{
"document": {
"aggregate_severity": {
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "TuxCare License Agreement",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.",
"title": "Terms of Use"
},
{
"category": "details",
"text": "* CVE-url: https://ubuntu.com/security/CVE-2021-47352\n - virtio-net: Add validation for used length\n * CVE-url: https://ubuntu.com/security/CVE-2024-46745\n - Input: uinput - reject requests with unreasonable number of slots\n * CVE-url: https://ubuntu.com/security/CVE-2024-44952\n - driver core: Fix uevent_show() vs driver detach race\n * CVE-url: https://ubuntu.com/security/CVE-2024-42304\n - ext4: make sure the first directory block is not a hole\n * CVE-url: https://ubuntu.com/security/CVE-2024-42305\n - ext4: check dot and dotdot of dx_root before making dir indexed\n * CVE-url: https://ubuntu.com/security/CVE-2024-53168\n - sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n * CVE-url: https://ubuntu.com/security/CVE-2024-49925\n - driver core: add dev_groups to all drivers\n - driver core: Fix error return code in really_probe()\n - fbdev: efifb: Register sysfs groups through driver core\n * CVE-url: https://ubuntu.com/security/CVE-2024-56661\n - tipc: fix NULL deref in cleanup_bearer()\n * CVE-url: https://ubuntu.com/security/CVE-2024-56642\n - tipc: Fix use-after-free of kernel socket in cleanup_bearer().\n * CVE-url: https://ubuntu.com/security/CVE-2021-47163\n - tipc: wait and exit until all work queues are done\n * CVE-url: https://ubuntu.com/security/CVE-2024-26915\n - drm/amdgpu: fix IH overflow on Vega10 v2\n - drm/amdgpu: Add check to prevent IH overflow\n - drm/amdgpu: Reset IH OVERFLOW_CLEAR bit\n * CVE-url: https://ubuntu.com/security/CVE-2024-56770\n - net/sched: netem: account for backlog updates from child qdisc\n - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()\n * CVE-url: https://ubuntu.com/security/CVE-2024-50296\n - net: hns3: fix kernel crash when uninstalling driver\n * CVE-url: https://ubuntu.com/security/CVE-2024-53066\n - nfs: Fix KMSAN warning in decode_getfattr_attrs()\n * CVE-url: https://ubuntu.com/security/CVE-2024-49944\n - sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start\n * CVE-url: https://ubuntu.com/security/CVE-2024-50237\n - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower\n * CVE-url: https://ubuntu.com/security/CVE-2024-46780\n - nilfs2: protect references to superblock parameters exposed in sysfs\n * CVE-url: https://ubuntu.com/security/CVE-2024-53063\n - media: dvbdev: prevent the risk of out of memory access\n - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set\n * CVE-url: https://ubuntu.com/security/CVE-2023-52927\n - netfilter: allow exp not to be removed in nf_ct_find_expectation\n * CVE-url: https://ubuntu.com/security/CVE-2021-47150\n - net: fec: fix the potential memory leak in fec_enet_init()\n * CVE-url: https://ubuntu.com/security/CVE-2024-53140\n - netlink: terminate outstanding dump on socket close\n * CVE-url: https://ubuntu.com/security/CVE-2025-21971\n - net_sched: Prevent creation of classes with TC_H_ROOT\n * CVE-url: https://ubuntu.com/security/CVE-2025-37785\n - ext4: fix OOB read when checking dotdot dir\n * CVE-url: https://ubuntu.com/security/CVE-2023-52572\n - cifs: Fix UAF in cifs_demultiplex_thread()\n * CVE-url: https://ubuntu.com/security/CVE-2022-49738\n - f2fs: fix to do sanity check on summary info\n - f2fs: should put a page when checking the summary info\n - f2fs: fix to do sanity check on i_extra_isize in is_alive()\n * CVE-url: https://ubuntu.com/security/CVE-2022-49740\n - wifi: brcmfmac: Check the count value of channel spec to prevent out-of-\n bounds reads\n * CVE-url: https://ubuntu.com/security/\n - ipv6: Define dscp_t and stop taking ECN bits into account in fib6-rules\n * CVE-url: https://ubuntu.com/security/CVE-2023-53020\n - l2tp: close all race conditions in l2tp_tunnel_register()\n * CVE-url: https://ubuntu.com/security/CVE-2025-21957\n - scsi: qla1280: Fix kernel oops when debug level > 2\n * CVE-url: https://ubuntu.com/security/CVE-2025-21948\n - HID: appleir: Fix potential NULL dereference at raw event handle\n * CVE-url: https://ubuntu.com/security/CVE-2023-52936\n - debugfs: add debugfs_lookup_and_remove()\n - kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup()\n * CVE-url: https://ubuntu.com/security/CVE-2025-21912\n - gpio: rcar: Use raw_spinlock to protect register access\n * CVE-url: https://ubuntu.com/security/CVE-2025-21922\n - ppp: Fix KMSAN uninit-value warning with bpf\n * CVE-url: https://ubuntu.com/security/CVE-2025-21891\n - ipvlan: ensure network headers are in skb linear part\n * CVE-url: https://ubuntu.com/security/CVE-2025-21959\n - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in\n insert_tree()\n * CVE-url: https://ubuntu.com/security/CVE-2025-21996\n - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()\n * CVE-url: https://ubuntu.com/security/CVE-2025-21928\n - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()\n * CVE-url: https://ubuntu.com/security/CVE-2025-21917\n - usb: renesas_usbhs: Flush the notify_hotplug_work\n * CVE-url: https://ubuntu.com/security/CVE-2023-53001\n - drm/drm_vma_manager: Add drm_vma_node_allow_once()\n * CVE-url: https://ubuntu.com/security/CVE-2025-21969\n - Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n * CVE-url: https://ubuntu.com/security/CVE-2025-21920\n - vlan: enforce underlying device type\n * CVE-url: https://ubuntu.com/security/CVE-2025-21904\n - caif_virtio: fix wrong pointer check in cfv_probe()\n * CVE-url: https://ubuntu.com/security/CVE-2024-56658\n - net: defer final 'struct net' free in netns dismantle\n * CVE-url: https://ubuntu.com/security/CVE-2022-23041\n - xen/pvcalls: use alloc/free_pages_exact()\n * CVE-url: https://ubuntu.com/security/CVE-2024-50265\n - ocfs2: remove entry once instead of null-ptr-dereference in\n ocfs2_xa_remove()\n * CVE-url: https://ubuntu.com/security/CVE-2024-46826\n - ELF: fix kernel.randomize_va_space double read\n * CVE-url: https://ubuntu.com/security/CVE-2025-21700\n - net: sched: Disallow replacing of child qdisc from one parent to another\n * CVE-url: https://ubuntu.com/security/CVE-2025-21702\n - pfifo_tail_enqueue: Drop new packet when sch->limit == 0\n * CVE-url: https://ubuntu.com/security/CVE-2024-50167\n - be2net: fix potential memory leak in be_xmit()\n * CVE-url: https://ubuntu.com/security/CVE-2024-49952\n - netfilter: nf_tables: prevent nf_skb_duplicated corruption\n * CVE-url: https://ubuntu.com/security/CVE-2024-49948\n - net: add more sanity checks to qdisc_pkt_len_init()",
"title": "Details"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://tuxcare.com/contact/",
"name": "TuxCare",
"namespace": "https://tuxcare.com/"
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu18.04els/advisories/2025/clsa-2025_1747430081.json"
},
{
"category": "self",
"summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747430081",
"url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747430081"
}
],
"tracking": {
"current_release_date": "2025-05-19T15:23:02Z",
"generator": {
"date": "2025-05-19T15:23:02Z",
"engine": {
"name": "pyCSAF"
}
},
"id": "CLSA-2025:1747430081",
"initial_release_date": "2025-05-16T21:14:43Z",
"revision_history": [
{
"date": "2025-05-16T21:14:43Z",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-19T15:23:02Z",
"number": "2",
"summary": "Official Publication"
}
],
"status": "final",
"version": "2"
},
"title": "Fix of 50 CVEs"
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu 18.04",
"product": {
"name": "Ubuntu 18.04",
"product_id": "Ubuntu-18",
"product_identification_helper": {
"cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Ubuntu"
}
],
"category": "vendor",
"name": "Canonical Ltd."
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"product": {
"name": "linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"product_id": "linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-tools-4.15.0-247-tuxcare.els35-generic@4.15.0-247.258?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-image-generic-0:4.15.0.247.258.amd64",
"product": {
"name": "linux-image-generic-0:4.15.0.247.258.amd64",
"product_id": "linux-image-generic-0:4.15.0.247.258.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-image-generic@4.15.0.247.258?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"product": {
"name": "linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"product_id": "linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-modules-extra-4.15.0-247-tuxcare.els35-generic@4.15.0-247.258?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-generic-0:4.15.0.247.258.amd64",
"product": {
"name": "linux-generic-0:4.15.0.247.258.amd64",
"product_id": "linux-generic-0:4.15.0.247.258.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-generic@4.15.0.247.258?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"product": {
"name": "linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"product_id": "linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-modules-4.15.0-247-tuxcare.els35-lowlatency@4.15.0-247.258?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"product": {
"name": "linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"product_id": "linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-tools-4.15.0-247-tuxcare.els35-lowlatency@4.15.0-247.258?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"product": {
"name": "linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"product_id": "linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-cloud-tools-lowlatency@4.15.0.247.258?arch=amd64"
}
}
},
{
"category": "product_version",
"name": "linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"product": {
"name": "linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"product_id": "linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-headers-4.15.0-247-tuxcare.els35-lowlatency@4.15.0-247.258?arch=amd64"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "linux-tools-host-0:4.15.0-247.258.all",
"product": {
"name": "linux-tools-host-0:4.15.0-247.258.all",
"product_id": "linux-tools-host-0:4.15.0-247.258.all",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-tools-host@4.15.0-247.258?arch=all"
}
}
},
{
"category": "product_version",
"name": "linux-doc-0:4.15.0-247.258.all",
"product": {
"name": "linux-doc-0:4.15.0-247.258.all",
"product_id": "linux-doc-0:4.15.0-247.258.all",
"product_identification_helper": {
"purl": "pkg:deb/cloudlinux/linux-doc@4.15.0-247.258?arch=all"
}
}
}
],
"category": "architecture",
"name": "all"
}
],
"category": "vendor",
"name": "CloudLinux"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64 as a component of Ubuntu 18.04",
"product_id": "Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64"
},
"product_reference": "linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"relates_to_product_reference": "Ubuntu-18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-image-generic-0:4.15.0.247.258.amd64 as a component of Ubuntu 18.04",
"product_id": "Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64"
},
"product_reference": "linux-image-generic-0:4.15.0.247.258.amd64",
"relates_to_product_reference": "Ubuntu-18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64 as a component of Ubuntu 18.04",
"product_id": "Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64"
},
"product_reference": "linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"relates_to_product_reference": "Ubuntu-18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-generic-0:4.15.0.247.258.amd64 as a component of Ubuntu 18.04",
"product_id": "Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64"
},
"product_reference": "linux-generic-0:4.15.0.247.258.amd64",
"relates_to_product_reference": "Ubuntu-18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-tools-host-0:4.15.0-247.258.all as a component of Ubuntu 18.04",
"product_id": "Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all"
},
"product_reference": "linux-tools-host-0:4.15.0-247.258.all",
"relates_to_product_reference": "Ubuntu-18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64 as a component of Ubuntu 18.04",
"product_id": "Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
},
"product_reference": "linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"relates_to_product_reference": "Ubuntu-18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64 as a component of Ubuntu 18.04",
"product_id": "Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
},
"product_reference": "linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"relates_to_product_reference": "Ubuntu-18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-doc-0:4.15.0-247.258.all as a component of Ubuntu 18.04",
"product_id": "Ubuntu-18:linux-doc-0:4.15.0-247.258.all"
},
"product_reference": "linux-doc-0:4.15.0-247.258.all",
"relates_to_product_reference": "Ubuntu-18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64 as a component of Ubuntu 18.04",
"product_id": "Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64"
},
"product_reference": "linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"relates_to_product_reference": "Ubuntu-18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64 as a component of Ubuntu 18.04",
"product_id": "Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
},
"product_reference": "linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"relates_to_product_reference": "Ubuntu-18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50296",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when uninstalling driver\n\nWhen the driver is uninstalled and the VF is disabled concurrently, a\nkernel crash occurs. The reason is that the two actions call function\npci_disable_sriov(). The num_VFs is checked to determine whether to\nrelease the corresponding resources. During the second calling, num_VFs\nis not 0 and the resource release function is called. However, the\ncorresponding resource has been released during the first invoking.\nTherefore, the problem occurs:\n\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n...\n[15278.131557][T50670] Call trace:\n[15278.134686][T50670] klist_put+0x28/0x12c\n[15278.138682][T50670] klist_del+0x14/0x20\n[15278.142592][T50670] device_del+0xbc/0x3c0\n[15278.146676][T50670] pci_remove_bus_device+0x84/0x120\n[15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80\n[15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c\n[15278.162485][T50670] sriov_disable+0x50/0x11c\n[15278.166829][T50670] pci_disable_sriov+0x24/0x30\n[15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\n[15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge]\n[15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230\n[15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30\n[15278.193848][T50670] invoke_syscall+0x50/0x11c\n[15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164\n[15278.203837][T50670] do_el0_svc+0x34/0xcc\n[15278.207834][T50670] el0_svc+0x20/0x30\n\nFor details, see the following figure.\n\n rmmod hclge disable VFs\n----------------------------------------------------\nhclge_exit() sriov_numvfs_store()\n ... device_lock()\n pci_disable_sriov() hns3_pci_sriov_configure()\n pci_disable_sriov()\n sriov_disable()\n sriov_disable() if !num_VFs :\n if !num_VFs : return;\n return; sriov_del_vfs()\n sriov_del_vfs() ...\n ... klist_put()\n klist_put() ...\n ... num_VFs = 0;\n num_VFs = 0; device_unlock();\n\nIn this patch, when driver is removing, we get the device_lock()\nto protect num_VFs, just like sriov_numvfs_store().",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-50296"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/590a4b2d4e0b73586e88bce9b8135b593355ec09",
"url": "https://git.kernel.org/stable/c/590a4b2d4e0b73586e88bce9b8135b593355ec09"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/719edd9f3372ce7fb3b157647c6658672946874b",
"url": "https://git.kernel.org/stable/c/719edd9f3372ce7fb3b157647c6658672946874b"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/76b155e14d9b182ce83d32ada2d0d7219ea8c8dd",
"url": "https://git.kernel.org/stable/c/76b155e14d9b182ce83d32ada2d0d7219ea8c8dd"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7ae4e56de7dbd0999578246a536cf52a63f4056d",
"url": "https://git.kernel.org/stable/c/7ae4e56de7dbd0999578246a536cf52a63f4056d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a0df055775f30850c0da8f7dab40d67c0fd63908",
"url": "https://git.kernel.org/stable/c/a0df055775f30850c0da8f7dab40d67c0fd63908"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b5c94e4d947d15d521e935ff10c5a22a7883dea5",
"url": "https://git.kernel.org/stable/c/b5c94e4d947d15d521e935ff10c5a22a7883dea5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/df3dff8ab6d79edc942464999d06fbaedf8cdd18",
"url": "https://git.kernel.org/stable/c/df3dff8ab6d79edc942464999d06fbaedf8cdd18"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e36482b222e00cc7aeeea772fc0cf2943590bc4d",
"url": "https://git.kernel.org/stable/c/e36482b222e00cc7aeeea772fc0cf2943590bc4d"
}
],
"release_date": "2024-11-19T02:16:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-50167",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbe2net: fix potential memory leak in be_xmit()\n\nThe be_xmit() returns NETDEV_TX_OK without freeing skb\nin case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-50167"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/4c5f170ef4f85731a4d43ad9a6ac51106c0946be",
"url": "https://git.kernel.org/stable/c/4c5f170ef4f85731a4d43ad9a6ac51106c0946be"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/641c1beed52bf3c6deb0193fe4d38ec9ff75d2ae",
"url": "https://git.kernel.org/stable/c/641c1beed52bf3c6deb0193fe4d38ec9ff75d2ae"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/6b7ce8ee01c33c380aaa5077ff25215492e7eb0e",
"url": "https://git.kernel.org/stable/c/6b7ce8ee01c33c380aaa5077ff25215492e7eb0e"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/77bc881d370e850b7f3cd2b5eae67d596b40efbc",
"url": "https://git.kernel.org/stable/c/77bc881d370e850b7f3cd2b5eae67d596b40efbc"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/919ab6e2370289a2748780f44a43333cd3878aa7",
"url": "https://git.kernel.org/stable/c/919ab6e2370289a2748780f44a43333cd3878aa7"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/941026023c256939943a47d1c66671526befbb26",
"url": "https://git.kernel.org/stable/c/941026023c256939943a47d1c66671526befbb26"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e4dd8bfe0f6a23acd305f9b892c00899089bd621",
"url": "https://git.kernel.org/stable/c/e4dd8bfe0f6a23acd305f9b892c00899089bd621"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e86a79b804e26e3b7f1e415b22a085c0bb7ea3d3",
"url": "https://git.kernel.org/stable/c/e86a79b804e26e3b7f1e415b22a085c0bb7ea3d3"
}
],
"release_date": "2024-11-07T10:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2025-21969",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n\nAfter the hci sync command releases l2cap_conn, the hci receive data work\nqueue references the released l2cap_conn when sending to the upper layer.\nAdd hci dev lock to the hci receive data work queue to synchronize the two.\n\n[1]\nBUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\nRead of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837\n\nCPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci1 hci_rx_work\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline]\n l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\n l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline]\n l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817\n hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline]\n hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \n\nAllocated by task 5837:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860\n l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726\n hci_event_func net/bluetooth/hci_event.c:7473 [inline]\n hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525\n hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nFreed by task 54:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266\n hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21969"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7790a79c6fce8d5d552bc64f5c82819f719e4f28",
"url": "https://git.kernel.org/stable/c/7790a79c6fce8d5d552bc64f5c82819f719e4f28"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b4f82f9ed43aefa79bec2504ae8c29be0c0f5d1d",
"url": "https://git.kernel.org/stable/c/b4f82f9ed43aefa79bec2504ae8c29be0c0f5d1d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c96cce853542b3b13da3738f35ef1be8cfcc9d1d",
"url": "https://git.kernel.org/stable/c/c96cce853542b3b13da3738f35ef1be8cfcc9d1d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f8094625a591eeb0b75b1bd9e713fac1d93f5ca9",
"url": "https://git.kernel.org/stable/c/f8094625a591eeb0b75b1bd9e713fac1d93f5ca9"
}
],
"release_date": "2025-04-01T16:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "High"
}
]
},
{
"cve": "CVE-2025-21959",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()\n\nSince commit b36e4523d4d5 (\"netfilter: nf_conncount: fix garbage\ncollection confirm race\"), `cpu` and `jiffies32` were introduced to\nthe struct nf_conncount_tuple.\n\nThe commit made nf_conncount_add() initialize `conn->cpu` and\n`conn->jiffies32` when allocating the struct.\nIn contrast, count_tree() was not changed to initialize them.\n\nBy commit 34848d5c896e (\"netfilter: nf_conncount: Split insert and\ntraversal\"), count_tree() was split and the relevant allocation\ncode now resides in insert_tree().\nInitialize `conn->cpu` and `conn->jiffies32` in insert_tree().\n\nBUG: KMSAN: uninit-value in find_or_evict net/netfilter/nf_conncount.c:117 [inline]\nBUG: KMSAN: uninit-value in __nf_conncount_add+0xd9c/0x2850 net/netfilter/nf_conncount.c:143\n find_or_evict net/netfilter/nf_conncount.c:117 [inline]\n __nf_conncount_add+0xd9c/0x2850 net/netfilter/nf_conncount.c:143\n count_tree net/netfilter/nf_conncount.c:438 [inline]\n nf_conncount_count+0x82f/0x1e80 net/netfilter/nf_conncount.c:521\n connlimit_mt+0x7f6/0xbd0 net/netfilter/xt_connlimit.c:72\n __nft_match_eval net/netfilter/nft_compat.c:403 [inline]\n nft_match_eval+0x1a5/0x300 net/netfilter/nft_compat.c:433\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x426/0x2290 net/netfilter/nf_tables_core.c:288\n nft_do_chain_ipv4+0x1a5/0x230 net/netfilter/nft_chain_filter.c:23\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_slow_list+0x24d/0x860 net/netfilter/core.c:663\n NF_HOOK_LIST include/linux/netfilter.h:350 [inline]\n ip_sublist_rcv+0x17b7/0x17f0 net/ipv4/ip_input.c:633\n ip_list_rcv+0x9ef/0xa40 net/ipv4/ip_input.c:669\n __netif_receive_skb_list_ptype net/core/dev.c:5936 [inline]\n __netif_receive_skb_list_core+0x15c5/0x1670 net/core/dev.c:5983\n __netif_receive_skb_list net/core/dev.c:6035 [inline]\n netif_receive_skb_list_internal+0x1085/0x1700 net/core/dev.c:6126\n netif_receive_skb_list+0x5a/0x460 net/core/dev.c:6178\n xdp_recv_frames net/bpf/test_run.c:280 [inline]\n xdp_test_run_batch net/bpf/test_run.c:361 [inline]\n bpf_test_run_xdp_live+0x2e86/0x3480 net/bpf/test_run.c:390\n bpf_prog_test_run_xdp+0xf1d/0x1ae0 net/bpf/test_run.c:1316\n bpf_prog_test_run+0x5e5/0xa30 kernel/bpf/syscall.c:4407\n __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5813\n __do_sys_bpf kernel/bpf/syscall.c:5902 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5900 [inline]\n __ia32_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5900\n ia32_sys_call+0x394d/0x4180 arch/x86/include/generated/asm/syscalls_32.h:358\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0xb0/0x110 arch/x86/entry/common.c:387\n do_fast_syscall_32+0x38/0x80 arch/x86/entry/common.c:412\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:450\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4121 [inline]\n slab_alloc_node mm/slub.c:4164 [inline]\n kmem_cache_alloc_noprof+0x915/0xe10 mm/slub.c:4171\n insert_tree net/netfilter/nf_conncount.c:372 [inline]\n count_tree net/netfilter/nf_conncount.c:450 [inline]\n nf_conncount_count+0x1415/0x1e80 net/netfilter/nf_conncount.c:521\n connlimit_mt+0x7f6/0xbd0 net/netfilter/xt_connlimit.c:72\n __nft_match_eval net/netfilter/nft_compat.c:403 [inline]\n nft_match_eval+0x1a5/0x300 net/netfilter/nft_compat.c:433\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x426/0x2290 net/netfilter/nf_tables_core.c:288\n nft_do_chain_ipv4+0x1a5/0x230 net/netfilter/nft_chain_filter.c:23\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_slow_list+0x24d/0x860 net/netfilter/core.c:663\n NF_HOOK_LIST include/linux/netfilter.h:350 [inline]\n ip_sublist_rcv+0x17b7/0x17f0 net/ipv4/ip_input.c:633\n ip_list_rcv+0x9ef/0xa40 net/ip\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21959"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/2a154ce766b995494e88d8d117fa82cc6b73dd87",
"url": "https://git.kernel.org/stable/c/2a154ce766b995494e88d8d117fa82cc6b73dd87"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/2db5baaf047a7c8d6ed5e2cc657b7854e155b7fc",
"url": "https://git.kernel.org/stable/c/2db5baaf047a7c8d6ed5e2cc657b7854e155b7fc"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/a62a25c6ad58fae997f48a0749afeda1c252ae51",
"url": "https://git.kernel.org/stable/c/a62a25c6ad58fae997f48a0749afeda1c252ae51"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d653bfeb07ebb3499c403404c21ac58a16531607",
"url": "https://git.kernel.org/stable/c/d653bfeb07ebb3499c403404c21ac58a16531607"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/db1e0c0856821c59a32ea3af79476bf20a6beeb2",
"url": "https://git.kernel.org/stable/c/db1e0c0856821c59a32ea3af79476bf20a6beeb2"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e8544a5a97bee3674e7cd6bf0f3a4af517fa9146",
"url": "https://git.kernel.org/stable/c/e8544a5a97bee3674e7cd6bf0f3a4af517fa9146"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f522229c5563b59b4240261e406779bba6754159",
"url": "https://git.kernel.org/stable/c/f522229c5563b59b4240261e406779bba6754159"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/fda50302a13701d47fbe01e1739c7a51114144fb",
"url": "https://git.kernel.org/stable/c/fda50302a13701d47fbe01e1739c7a51114144fb"
}
],
"release_date": "2025-04-01T16:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2025-21996",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()\n\nOn the off chance that command stream passed from userspace via\nioctl() call to radeon_vce_cs_parse() is weirdly crafted and\nfirst command to execute is to encode (case 0x03000001), the function\nin question will attempt to call radeon_vce_cs_reloc() with size\nargument that has not been properly initialized. Specifically, 'size'\nwill point to 'tmp' variable before the latter had a chance to be\nassigned any value.\n\nPlay it safe and init 'tmp' with 0, thus ensuring that\nradeon_vce_cs_reloc() will catch an early error in cases like these.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.\n\n(cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21996"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0effb378ebce52b897f85cd7f828854b8c7cb636",
"url": "https://git.kernel.org/stable/c/0effb378ebce52b897f85cd7f828854b8c7cb636"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3ce08215cad55c10a6eeeb33d3583b6cfffe3ab8",
"url": "https://git.kernel.org/stable/c/3ce08215cad55c10a6eeeb33d3583b6cfffe3ab8"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5b4d9d20fd455a97920cf158dd19163b879cf65d",
"url": "https://git.kernel.org/stable/c/5b4d9d20fd455a97920cf158dd19163b879cf65d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/78b07dada3f02f77762d0755a96d35f53b02be69",
"url": "https://git.kernel.org/stable/c/78b07dada3f02f77762d0755a96d35f53b02be69"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9b2da9c673a0da1359a2151f7ce773e2f77d71a9",
"url": "https://git.kernel.org/stable/c/9b2da9c673a0da1359a2151f7ce773e2f77d71a9"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/dd1801aa01bba1760357f2a641346ae149686713",
"url": "https://git.kernel.org/stable/c/dd1801aa01bba1760357f2a641346ae149686713"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/dd8689b52a24807c2d5ce0a17cb26dc87f75235c",
"url": "https://git.kernel.org/stable/c/dd8689b52a24807c2d5ce0a17cb26dc87f75235c"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f5e049028124f755283f2c07e7a3708361ed1dc8",
"url": "https://git.kernel.org/stable/c/f5e049028124f755283f2c07e7a3708361ed1dc8"
}
],
"release_date": "2025-04-03T08:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2025-21912",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: rcar: Use raw_spinlock to protect register access\n\nUse raw_spinlock in order to fix spurious messages about invalid context\nwhen spinlock debugging is enabled. The lock is only used to serialize\nregister access.\n\n [ 4.239592] =============================\n [ 4.239595] [ BUG: Invalid wait context ]\n [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted\n [ 4.239603] -----------------------------\n [ 4.239606] kworker/u8:5/76 is trying to lock:\n [ 4.239609] ffff0000091898a0 (&p->lock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.239641] other info that might help us debug this:\n [ 4.239643] context-{5:5}\n [ 4.239646] 5 locks held by kworker/u8:5/76:\n [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c\n [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property 'frame-master' with a value.\n [ 4.254094] #1: ffff80008299bd80 ((work_completion)(&entry->work)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c\n [ 4.254109] #2: ffff00000920c8f8\n [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'bitclock-master' with a value.\n [ 4.264803] (&dev->mutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc\n [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690\n [ 4.264840] #4:\n [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'frame-master' with a value.\n [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690\n [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz\n [ 4.304082] stack backtrace:\n [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35\n [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT)\n [ 4.304097] Workqueue: async async_run_entry_fn\n [ 4.304106] Call trace:\n [ 4.304110] show_stack+0x14/0x20 (C)\n [ 4.304122] dump_stack_lvl+0x6c/0x90\n [ 4.304131] dump_stack+0x14/0x1c\n [ 4.304138] __lock_acquire+0xdfc/0x1584\n [ 4.426274] lock_acquire+0x1c4/0x33c\n [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80\n [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164\n [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8\n [ 4.444422] __irq_set_trigger+0x5c/0x178\n [ 4.448435] __setup_irq+0x2e4/0x690\n [ 4.452012] request_threaded_irq+0xc4/0x190\n [ 4.456285] devm_request_threaded_irq+0x7c/0xf4\n [ 4.459398] ata1: link resume succeeded after 1 retries\n [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0\n [ 4.470660] mmc_start_host+0x50/0xac\n [ 4.474327] mmc_add_host+0x80/0xe4\n [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440\n [ 4.482094] renesas_sdhi_probe+0x488/0x6f4\n [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78\n [ 4.491509] platform_probe+0x64/0xd8\n [ 4.495178] really_probe+0xb8/0x2a8\n [ 4.498756] __driver_probe_device+0x74/0x118\n [ 4.503116] driver_probe_device+0x3c/0x154\n [ 4.507303] __device_attach_driver+0xd4/0x160\n [ 4.511750] bus_for_each_drv+0x84/0xe0\n [ 4.515588] __device_attach_async_helper+0xb0/0xdc\n [ 4.520470] async_run_entry_fn+0x30/0xd8\n [ 4.524481] process_one_work+0x210/0x62c\n [ 4.528494] worker_thread+0x1ac/0x340\n [ 4.532245] kthread+0x10c/0x110\n [ 4.535476] ret_from_fork+0x10/0x20",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21912"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3e300913c42041e81c5b17a970c4e078086ff2d1",
"url": "https://git.kernel.org/stable/c/3e300913c42041e81c5b17a970c4e078086ff2d1"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/51ef3073493e2a25dced05fdd59dfb059e7e284d",
"url": "https://git.kernel.org/stable/c/51ef3073493e2a25dced05fdd59dfb059e7e284d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7c1f36f9c9aca507d317479a3d3388150ae40a87",
"url": "https://git.kernel.org/stable/c/7c1f36f9c9aca507d317479a3d3388150ae40a87"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b42c84f9e4ec5bc2885e7fd80c79ec0352f5d2af",
"url": "https://git.kernel.org/stable/c/b42c84f9e4ec5bc2885e7fd80c79ec0352f5d2af"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c10365031f16514a29c812cd909085a6e4ea4b61",
"url": "https://git.kernel.org/stable/c/c10365031f16514a29c812cd909085a6e4ea4b61"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f02c41f87cfe61440c18bf77d1ef0a884b9ee2b5",
"url": "https://git.kernel.org/stable/c/f02c41f87cfe61440c18bf77d1ef0a884b9ee2b5"
}
],
"release_date": "2025-04-01T16:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2025-21922",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: Fix KMSAN uninit-value warning with bpf\n\nSyzbot caught an \"KMSAN: uninit-value\" warning [1], which is caused by the\nppp driver not initializing a 2-byte header when using socket filter.\n\nThe following code can generate a PPP filter BPF program:\n'''\nstruct bpf_program fp;\npcap_t *handle;\nhandle = pcap_open_dead(DLT_PPP_PPPD, 65535);\npcap_compile(handle, &fp, \"ip and outbound\", 0, 0);\nbpf_dump(&fp, 1);\n'''\nIts output is:\n'''\n(000) ldh [2]\n(001) jeq #0x21 jt 2 jf 5\n(002) ldb [0]\n(003) jeq #0x1 jt 4 jf 5\n(004) ret #65535\n(005) ret #0\n'''\nWen can find similar code at the following link:\nhttps://github.com/ppp-project/ppp/blob/master/pppd/options.c#L1680\nThe maintainer of this code repository is also the original maintainer\nof the ppp driver.\n\nAs you can see the BPF program skips 2 bytes of data and then reads the\n'Protocol' field to determine if it's an IP packet. Then it read the first\nbyte of the first 2 bytes to determine the direction.\n\nThe issue is that only the first byte indicating direction is initialized\nin current ppp driver code while the second byte is not initialized.\n\nFor normal BPF programs generated by libpcap, uninitialized data won't be\nused, so it's not a problem. However, for carefully crafted BPF programs,\nsuch as those generated by syzkaller [2], which start reading from offset\n0, the uninitialized data will be used and caught by KMSAN.\n\n[1] https://syzkaller.appspot.com/bug?extid=853242d9c9917165d791\n[2] https://syzkaller.appspot.com/text?tag=ReproC&x=11994913980000",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2025-21922"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/1eacd47636a9de5bee25d9d5962dc538a82d9f0b",
"url": "https://git.kernel.org/stable/c/1eacd47636a9de5bee25d9d5962dc538a82d9f0b"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/2f591cb158807bdcf424f66f1fbfa6e4e50f3757",
"url": "https://git.kernel.org/stable/c/2f591cb158807bdcf424f66f1fbfa6e4e50f3757"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3de809a768464528762757e433cd50de35bcb3c1",
"url": "https://git.kernel.org/stable/c/3de809a768464528762757e433cd50de35bcb3c1"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/4c2d14c40a68678d885eab4008a0129646805bae",
"url": "https://git.kernel.org/stable/c/4c2d14c40a68678d885eab4008a0129646805bae"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/4e2191b0fd0c064d37b0db67396216f2d4787e0f",
"url": "https://git.kernel.org/stable/c/4e2191b0fd0c064d37b0db67396216f2d4787e0f"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/8aa8a40c766b3945b40565a70349d5581458ff63",
"url": "https://git.kernel.org/stable/c/8aa8a40c766b3945b40565a70349d5581458ff63"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/c036f5f2680cbdabdbbace86baee3c83721634d6",
"url": "https://git.kernel.org/stable/c/c036f5f2680cbdabdbbace86baee3c83721634d6"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d685096c8129c9a92689975193e268945fd21dbf",
"url": "https://git.kernel.org/stable/c/d685096c8129c9a92689975193e268945fd21dbf"
}
],
"release_date": "2025-04-01T16:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2021-47163",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: wait and exit until all work queues are done\n\nOn some host, a crash could be triggered simply by repeating these\ncommands several times:\n\n # modprobe tipc\n # tipc bearer enable media udp name UDP1 localip 127.0.0.1\n # rmmod tipc\n\n [] BUG: unable to handle kernel paging request at ffffffffc096bb00\n [] Workqueue: events 0xffffffffc096bb00\n [] Call Trace:\n [] ? process_one_work+0x1a7/0x360\n [] ? worker_thread+0x30/0x390\n [] ? create_worker+0x1a0/0x1a0\n [] ? kthread+0x116/0x130\n [] ? kthread_flush_work_fn+0x10/0x10\n [] ? ret_from_fork+0x35/0x40\n\nWhen removing the TIPC module, the UDP tunnel sock will be delayed to\nrelease in a work queue as sock_release() can't be done in rtnl_lock().\nIf the work queue is schedule to run after the TIPC module is removed,\nkernel will crash as the work queue function cleanup_beareri() code no\nlonger exists when trying to invoke it.\n\nTo fix it, this patch introduce a member wq_count in tipc_net to track\nthe numbers of work queues in schedule, and wait and exit until all\nwork queues are done in tipc_exit_net().",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2021-47163"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/04c26faa51d1e2fe71cf13c45791f5174c37f986",
"url": "https://git.kernel.org/stable/c/04c26faa51d1e2fe71cf13c45791f5174c37f986"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/5195ec5e365a2a9331bfeb585b613a6e94f98dba",
"url": "https://git.kernel.org/stable/c/5195ec5e365a2a9331bfeb585b613a6e94f98dba"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d",
"url": "https://git.kernel.org/stable/c/b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa",
"url": "https://git.kernel.org/stable/c/d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa"
}
],
"release_date": "2024-03-25T10:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-49944",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start\n\nIn sctp_listen_start() invoked by sctp_inet_listen(), it should set the\nsk_state back to CLOSED if sctp_autobind() fails due to whatever reason.\n\nOtherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)->reuse\nis already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash will\nbe dereferenced as sk_state is LISTENING, which causes a crash as bind_hash\nis NULL.\n\n KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617\n Call Trace:\n \n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-49944"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/0e4e2e60556c6ed00e8450b720f106a268d23062",
"url": "https://git.kernel.org/stable/c/0e4e2e60556c6ed00e8450b720f106a268d23062"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7f64cb5b4d8c872296eda0fdce3bcf099eec7aa7",
"url": "https://git.kernel.org/stable/c/7f64cb5b4d8c872296eda0fdce3bcf099eec7aa7"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/89bbead9d897c77d0b566349c8643030ff2abeba",
"url": "https://git.kernel.org/stable/c/89bbead9d897c77d0b566349c8643030ff2abeba"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/8beee4d8dee76b67c75dc91fd8185d91e845c160",
"url": "https://git.kernel.org/stable/c/8beee4d8dee76b67c75dc91fd8185d91e845c160"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9230a59eda0878d7ecaa901d876aec76f57bd455",
"url": "https://git.kernel.org/stable/c/9230a59eda0878d7ecaa901d876aec76f57bd455"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/dd70c8a89ef99c3d53127fe19e51ef47c3f860fa",
"url": "https://git.kernel.org/stable/c/dd70c8a89ef99c3d53127fe19e51ef47c3f860fa"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e7a8442195e8ebd97df467ce4742980ab57edcce",
"url": "https://git.kernel.org/stable/c/e7a8442195e8ebd97df467ce4742980ab57edcce"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/e914bf68dab88815a7ae7b7a3a5e8913c8ff14a5",
"url": "https://git.kernel.org/stable/c/e914bf68dab88815a7ae7b7a3a5e8913c8ff14a5"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/f032e1dac30b3376c7d6026fb01a8c403c47a80d",
"url": "https://git.kernel.org/stable/c/f032e1dac30b3376c7d6026fb01a8c403c47a80d"
}
],
"release_date": "2024-10-21T18:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
},
{
"cve": "CVE-2024-49948",
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add more sanity checks to qdisc_pkt_len_init()\n\nOne path takes care of SKB_GSO_DODGY, assuming\nskb->len is bigger than hdr_len.\n\nvirtio_net_hdr_to_skb() does not fully dissect TCP headers,\nit only make sure it is at least 20 bytes.\n\nIt is possible for an user to provide a malicious 'GSO' packet,\ntotal length of 80 bytes.\n\n- 20 bytes of IPv4 header\n- 60 bytes TCP header\n- a small gso_size like 8\n\nvirtio_net_hdr_to_skb() would declare this packet as a normal\nGSO packet, because it would see 40 bytes of payload,\nbigger than gso_size.\n\nWe need to make detect this case to not underflow\nqdisc_skb_cb(skb)->pkt_len.",
"title": "Vulnerability description"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://cve.tuxcare.com/els/cve/CVE-2024-49948"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/1eebe602a8d8264a12e35e39d0645fa88dbbacdd",
"url": "https://git.kernel.org/stable/c/1eebe602a8d8264a12e35e39d0645fa88dbbacdd"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/2415f465730e48b6e38da1c7c097317bf5dd2d20",
"url": "https://git.kernel.org/stable/c/2415f465730e48b6e38da1c7c097317bf5dd2d20"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4",
"url": "https://git.kernel.org/stable/c/27a8fabc54d2f960d47bdfbebf2bdc6e8a92a4c4"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/473426a1d53a68dd1e718e6cd00d57936993fa6c",
"url": "https://git.kernel.org/stable/c/473426a1d53a68dd1e718e6cd00d57936993fa6c"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/566a931a1436d0e0ad13708ea55479b95426213c",
"url": "https://git.kernel.org/stable/c/566a931a1436d0e0ad13708ea55479b95426213c"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/9b0ee571d20a238a22722126abdfde61f1b2bdd0",
"url": "https://git.kernel.org/stable/c/9b0ee571d20a238a22722126abdfde61f1b2bdd0"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ab9a9a9e9647392a19e7a885b08000e89c86b535",
"url": "https://git.kernel.org/stable/c/ab9a9a9e9647392a19e7a885b08000e89c86b535"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/d7d1a28f5dd57b4d83def876f8d7b4403bd37df9",
"url": "https://git.kernel.org/stable/c/d7d1a28f5dd57b4d83def876f8d7b4403bd37df9"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/ff1c3cadcf405ab37dd91418a62a7acecf3bc5e2",
"url": "https://git.kernel.org/stable/c/ff1c3cadcf405ab37dd91418a62a7acecf3bc5e2"
}
],
"release_date": "2024-10-21T18:15:00",
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-image-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-modules-extra-4.15.0-247-tuxcare.els35-generic-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-generic-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-tools-host-0:4.15.0-247.258.all",
"Ubuntu-18:linux-modules-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-tools-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64",
"Ubuntu-18:linux-doc-0:4.15.0-247.258.all",
"Ubuntu-18:linux-cloud-tools-lowlatency-0:4.15.0.247.258.amd64",
"Ubuntu-18:linux-headers-4.15.0-247-tuxcare.els35-lowlatency-0:4.15.0-247.258.amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Medium"
}
]
}
]
}