\n[ 2064.319629] ? dev_read+0x4a0/0x4a0 [dlm]\n[ 2064.320713] ? bpf_lsm_kernfs_init_security+0x10/0x10\n[ 2064.321926] vfs_write+0x17e/0x930\n[ 2064.322769] ? __fget_light+0x1aa/0x220\n[ 2064.323753] ksys_write+0xf1/0x1c0\n[ 2064.324548] ? __ia32_sys_read+0xb0/0xb0\n[ 2064.325464] do_syscall_64+0x3a/0x80\n[ 2064.326387] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 2064.327606] RIP: 0033:0x7f807e4ba96f\n[ 2064.328470] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 39 87 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 87 f8 ff 48\n[ 2064.332902] RSP: 002b:00007ffd50cfe6e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\n[ 2064.334658] RAX: ffffffffffffffda RBX: 000055cc3886eb30 RCX: 00007f807e4ba96f\n[ 2064.336275] RDX: 0000000000000040 RSI: 00007ffd50cfe7e0 RDI: 0000000000000010\n[ 2064.337980] RBP: 00007ffd50cfe7e0 R08: 0000000000000000 R09: 0000000000000001\n[ 2064.339560] R10: 000055cc3886eb30 R11: 0000000000000293 R12: 000055cc3886eb80\n[ 2064.341237] R13: 000055cc3886eb00 R14: 000055cc3886f590 R15: 0000000000000001\n[ 2064.342857]\n[ 2064.343226] Allocated by task 12438:\n[ 2064.344057] kasan_save_stack+0x1c/0x40\n[ 2064.345079] __kasan_kmalloc+0x84/0xa0\n[ 2064.345933] kmem_cache_alloc_trace+0x13b/0x220\n[ 2064.346953] dlm_posix_unlock+0xec/0x720 [dlm]\n[ 2064.348811] do_lock_file_wait.part.32+0xca/0x1d0\n[ 2064.351070] fcntl_setlk+0x281/0xbc0\n[ 2064.352879] do_fcntl+0x5e4/0xfe0\n[ 2064.354657] __x64_sys_fcntl+0x11f/0x170\n[ 2064.356550] do_syscall_64+0x3a/0x80\n[ 2064.358259] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 2064.360745]\n[ 2064.361511] Last potentially related work creation:\n[ 2064.363957] kasan_save_stack+0x1c/0x40\n[ 2064.365811] __kasan_record_aux_stack+0xaf/0xc0\n[ 2064.368100] call_rcu+0x11b/0xf70\n[ 2064.369785] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm]\n[ 2064.372404] receive_from_sock+0x290/0x770 [dlm]\n[ 2064.374607] process_recv_sockets+0x32/0x40 [dlm]\n[ 2064.377290] process_one_work+0x9a8/0x16e0\n[ 2064.379357] worker_thread+0x87/0xbf0\n[ 2064.381188] kthread+0x3ac/0x490\n[ 2064.383460] ret_from_fork+0x22/0x30\n[ 2064.385588]\n[ 2064.386518] Second to last potentially related work creation:\n[ 2064.389219] kasan_save_stack+0x1c/0x40\n[ 2064.391043] __kasan_record_aux_stack+0xaf/0xc0\n[ 2064.393303] call_rcu+0x11b/0xf70\n[ 2064.394885] dlm_process_incoming_buffer+0x47d/0xfd0 [dlm]\n[ 2064.397694] receive_from_sock+0x290/0x770 \n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49407" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2c55155cc365861044d9e6e80e342693e8805e33", "url": "https://git.kernel.org/stable/c/2c55155cc365861044d9e6e80e342693e8805e33" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/42252d0d2aa9b94d168241710a761588b3959019", "url": "https://git.kernel.org/stable/c/42252d0d2aa9b94d168241710a761588b3959019" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/49cd9eb7b9a7b88124b31e31f8e539acaf1b3a6d", "url": "https://git.kernel.org/stable/c/49cd9eb7b9a7b88124b31e31f8e539acaf1b3a6d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/56aa8d1fbd02357f3bf81bdfba1cde87ce8402fc", "url": "https://git.kernel.org/stable/c/56aa8d1fbd02357f3bf81bdfba1cde87ce8402fc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5a1765adf9855cf0f6d3f7e0eb4b78ca66f70dee", "url": "https://git.kernel.org/stable/c/5a1765adf9855cf0f6d3f7e0eb4b78ca66f70dee" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/72f2f68970f9bdc252d59e119b385a6441b0b155", "url": "https://git.kernel.org/stable/c/72f2f68970f9bdc252d59e119b385a6441b0b155" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/899bc4429174861122f0c236588700a4710c1fec", "url": "https://git.kernel.org/stable/c/899bc4429174861122f0c236588700a4710c1fec" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/acdad5bc9827922ec2f2e84fd198718aa8e8ab92", "url": "https://git.kernel.org/stable/c/acdad5bc9827922ec2f2e84fd198718aa8e8ab92" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e421872fa17542cf33747071fb141b0130ce9ef7", "url": "https://git.kernel.org/stable/c/e421872fa17542cf33747071fb141b0130ce9ef7" } ], "release_date": "2025-02-26T07:01:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-52835", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Bail out early if the request AUX area is out of bound\n\nWhen perf-record with a large AUX area, e.g 4GB, it fails with:\n\n #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\n failed to mmap with 12 (Cannot allocate memory)\n\nand it reveals a WARNING with __alloc_pages():\n\n\t------------[ cut here ]------------\n\tWARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248\n\tCall trace:\n\t __alloc_pages+0x1ec/0x248\n\t __kmalloc_large_node+0xc0/0x1f8\n\t __kmalloc_node+0x134/0x1e8\n\t rb_alloc_aux+0xe0/0x298\n\t perf_mmap+0x440/0x660\n\t mmap_region+0x308/0x8a8\n\t do_mmap+0x3c0/0x528\n\t vm_mmap_pgoff+0xf4/0x1b8\n\t ksys_mmap_pgoff+0x18c/0x218\n\t __arm64_sys_mmap+0x38/0x58\n\t invoke_syscall+0x50/0x128\n\t el0_svc_common.constprop.0+0x58/0x188\n\t do_el0_svc+0x34/0x50\n\t el0_svc+0x34/0x108\n\t el0t_64_sync_handler+0xb8/0xc0\n\t el0t_64_sync+0x1a4/0x1a8\n\n'rb->aux_pages' allocated by kcalloc() is a pointer array which is used to\nmaintains AUX trace pages. The allocated page for this array is physically\ncontiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the\nsize of pointer array crosses the limitation set by MAX_ORDER, it reveals a\nWARNING.\n\nSo bail out early with -ENOMEM if the request AUX area is out of bound,\ne.g.:\n\n #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\n failed to mmap with 12 (Cannot allocate memory)", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52835" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece", "url": "https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a", "url": "https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb", "url": "https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916", "url": "https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734", "url": "https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f", "url": "https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a", "url": "https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a", "url": "https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a" } ], "release_date": "2024-05-21T16:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-47391", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests\n\nThe FSM can run in a circle allowing rdma_resolve_ip() to be called twice\non the same id_priv. While this cannot happen without going through the\nwork, it violates the invariant that the same address resolution\nbackground request cannot be active twice.\n\n CPU 1 CPU 2\n\nrdma_resolve_addr():\n RDMA_CM_IDLE -> RDMA_CM_ADDR_QUERY\n rdma_resolve_ip(addr_handler) #1\n\n\t\t\t process_one_req(): for #1\n addr_handler():\n RDMA_CM_ADDR_QUERY -> RDMA_CM_ADDR_BOUND\n mutex_unlock(&id_priv->handler_mutex);\n [.. handler still running ..]\n\nrdma_resolve_addr():\n RDMA_CM_ADDR_BOUND -> RDMA_CM_ADDR_QUERY\n rdma_resolve_ip(addr_handler)\n !! two requests are now on the req_list\n\nrdma_destroy_id():\n destroy_id_handler_unlock():\n _destroy_id():\n cma_cancel_operation():\n rdma_addr_cancel()\n\n // process_one_req() self removes it\n\t\t spin_lock_bh(&lock);\n cancel_delayed_work(&req->work);\n\t if (!list_empty(&req->list)) == true\n\n ! rdma_addr_cancel() returns after process_on_req #1 is done\n\n kfree(id_priv)\n\n\t\t\t process_one_req(): for #2\n addr_handler():\n\t mutex_lock(&id_priv->handler_mutex);\n !! Use after free on id_priv\n\nrdma_addr_cancel() expects there to be one req on the list and only\ncancels the first one. The self-removal behavior of the work only happens\nafter the handler has returned. This yields a situations where the\nreq_list can have two reqs for the same \"handle\" but rdma_addr_cancel()\nonly cancels the first one.\n\nThe second req remains active beyond rdma_destroy_id() and will\nuse-after-free id_priv once it inevitably triggers.\n\nFix this by remembering if the id_priv has called rdma_resolve_ip() and\nalways cancel before calling it again. This ensures the req_list never\ngets more than one item in it and doesn't cost anything in the normal flow\nthat never uses this strange error path.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47391" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/03d884671572af8bcfbc9e63944c1021efce7589", "url": "https://git.kernel.org/stable/c/03d884671572af8bcfbc9e63944c1021efce7589" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/305d568b72f17f674155a2a8275f865f207b3808", "url": "https://git.kernel.org/stable/c/305d568b72f17f674155a2a8275f865f207b3808" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9a085fa9b7d644a234465091e038c1911e1a4f2a", "url": "https://git.kernel.org/stable/c/9a085fa9b7d644a234465091e038c1911e1a4f2a" } ], "release_date": "2024-05-21T15:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-48737", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved:\nASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()\nThe Linux kernel CVE team has assigned CVE-2022-48737 to this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48737" } ], "release_date": "2024-06-20T00:00:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2021-47149", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fujitsu: fix potential null-ptr-deref\n\nIn fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer\nderef. To fix this, check the return value of ioremap and return -1\nto the caller in case of failure.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47149" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/22049c3d40f08facd1867548716a484dad6b3251", "url": "https://git.kernel.org/stable/c/22049c3d40f08facd1867548716a484dad6b3251" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/52202be1cd996cde6e8969a128dc27ee45a7cb5e", "url": "https://git.kernel.org/stable/c/52202be1cd996cde6e8969a128dc27ee45a7cb5e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6dbf1101594f7c76990b63c35b5a40205a914b6b", "url": "https://git.kernel.org/stable/c/6dbf1101594f7c76990b63c35b5a40205a914b6b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/71723a796ab7881f491d663c6cd94b29be5fba50", "url": "https://git.kernel.org/stable/c/71723a796ab7881f491d663c6cd94b29be5fba50" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7883d3895d0fbb0ba9bff0f8665f99974b45210f", "url": "https://git.kernel.org/stable/c/7883d3895d0fbb0ba9bff0f8665f99974b45210f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b92170e209f7746ed72eaac98f2c2f4b9af734e6", "url": "https://git.kernel.org/stable/c/b92170e209f7746ed72eaac98f2c2f4b9af734e6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c4f1c23edbe921ab2ecd6140d700e756cd44c5f7", "url": "https://git.kernel.org/stable/c/c4f1c23edbe921ab2ecd6140d700e756cd44c5f7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f14bf57a08779a5dee9936f63ada0149ea89c5e6", "url": "https://git.kernel.org/stable/c/f14bf57a08779a5dee9936f63ada0149ea89c5e6" } ], "release_date": "2024-03-25T09:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-41069", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: topology: Fix references to freed memory\n\nMost users after parsing a topology file, release memory used by it, so\nhaving pointer references directly into topology file contents is wrong.\nUse devm_kmemdup(), to allocate memory as needed.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-41069" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1", "url": "https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d", "url": "https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2", "url": "https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702", "url": "https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702" } ], "release_date": "2024-07-29T15:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-47475", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: vmk80xx: fix transfer-buffer overflows\n\nThe driver uses endpoint-sized USB transfer buffers but up until\nrecently had no sanity checks on the sizes.\n\nCommit e1f13c879a7c (\"staging: comedi: check validity of wMaxPacketSize\nof usb endpoints found\") inadvertently fixed NULL-pointer dereferences\nwhen accessing the transfer buffers in case a malicious device has a\nzero wMaxPacketSize.\n\nMake sure to allocate buffers large enough to handle also the other\naccesses that are done without a size check (e.g. byte 18 in\nvmk80xx_cnt_insn_read() for the VMK8061_MODEL) to avoid writing beyond\nthe buffers, for example, when doing descriptor fuzzing.\n\nThe original driver was for a low-speed device with 8-byte buffers.\nSupport was later added for a device that uses bulk transfers and is\npresumably a full-speed device with a maximum 64-byte wMaxPacketSize.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47475" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/06ac746d57e6d32b062e220415c607b7e2e0fa50", "url": "https://git.kernel.org/stable/c/06ac746d57e6d32b062e220415c607b7e2e0fa50" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/199acd8c110e3ae62833c24f632b0bb1c9f012a9", "url": "https://git.kernel.org/stable/c/199acd8c110e3ae62833c24f632b0bb1c9f012a9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/278484ae93297b1bb1ce755f9d3b6d95a48c7d47", "url": "https://git.kernel.org/stable/c/278484ae93297b1bb1ce755f9d3b6d95a48c7d47" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/33d7a470730dfe7c9bfc8da84575cf2cedd60d00", "url": "https://git.kernel.org/stable/c/33d7a470730dfe7c9bfc8da84575cf2cedd60d00" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/40d2a7e278e2e7c0a5fd7e997e7eb63945bf93f7", "url": "https://git.kernel.org/stable/c/40d2a7e278e2e7c0a5fd7e997e7eb63945bf93f7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5229159f1d052821007aff1a1beb7873eacf1a9f", "url": "https://git.kernel.org/stable/c/5229159f1d052821007aff1a1beb7873eacf1a9f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7a2021b896de1ad559d33b5c5cdd20b982242088", "url": "https://git.kernel.org/stable/c/7a2021b896de1ad559d33b5c5cdd20b982242088" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a23461c47482fc232ffc9b819539d1f837adf2b1", "url": "https://git.kernel.org/stable/c/a23461c47482fc232ffc9b819539d1f837adf2b1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ec85bcff4ed09260243d8f39faba99e1041718ba", "url": "https://git.kernel.org/stable/c/ec85bcff4ed09260243d8f39faba99e1041718ba" } ], "release_date": "2024-05-22T09:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-52868", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: prevent potential string overflow\n\nThe dev->id value comes from ida_alloc() so it's a number between zero\nand INT_MAX. If it's too high then these sprintf()s will overflow.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52868" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0f6b3be28c4d62ef6498133959c72266629bea97", "url": "https://git.kernel.org/stable/c/0f6b3be28c4d62ef6498133959c72266629bea97" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3091ab943dfc7b2578599b0fe203350286fab5bb", "url": "https://git.kernel.org/stable/c/3091ab943dfc7b2578599b0fe203350286fab5bb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3a8f4e58e1ee707b4f46a1000b40b86ea3dd509c", "url": "https://git.kernel.org/stable/c/3a8f4e58e1ee707b4f46a1000b40b86ea3dd509c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3f795fb35c2d8a637efe76b4518216c9319b998c", "url": "https://git.kernel.org/stable/c/3f795fb35c2d8a637efe76b4518216c9319b998c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6ad1bf47fbe5750c4d5d8e41337665e193e2c521", "url": "https://git.kernel.org/stable/c/6ad1bf47fbe5750c4d5d8e41337665e193e2c521" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/77ff34a56b695e228e6daf30ee30be747973d6e8", "url": "https://git.kernel.org/stable/c/77ff34a56b695e228e6daf30ee30be747973d6e8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b55f0a9f865be75ca1019aad331f3225f7b50ce8", "url": "https://git.kernel.org/stable/c/b55f0a9f865be75ca1019aad331f3225f7b50ce8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c99626092efca3061b387043d4a7399bf75fbdd5", "url": "https://git.kernel.org/stable/c/c99626092efca3061b387043d4a7399bf75fbdd5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/edbd6bbe40ac524a8f2273ffacc53edf14f3c686", "url": "https://git.kernel.org/stable/c/edbd6bbe40ac524a8f2273ffacc53edf14f3c686" } ], "release_date": "2024-05-21T16:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-48827", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix the behavior of READ near OFFSET_MAX\n\nDan Aloni reports:\n> Due to commit 8cfb9015280d (\"NFS: Always provide aligned buffers to\n> the RPC read layers\") on the client, a read of 0xfff is aligned up\n> to server rsize of 0x1000.\n>\n> As a result, in a test where the server has a file of size\n> 0x7fffffffffffffff, and the client tries to read from the offset\n> 0x7ffffffffffff000, the read causes loff_t overflow in the server\n> and it returns an NFS code of EINVAL to the client. The client as\n> a result indefinitely retries the request.\n\nThe Linux NFS client does not handle NFS?ERR_INVAL, even though all\nNFS specifications permit servers to return that status code for a\nREAD.\n\nInstead of NFS?ERR_INVAL, have out-of-range READ requests succeed\nand return a short result. Set the EOF flag in the result to prevent\nthe client from retrying the READ request. This behavior appears to\nbe consistent with Solaris NFS servers.\n\nNote that NFSv3 and NFSv4 use u64 offset values on the wire. These\nmust be converted to loff_t internally before use -- an implicit\ntype cast is not adequate for this purpose. Otherwise VFS checks\nagainst sb->s_maxbytes do not work properly.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48827" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0cb4d23ae08c48f6bf3c29a8e5c4a74b8388b960", "url": "https://git.kernel.org/stable/c/0cb4d23ae08c48f6bf3c29a8e5c4a74b8388b960" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1726a39b0879acfb490b22dca643f26f4f907da9", "url": "https://git.kernel.org/stable/c/1726a39b0879acfb490b22dca643f26f4f907da9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/44502aca8e02ab32d6b0eb52e006a5ec9402719b", "url": "https://git.kernel.org/stable/c/44502aca8e02ab32d6b0eb52e006a5ec9402719b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c6eff5c4277146a78b4fb8c9b668dd64542c41b0", "url": "https://git.kernel.org/stable/c/c6eff5c4277146a78b4fb8c9b668dd64542c41b0" } ], "release_date": "2024-07-16T12:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-56616", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp_mst: Fix MST sideband message body length check\n\nFix the MST sideband message body length check, which must be at least 1\nbyte accounting for the message body CRC (aka message data CRC) at the\nend of the message.\n\nThis fixes a case where an MST branch device returns a header with a\ncorrect header CRC (indicating a correctly received body length), with\nthe body length being incorrectly set to 0. This will later lead to a\nmemory corruption in drm_dp_sideband_append_payload() and the following\nerrors in dmesg:\n\n UBSAN: array-index-out-of-bounds in drivers/gpu/drm/display/drm_dp_mst_topology.c:786:25\n index -1 is out of range for type 'u8 [48]'\n Call Trace:\n drm_dp_sideband_append_payload+0x33d/0x350 [drm_display_helper]\n drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper]\n drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper]\n\n memcpy: detected field-spanning write (size 18446744073709551615) of single field \"&msg->msg[msg->curlen]\" at drivers/gpu/drm/display/drm_dp_mst_topology.c:791 (size 256)\n Call Trace:\n drm_dp_sideband_append_payload+0x324/0x350 [drm_display_helper]\n drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper]\n drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-56616" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/109f91d8b9335b0f3714ef9920eae5a8b21d56af", "url": "https://git.kernel.org/stable/c/109f91d8b9335b0f3714ef9920eae5a8b21d56af" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1fc1f32c4a3421b9d803f18ec3ef49db2fb5d5ef", "url": "https://git.kernel.org/stable/c/1fc1f32c4a3421b9d803f18ec3ef49db2fb5d5ef" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/70e7166612f4e6da8d7d0305c47c465d88d037e5", "url": "https://git.kernel.org/stable/c/70e7166612f4e6da8d7d0305c47c465d88d037e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/780fa184d4dc38ad6c4fded345ab8f9be7a63e96", "url": "https://git.kernel.org/stable/c/780fa184d4dc38ad6c4fded345ab8f9be7a63e96" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bd2fccac61b40eaf08d9546acc9fef958bfe4763", "url": "https://git.kernel.org/stable/c/bd2fccac61b40eaf08d9546acc9fef958bfe4763" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c58947a8d4a500902597ee1dbadf0518d7ff8801", "url": "https://git.kernel.org/stable/c/c58947a8d4a500902597ee1dbadf0518d7ff8801" } ], "release_date": "2024-12-27T15:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-49292", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: oss: Fix PCM OSS buffer allocation overflow\n\nWe've got syzbot reports hitting INT_MAX overflow at vmalloc()\nallocation that is called from snd_pcm_plug_alloc(). Although we\napply the restrictions to input parameters, it's based only on the\nhw_params of the underlying PCM device. Since the PCM OSS layer\nallocates a temporary buffer for the data conversion, the size may\nbecome unexpectedly large when more channels or higher rates is given;\nin the reported case, it went over INT_MAX, hence it hits WARN_ON().\n\nThis patch is an attempt to avoid such an overflow and an allocation\nfor too large buffers. First off, it adds the limit of 1MB as the\nupper bound for period bytes. This must be large enough for all use\ncases, and we really don't want to handle a larger temporary buffer\nthan this size. The size check is performed at two places, where the\noriginal period bytes is calculated and where the plugin buffer size\nis calculated.\n\nIn addition, the driver uses array_size() and array3_size() for\nmultiplications to catch overflows for the converted period size and\nbuffer bytes.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49292" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0c4190b41a69990666b4000999e27f8f1b2a426b", "url": "https://git.kernel.org/stable/c/0c4190b41a69990666b4000999e27f8f1b2a426b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5ce74ff7059341d8b2f4d01c3383491df63d1898", "url": "https://git.kernel.org/stable/c/5ce74ff7059341d8b2f4d01c3383491df63d1898" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7a40cbf3579a8e14849ba7ce46309c1992658d2b", "url": "https://git.kernel.org/stable/c/7a40cbf3579a8e14849ba7ce46309c1992658d2b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a63af1baf0a5e11827db60e3127f87e437cab6e5", "url": "https://git.kernel.org/stable/c/a63af1baf0a5e11827db60e3127f87e437cab6e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e74a069c6a7bb505f3ade141dddf85f4b0b5145a", "url": "https://git.kernel.org/stable/c/e74a069c6a7bb505f3ade141dddf85f4b0b5145a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/efb6402c3c4a7c26d97c92d70186424097b6e366", "url": "https://git.kernel.org/stable/c/efb6402c3c4a7c26d97c92d70186424097b6e366" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fb08bf99195a87c798bc8ae1357337a981faeade", "url": "https://git.kernel.org/stable/c/fb08bf99195a87c798bc8ae1357337a981faeade" } ], "release_date": "2025-02-26T07:01:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-21704", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can't\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm->nb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device's vendor/product IDs and\nits other interfaces.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21704" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/383d516a0ebc8641372b521c8cb717f0f1834831", "url": "https://git.kernel.org/stable/c/383d516a0ebc8641372b521c8cb717f0f1834831" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6abb510251e75f875797d8983a830e6731fa281c", "url": "https://git.kernel.org/stable/c/6abb510251e75f875797d8983a830e6731fa281c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7828e9363ac4d23b02419bf2a45b9f1d9fb35646", "url": "https://git.kernel.org/stable/c/7828e9363ac4d23b02419bf2a45b9f1d9fb35646" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/871619c2b78fdfe05afb4e8ba548678687beb812", "url": "https://git.kernel.org/stable/c/871619c2b78fdfe05afb4e8ba548678687beb812" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/90dd2f1b7342b9a671a5ea4160f408037b92b118", "url": "https://git.kernel.org/stable/c/90dd2f1b7342b9a671a5ea4160f408037b92b118" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a4e1ae5c0533964170197e4fb4f33bc8c1db5cd2", "url": "https://git.kernel.org/stable/c/a4e1ae5c0533964170197e4fb4f33bc8c1db5cd2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e563b01208f4d1f609bcab13333b6c0e24ce6a01", "url": "https://git.kernel.org/stable/c/e563b01208f4d1f609bcab13333b6c0e24ce6a01" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f64079bef6a8a7823358c3f352ea29a617844636", "url": "https://git.kernel.org/stable/c/f64079bef6a8a7823358c3f352ea29a617844636" }, { "category": "external", "summary": "https://project-zero.issues.chromium.org/issues/395107243", "url": "https://project-zero.issues.chromium.org/issues/395107243" } ], "release_date": "2025-02-22T10:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-35966", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: Fix not validating setsockopt user input\n\nsyzbot reported rfcomm_sock_setsockopt_old() is copying data without\nchecking user input length.\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset\ninclude/linux/sockptr.h:49 [inline]\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr\ninclude/linux/sockptr.h:55 [inline]\nBUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old\nnet/bluetooth/rfcomm/sock.c:632 [inline]\nBUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt+0x893/0xa70\nnet/bluetooth/rfcomm/sock.c:673\nRead of size 4 at addr ffff8880209a8bc3 by task syz-executor632/5064", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-35966" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/00767fbd67af70d7a550caa5b12d9515fa978bab", "url": "https://git.kernel.org/stable/c/00767fbd67af70d7a550caa5b12d9515fa978bab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4ea65e2095e9bd151d0469328dd7fc2858feb546", "url": "https://git.kernel.org/stable/c/4ea65e2095e9bd151d0469328dd7fc2858feb546" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a97de7bff13b1cc825c1b1344eaed8d6c2d3e695", "url": "https://git.kernel.org/stable/c/a97de7bff13b1cc825c1b1344eaed8d6c2d3e695" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c3f787a3eafe519c93df9abbb0ca5145861c8d0f", "url": "https://git.kernel.org/stable/c/c3f787a3eafe519c93df9abbb0ca5145861c8d0f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d072ea24748189cd8f4a9c3f585ca9af073a0838", "url": "https://git.kernel.org/stable/c/d072ea24748189cd8f4a9c3f585ca9af073a0838" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/eea40d33bf936a5c7fb03c190e61e0cfee00e872", "url": "https://git.kernel.org/stable/c/eea40d33bf936a5c7fb03c190e61e0cfee00e872" } ], "release_date": "2024-05-20T10:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-52764", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: gspca: cpia1: shift-out-of-bounds in set_flicker\n\nSyzkaller reported the following issue:\nUBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27\nshift exponent 245 is too large for 32-bit type 'int'\n\nWhen the value of the variable \"sd->params.exposure.gain\" exceeds the\nnumber of bits in an integer, a shift-out-of-bounds error is reported. It\nis triggered because the variable \"currentexp\" cannot be left-shifted by\nmore than the number of bits in an integer. In order to avoid invalid\nrange during left-shift, the conditional expression is added.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52764" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953", "url": "https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26", "url": "https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb", "url": "https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060", "url": "https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b", "url": "https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809", "url": "https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177", "url": "https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a", "url": "https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3", "url": "https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3" } ], "release_date": "2024-05-21T16:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-37798", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncodel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()\nAfter making all ->qlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37798" } ], "release_date": "2025-05-02T00:00:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2021-47319", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-blk: Fix memory leak among suspend/resume procedure\n\nThe vblk->vqs should be freed before we call init_vqs()\nin virtblk_restore().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47319" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/04c6e60b884cb5e94ff32af46867fb41d5848358", "url": "https://git.kernel.org/stable/c/04c6e60b884cb5e94ff32af46867fb41d5848358" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/102d6bc6475ab09bab579c18704e6cf8d898e93c", "url": "https://git.kernel.org/stable/c/102d6bc6475ab09bab579c18704e6cf8d898e93c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/29a2f4a3214aa14d61cc9737c9f886dae9dbb710", "url": "https://git.kernel.org/stable/c/29a2f4a3214aa14d61cc9737c9f886dae9dbb710" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/381bde79d11e596002edfd914e6714291826967a", "url": "https://git.kernel.org/stable/c/381bde79d11e596002edfd914e6714291826967a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/600942d2fd49b90e44857d20c774b20d16f3130f", "url": "https://git.kernel.org/stable/c/600942d2fd49b90e44857d20c774b20d16f3130f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/863da837964c80c72e368a4f748c30d25daa1815", "url": "https://git.kernel.org/stable/c/863da837964c80c72e368a4f748c30d25daa1815" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b71ba22e7c6c6b279c66f53ee7818709774efa1f", "url": "https://git.kernel.org/stable/c/b71ba22e7c6c6b279c66f53ee7818709774efa1f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ca2b8ae93a6da9839dc7f9eb9199b18aa03c3dae", "url": "https://git.kernel.org/stable/c/ca2b8ae93a6da9839dc7f9eb9199b18aa03c3dae" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cd24da0db9f75ca11eaf6060f0ccb90e2f3be3b0", "url": "https://git.kernel.org/stable/c/cd24da0db9f75ca11eaf6060f0ccb90e2f3be3b0" } ], "release_date": "2024-05-21T15:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2021-47497", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmem: Fix shift-out-of-bound (UBSAN) with byte size cells\n\nIf a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic\n\n *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);\n\nwill become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we\nsubtract one from that making a large number that is then shifted more than the\nnumber of bits that fit into an unsigned long.\n\nUBSAN reports this problem:\n\n UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8\n shift exponent 64 is too large for 64-bit type 'unsigned long'\n CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9\n Hardware name: Google Lazor (rev3+) with KB Backlight (DT)\n Workqueue: events_unbound deferred_probe_work_func\n Call trace:\n dump_backtrace+0x0/0x170\n show_stack+0x24/0x30\n dump_stack_lvl+0x64/0x7c\n dump_stack+0x18/0x38\n ubsan_epilogue+0x10/0x54\n __ubsan_handle_shift_out_of_bounds+0x180/0x194\n __nvmem_cell_read+0x1ec/0x21c\n nvmem_cell_read+0x58/0x94\n nvmem_cell_read_variable_common+0x4c/0xb0\n nvmem_cell_read_variable_le_u32+0x40/0x100\n a6xx_gpu_init+0x170/0x2f4\n adreno_bind+0x174/0x284\n component_bind_all+0xf0/0x264\n msm_drm_bind+0x1d8/0x7a0\n try_to_bring_up_master+0x164/0x1ac\n __component_add+0xbc/0x13c\n component_add+0x20/0x2c\n dp_display_probe+0x340/0x384\n platform_probe+0xc0/0x100\n really_probe+0x110/0x304\n __driver_probe_device+0xb8/0x120\n driver_probe_device+0x4c/0xfc\n __device_attach_driver+0xb0/0x128\n bus_for_each_drv+0x90/0xdc\n __device_attach+0xc8/0x174\n device_initial_probe+0x20/0x2c\n bus_probe_device+0x40/0xa4\n deferred_probe_work_func+0x7c/0xb8\n process_one_work+0x128/0x21c\n process_scheduled_works+0x40/0x54\n worker_thread+0x1ec/0x2a8\n kthread+0x138/0x158\n ret_from_fork+0x10/0x20\n\nFix it by making sure there are any bits to mask out.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47497" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0594f1d048d8dc338eb9a240021b1d00ae1eb082", "url": "https://git.kernel.org/stable/c/0594f1d048d8dc338eb9a240021b1d00ae1eb082" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0e822e5413da1af28cca350cb1cb42b6133bdcae", "url": "https://git.kernel.org/stable/c/0e822e5413da1af28cca350cb1cb42b6133bdcae" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2df6c023050205c4d04ffc121bc549f65cb8d1df", "url": "https://git.kernel.org/stable/c/2df6c023050205c4d04ffc121bc549f65cb8d1df" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/57e48886401b14cd351423fabfec2cfd18df4f66", "url": "https://git.kernel.org/stable/c/57e48886401b14cd351423fabfec2cfd18df4f66" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9", "url": "https://git.kernel.org/stable/c/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/60df06bbdf497e37ed25ad40572c362e5b0998df", "url": "https://git.kernel.org/stable/c/60df06bbdf497e37ed25ad40572c362e5b0998df" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/abcb8d33e4d2215ccde5ab5ccf9f730a59d79d97", "url": "https://git.kernel.org/stable/c/abcb8d33e4d2215ccde5ab5ccf9f730a59d79d97" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/eb0fc8e7170e61eaf65d28dee4a8baf4e86b19ca", "url": "https://git.kernel.org/stable/c/eb0fc8e7170e61eaf65d28dee4a8baf4e86b19ca" } ], "release_date": "2024-05-22T09:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-35965", "cwe": { "id": "CWE-1284", "name": "Improper Validation of Specified Quantity in Input" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix not validating setsockopt user input\n\nCheck user input length before copying data.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-35965" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/28234f8ab69c522ba447f3e041bbfbb284c5959a", "url": "https://git.kernel.org/stable/c/28234f8ab69c522ba447f3e041bbfbb284c5959a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4f3951242ace5efc7131932e2e01e6ac6baed846", "url": "https://git.kernel.org/stable/c/4f3951242ace5efc7131932e2e01e6ac6baed846" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8ee0c132a61df9723813c40e742dc5321824daa9", "url": "https://git.kernel.org/stable/c/8ee0c132a61df9723813c40e742dc5321824daa9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9d42f373391211c7c8af66a3a316533a32b8a607", "url": "https://git.kernel.org/stable/c/9d42f373391211c7c8af66a3a316533a32b8a607" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f13b04cf65a86507ff15a9bbf37969d25be3e2a0", "url": "https://git.kernel.org/stable/c/f13b04cf65a86507ff15a9bbf37969d25be3e2a0" } ], "release_date": "2024-05-20T10:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-21796", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnfsd: clear acl_access/acl_default after releasing them\nIf getting acl_default fails, acl_access and acl_default will be released\nsimultaneously. However, acl_access will still retain a pointer pointing\nto the released posix_acl, which will trigger a WARNING in\nnfs3svc_release_getacl like this:\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 26 PID: 3199 at lib/refcount.c:28\nrefcount_warn_saturate+0xb5/0x170\nModules linked in:\nCPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted\n6.12.0-rc6-00079-g04ae226af01f-dirty #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb5/0x170\nCode: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75\ne4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff <0f> 0b eb\ncd 0f b6 1d 8a3\nRSP: 0018:ffffc90008637cd8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380\nRBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56\nR10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001\nR13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0\nFS: 0000000000000000(0000) GS:ffff88871ed00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\n? refcount_warn_saturate+0xb5/0x170\n? __warn+0xa5/0x140\n? refcount_warn_saturate+0xb5/0x170\n? report_bug+0x1b1/0x1e0\n? handle_bug+0x53/0xa0\n? exc_invalid_op+0x17/0x40\n? asm_exc_invalid_op+0x1a/0x20\n? tick_nohz_tick_stopped+0x1e/0x40\n? refcount_warn_saturate+0xb5/0x170\n? refcount_warn_saturate+0xb5/0x170\nnfs3svc_release_getacl+0xc9/0xe0\nsvc_process_common+0x5db/0xb60\n? __pfx_svc_process_common+0x10/0x10\n? __rcu_read_unlock+0x69/0xa0\n? __pfx_nfsd_dispatch+0x10/0x10\n? svc_xprt_received+0xa1/0x120\n? xdr_init_decode+0x11d/0x190\nsvc_process+0x2a7/0x330\nsvc_handle_xprt+0x69d/0x940\nsvc_recv+0x180/0x2d0\nnfsd+0x168/0x200\n? __pfx_nfsd+0x10/0x10\nkthread+0x1a2/0x1e0\n? kthread+0xf4/0x1e0\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x34/0x60\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\nKernel panic - not syncing: kernel: panic_on_warn set ...\nClear acl_access/acl_default after posix_acl_release is called to prevent\nUAF from being triggered.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21796" } ], "release_date": "2025-02-27T00:00:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-38618", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nvsock: Do not allow binding to VMADDR_PORT_ANY\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38618" } ], "release_date": "2025-08-22T00:00:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-38617", "cwe": { "id": "CWE-366", "name": "Race Condition within a Thread" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\nWhen packet_set_ring() releases po->bind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo->bind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po->num to zero to keep\nthe socket unhooked until the lock is retaken.\nThe po->bind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38617" } ], "release_date": "2025-08-22T00:00:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-35849", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix information leak in btrfs_ioctl_logical_to_ino()\n\nSyzbot reported the following information leak for in\nbtrfs_ioctl_logical_to_ino():\n\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n copy_to_user include/linux/uaccess.h:191 [inline]\n btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499\n btrfs_ioctl+0x714/0x1260\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Uninit was created at:\n __kmalloc_large_node+0x231/0x370 mm/slub.c:3921\n __do_kmalloc_node mm/slub.c:3954 [inline]\n __kmalloc_node+0xb07/0x1060 mm/slub.c:3973\n kmalloc_node include/linux/slab.h:648 [inline]\n kvmalloc_node+0xc0/0x2d0 mm/util.c:634\n kvmalloc include/linux/slab.h:766 [inline]\n init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779\n btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480\n btrfs_ioctl+0x714/0x1260\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Bytes 40-65535 of 65536 are uninitialized\n Memory access of size 65536 starts at ffff888045a40000\n\nThis happens, because we're copying a 'struct btrfs_data_container' back\nto user-space. This btrfs_data_container is allocated in\n'init_data_container()' via kvmalloc(), which does not zero-fill the\nmemory.\n\nFix this by using kvzalloc() which zeroes out the memory on allocation.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-35849" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf", "url": "https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6", "url": "https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc", "url": "https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772", "url": "https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86", "url": "https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6", "url": "https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d", "url": "https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54", "url": "https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "release_date": "2024-05-17T15:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-49924", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: pxafb: Fix possible use after free in pxafb_task()\n\nIn the pxafb_probe function, it calls the pxafb_init_fbinfo function,\nafter which &fbi->task is associated with pxafb_task. Moreover,\nwithin this pxafb_init_fbinfo function, the pxafb_blank function\nwithin the &pxafb_ops struct is capable of scheduling work.\n\nIf we remove the module which will call pxafb_remove to make cleanup,\nit will call unregister_framebuffer function which can call\ndo_unregister_framebuffer to free fbi->fb through\nput_fb_info(fb_info), while the work mentioned above will be used.\nThe sequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | pxafb_task\npxafb_remove |\nunregister_framebuffer(info) |\ndo_unregister_framebuffer(fb_info) |\nput_fb_info(fb_info) |\n// free fbi->fb | set_ctrlr_state(fbi, state)\n | __pxafb_lcd_power(fbi, 0)\n | fbi->lcd_power(on, &fbi->fb.var)\n | //use fbi->fb\n\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in pxafb_remove.\n\nNote that only root user can remove the driver at runtime.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-49924" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3c0d416eb4bef705f699213cee94bf54b6acdacd", "url": "https://git.kernel.org/stable/c/3c0d416eb4bef705f699213cee94bf54b6acdacd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4a6921095eb04a900e0000da83d9475eb958e61e", "url": "https://git.kernel.org/stable/c/4a6921095eb04a900e0000da83d9475eb958e61e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4cda484e584be34d55ee17436ebf7ad11922b97a", "url": "https://git.kernel.org/stable/c/4cda484e584be34d55ee17436ebf7ad11922b97a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6d0a07f68b66269e167def6c0b90a219cd3e7473", "url": "https://git.kernel.org/stable/c/6d0a07f68b66269e167def6c0b90a219cd3e7473" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a3a855764dbacbdb1cc51e15dc588f2d21c93e0e", "url": "https://git.kernel.org/stable/c/a3a855764dbacbdb1cc51e15dc588f2d21c93e0e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/aaadc0cb05c999ccd8898a03298b7e5c31509b08", "url": "https://git.kernel.org/stable/c/aaadc0cb05c999ccd8898a03298b7e5c31509b08" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e657fa2df4429f3805a9b3e47fb1a4a1b02a72bd", "url": "https://git.kernel.org/stable/c/e657fa2df4429f3805a9b3e47fb1a4a1b02a72bd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e6897e299f57b103e999e62010b88e363b3eebae", "url": "https://git.kernel.org/stable/c/e6897e299f57b103e999e62010b88e363b3eebae" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fdda354f60a576d52dcf90351254714681df4370", "url": "https://git.kernel.org/stable/c/fdda354f60a576d52dcf90351254714681df4370" } ], "release_date": "2024-10-21T18:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-buildinfo-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-cloud-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-cloud-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-cloud-tools-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-crashdump-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-doc-0:4.4.0-279.313.all", "Ubuntu-16:linux-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.all", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-headers-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-headers-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-image-unsigned-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-libc-dev-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-lowlatency-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-modules-extra-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-source-0:4.4.0.279.313.all", "Ubuntu-16:linux-source-4.4.0-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-generic-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-4.4.0-279-tuxcare.els50-lowlatency-0:4.4.0-279.313.amd64", "Ubuntu-16:linux-tools-common-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-generic-0:4.4.0.279.313.amd64", "Ubuntu-16:linux-tools-host-0:4.4.0-279.313.all", "Ubuntu-16:linux-tools-lowlatency-0:4.4.0.279.313.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }