{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* CVE-url: https://ubuntu.com/security/CVE-2025-21811\n - nilfs2: protect access to buffers with no active references\n * CVE-url: https://ubuntu.com/security/CVE-2025-21715\n - net: davicom: fix UAF in dm9000_drv_remove\n * CVE-url: https://ubuntu.com/security/CVE-2024-58083\n - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()\n * CVE-url: https://ubuntu.com/security/CVE-2024-57979\n - pps: Fix a use-after-free\n * CVE-url: https://ubuntu.com/security/CVE-2025-21898\n - ftrace: Avoid potential division by zero in function_stat_show()\n * CVE-url: https://ubuntu.com/security/CVE-2025-21993\n - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()\n * CVE-url: https://ubuntu.com/security/CVE-2025-21653\n - netlink: add attribute range validation to policy\n - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute\n * CVE-url: https://ubuntu.com/security/CVE-2024-53148\n - comedi: Flush partial mappings in error case\n * CVE-url: https://ubuntu.com/security/CVE-2022-49541\n - cifs: fix potential double free during failed mount\n * CVE-url: https://ubuntu.com/security/CVE-2024-35937\n - wifi: cfg80211: check A-MSDU format more carefully\n * CVE-url: https://ubuntu.com/security/CVE-2021-47211\n - ALSA: usb-audio: fix null pointer dereference on pointer cs_desc\n * CVE-url: https://ubuntu.com/security/CVE-2025-21772\n - partitions: mac: fix handling of bogus partition table\n * CVE-url: https://ubuntu.com/security/CVE-2025-21753\n - btrfs: fix use-after-free when attempting to join an aborted transaction\n * CVE-url: https://ubuntu.com/security/CVE-2025-21934\n - rapidio: fix an API misues when rio_add_net() fails", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu18.04els/advisories/2025/clsa-2025_1749548422.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1749548422", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1749548422" } ], "tracking": { "current_release_date": "2025-06-10T09:45:36Z", "generator": { "date": "2025-06-10T09:45:36Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1749548422", "initial_release_date": "2025-06-10T09:45:36Z", "revision_history": [ { "date": "2025-06-10T09:45:36Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "Fix of 14 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 18.04", "product": { "name": "Ubuntu 18.04", "product_id": "Ubuntu-18", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "product": { "name": "linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "product_id": "linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency@4.15.0-248.259?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "product": { "name": "linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "product_id": "linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency@4.15.0-248.259?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product": { "name": "linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_id": "linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-modules-extra-4.15.0-248-tuxcare.els36-generic@4.15.0-248.259?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product": { "name": "linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_id": "linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-modules-4.15.0-248-tuxcare.els36-generic@4.15.0-248.259?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product": { "name": "linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_id": "linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-headers-4.15.0-248-tuxcare.els36-generic@4.15.0-248.259?arch=amd64" } } }, { "category": "product_version", "name": "linux-libc-dev-0:4.15.0-248.259.amd64", "product": { "name": "linux-libc-dev-0:4.15.0-248.259.amd64", "product_id": "linux-libc-dev-0:4.15.0-248.259.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-libc-dev@4.15.0-248.259?arch=amd64" } } }, { "category": "product_version", "name": "linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product": { "name": "linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_id": "linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-buildinfo-4.15.0-248-tuxcare.els36-generic@4.15.0-248.259?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "product": { "name": "linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "product_id": "linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-headers-4.15.0-248-tuxcare.els36@4.15.0-248.259?arch=all" } } }, { "category": "product_version", "name": "linux-tools-host-0:4.15.0-248.259.all", "product": { "name": "linux-tools-host-0:4.15.0-248.259.all", "product_id": "linux-tools-host-0:4.15.0-248.259.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-host@4.15.0-248.259?arch=all" } } }, { "category": "product_version", "name": "linux-doc-0:4.15.0-248.259.all", "product": { "name": "linux-doc-0:4.15.0-248.259.all", "product_id": "linux-doc-0:4.15.0-248.259.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-doc@4.15.0-248.259?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64" }, "product_reference": "linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64" }, "product_reference": "linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all" }, "product_reference": "linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" }, "product_reference": "linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-host-0:4.15.0-248.259.all as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all" }, "product_reference": "linux-tools-host-0:4.15.0-248.259.all", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-doc-0:4.15.0-248.259.all as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-doc-0:4.15.0-248.259.all" }, "product_reference": "linux-doc-0:4.15.0-248.259.all", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" }, "product_reference": "linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" }, "product_reference": "linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-libc-dev-0:4.15.0-248.259.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64" }, "product_reference": "linux-libc-dev-0:4.15.0-248.259.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" }, "product_reference": "linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "relates_to_product_reference": "Ubuntu-18" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-49541", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix potential double free during failed mount\n\nRHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49541" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8378a51e3f8140f60901fb27208cc7a6e47047b5", "url": "https://git.kernel.org/stable/c/8378a51e3f8140f60901fb27208cc7a6e47047b5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9a167fc440e5693c1cdd7f07071e05658bd9d89d", "url": "https://git.kernel.org/stable/c/9a167fc440e5693c1cdd7f07071e05658bd9d89d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ce0008a0e410cdd95f0d8cd81b2902ec10a660c4", "url": "https://git.kernel.org/stable/c/ce0008a0e410cdd95f0d8cd81b2902ec10a660c4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ee71f8f1cd3c8c4a251fd3e8abc89215ae3457cb", "url": "https://git.kernel.org/stable/c/ee71f8f1cd3c8c4a251fd3e8abc89215ae3457cb" } ], "release_date": "2025-02-26T07:01:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2021-47211", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix null pointer dereference on pointer cs_desc\n\nThe pointer cs_desc return from snd_usb_find_clock_source could\nbe null, so there is a potential null pointer dereference issue.\nFix this by adding a null check before dereference.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47211" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/58fa50de595f152900594c28ec9915c169643739", "url": "https://git.kernel.org/stable/c/58fa50de595f152900594c28ec9915c169643739" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b97053df0f04747c3c1e021ecbe99db675342954", "url": "https://git.kernel.org/stable/c/b97053df0f04747c3c1e021ecbe99db675342954" } ], "release_date": "2024-04-10T19:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-58083", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nKVM: Explicitly verify target vCPU is online in kvm_get_vcpu()\nExplicitly verify the target vCPU is fully online _prior_ to clamping the\nindex in kvm_get_vcpu(). If the index is \"bad\", the nospec clamping will\ngenerate '0', i.e. KVM will return vCPU0 instead of NULL.\nIn practice, the bug is unlikely to cause problems, as it will only come\ninto play if userspace or the guest is buggy or misbehaving, e.g. KVM may\nsend interrupts to vCPU0 instead of dropping them on the floor.\nHowever, returning vCPU0 when it shouldn't exist per online_vcpus is\nproblematic now that KVM uses an xarray for the vCPUs array, as KVM needs\nto insert into the xarray before publishing the vCPU to userspace (see\ncommit c5b077549136 (\"KVM: Convert the kvm->vcpus array to a xarray\")),\ni.e. before vCPU creation is guaranteed to succeed.\nAs a result, incorrectly providing access to vCPU0 will trigger a\nuse-after-free if vCPU0 is dereferenced and kvm_vm_ioctl_create_vcpu()\nbails out of vCPU creation due to an error and frees vCPU0. Commit\nafb2acb2e3a3 (\"KVM: Fix vcpu_array[0] races\") papered over that issue, but\nin doing so introduced an unsolvable teardown conundrum. Preventing\naccesses to vCPU0 before it's fully online will allow reverting commit\nafb2acb2e3a3, without re-introducing the vcpu_array[0] UAF race.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-58083" } ], "release_date": "2025-03-06T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-21993", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\niscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()\n\nWhen performing an iSCSI boot using IPv6, iscsistart still reads the\n/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix\nlength is 64, this causes the shift exponent to become negative,\ntriggering a UBSAN warning. As the concept of a subnet mask does not\napply to IPv6, the value is set to ~0 to suppress the warning message.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21993" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/07e0d99a2f701123ad3104c0f1a1e66bce74d6e5", "url": "https://git.kernel.org/stable/c/07e0d99a2f701123ad3104c0f1a1e66bce74d6e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2d1eef248107bdf3d5a69d0fde04c30a79a7bf5d", "url": "https://git.kernel.org/stable/c/2d1eef248107bdf3d5a69d0fde04c30a79a7bf5d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9bfa80c8aa4e06dff55a953c3fffbfc68a3a3b1c", "url": "https://git.kernel.org/stable/c/9bfa80c8aa4e06dff55a953c3fffbfc68a3a3b1c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a858cd58dea06cf85b142673deea8c5d87f11e70", "url": "https://git.kernel.org/stable/c/a858cd58dea06cf85b142673deea8c5d87f11e70" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b253660fac5e0e9080d2c95e3a029e1898d49afb", "url": "https://git.kernel.org/stable/c/b253660fac5e0e9080d2c95e3a029e1898d49afb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b388e185bfad32bfed6a97a6817f74ca00a4318f", "url": "https://git.kernel.org/stable/c/b388e185bfad32bfed6a97a6817f74ca00a4318f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c1c6e527470e5eab0b2d57bd073530fbace39eab", "url": "https://git.kernel.org/stable/c/c1c6e527470e5eab0b2d57bd073530fbace39eab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f763c82db8166e28f45b7cc4a5398a7859665940", "url": "https://git.kernel.org/stable/c/f763c82db8166e28f45b7cc4a5398a7859665940" } ], "release_date": "2025-04-02T13:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21653", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute\nsyzbot found that TCA_FLOW_RSHIFT attribute was not validated.\nRight shitfing a 32bit integer is undefined for large shift values.\nUBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23\nshift exponent 9445 is too large for 32-bit type 'u32' (aka 'unsigned int')\nCPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: ipv6_addrconf addrconf_dad_work\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\nubsan_epilogue lib/ubsan.c:231 [inline]\n__ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468\nflow_classify+0x24d5/0x25b0 net/sched/cls_flow.c:329\ntc_classify include/net/tc_wrapper.h:197 [inline]\n__tcf_classify net/sched/cls_api.c:1771 [inline]\ntcf_classify+0x420/0x1160 net/sched/cls_api.c:1867\nsfb_classify net/sched/sch_sfb.c:260 [inline]\nsfb_enqueue+0x3ad/0x18b0 net/sched/sch_sfb.c:318\ndev_qdisc_enqueue+0x4b/0x290 net/core/dev.c:3793\n__dev_xmit_skb net/core/dev.c:3889 [inline]\n__dev_queue_xmit+0xf0e/0x3f50 net/core/dev.c:4400\ndev_queue_xmit include/linux/netdevice.h:3168 [inline]\nneigh_hh_output include/net/neighbour.h:523 [inline]\nneigh_output include/net/neighbour.h:537 [inline]\nip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236\niptunnel_xmit+0x55d/0x9b0 net/ipv4/ip_tunnel_core.c:82\nudp_tunnel_xmit_skb+0x262/0x3b0 net/ipv4/udp_tunnel_core.c:173\ngeneve_xmit_skb drivers/net/geneve.c:916 [inline]\ngeneve_xmit+0x21dc/0x2d00 drivers/net/geneve.c:1039\n__netdev_start_xmit include/linux/netdevice.h:5002 [inline]\nnetdev_start_xmit include/linux/netdevice.h:5011 [inline]\nxmit_one net/core/dev.c:3590 [inline]\ndev_hard_start_xmit+0x27a/0x7d0 net/core/dev.c:3606\n__dev_queue_xmit+0x1b73/0x3f50 net/core/dev.c:4434", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21653" } ], "release_date": "2025-01-19T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-57979", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\npps: Fix a use-after-free\nOn a board running ntpd and gpsd, I'm seeing a consistent use-after-free\nin sys_exit() from gpsd when rebooting:\npps pps1: removed\n------------[ cut here ]------------\nkobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called.\nWARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150\nCPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1\nHardware name: Raspberry Pi 4 Model B Rev 1.1 (DT)\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : kobject_put+0x120/0x150\nlr : kobject_put+0x120/0x150\nsp : ffffffc0803d3ae0\nx29: ffffffc0803d3ae0 x28: ffffff8042dc9738 x27: 0000000000000001\nx26: 0000000000000000 x25: ffffff8042dc9040 x24: ffffff8042dc9440\nx23: ffffff80402a4620 x22: ffffff8042ef4bd0 x21: ffffff80405cb600\nx20: 000000000008001b x19: ffffff8040b3b6e0 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 696e6920746f6e20\nx14: 7369203a29343263 x13: 205d303434542020 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\nCall trace:\nkobject_put+0x120/0x150\ncdev_put+0x20/0x3c\n__fput+0x2c4/0x2d8\n____fput+0x1c/0x38\ntask_work_run+0x70/0xfc\ndo_exit+0x2a0/0x924\ndo_group_exit+0x34/0x90\nget_signal+0x7fc/0x8c0\ndo_signal+0x128/0x13b4\ndo_notify_resume+0xdc/0x160\nel0_svc+0xd4/0xf8\nel0t_64_sync_handler+0x140/0x14c\nel0t_64_sync+0x190/0x194\n---[ end trace 0000000000000000 ]---\n...followed by more symptoms of corruption, with similar stacks:\nrefcount_t: underflow; use-after-free.\nkernel BUG at lib/list_debug.c:62!\nKernel panic - not syncing: Oops - BUG: Fatal exception\nThis happens because pps_device_destruct() frees the pps_device with the\nembedded cdev immediately after calling cdev_del(), but, as the comment\nabove cdev_del() notes, fops for previously opened cdevs are still\ncallable even after cdev_del() returns. I think this bug has always\nbeen there: I can't explain why it suddenly started happening every time\nI reboot this particular board.\nIn commit d953e0e837e6 (\"pps: Fix a use-after free bug when\nunregistering a source.\"), George Spelvin suggested removing the\nembedded cdev. That seems like the simplest way to fix this, so I've\nimplemented his suggestion, using __register_chrdev() with pps_idr\nbecoming the source of truth for which minor corresponds to which\ndevice.\nBut now that pps_idr defines userspace visibility instead of cdev_add(),\nwe need to be sure the pps->dev refcount can't reach zero while\nuserspace can still find it again. So, the idr_remove() call moves to\npps_unregister_cdev(), and pps_idr now holds a reference to pps->dev.\npps_core: source serial1 got cdev (251:1)\n<...>\npps pps1: removed\npps_core: unregistering pps1\npps_core: deallocating pps1", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-57979" } ], "release_date": "2025-02-27T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-21753", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nbtrfs: fix use-after-free when attempting to join an aborted transaction\nWhen we are trying to join the current transaction and if it's aborted,\nwe read its 'aborted' field after unlocking fs_info->trans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its 'aborted' field, leading to a use-after-free.\nFix this by reading the 'aborted' field while holding fs_info->trans_lock\nsince any freeing task must first acquire that lock and set\nfs_info->running_transaction to NULL before freeing the transaction.\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n==================================================================\nBUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\nRead of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\nCPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: events_unbound btrfs_async_reclaim_data_space\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:378 [inline]\nprint_report+0x169/0x550 mm/kasan/report.c:489\nkasan_report+0x143/0x180 mm/kasan/report.c:602\njoin_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\nstart_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\nflush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\nbtrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\nprocess_one_work kernel/workqueue.c:3236 [inline]\nprocess_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\nworker_thread+0x870/0xd30 kernel/workqueue.c:3398\nkthread+0x2f0/0x390 kernel/kthread.c:389\nret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\nret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nAllocated by task 5315:\nkasan_save_stack mm/kasan/common.c:47 [inline]\nkasan_save_track+0x3f/0x80 mm/kasan/common.c:68\npoison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\nkasan_kmalloc include/linux/kasan.h:260 [inline]\n__kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\nkmalloc_noprof include/linux/slab.h:901 [inline]\njoin_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\nstart_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\nbtrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\nlookup_open fs/namei.c:3649 [inline]\nopen_last_lookups fs/namei.c:3748 [inline]\npath_openat+0x1c03/0x3590 fs/namei.c:3984\ndo_filp_open+0x27f/0x4e0 fs/namei.c:4014\ndo_sys_openat2+0x13e/0x1d0 fs/open.c:1402\ndo_sys_open fs/open.c:1417 [inline]\n__do_sys_creat fs/open.c:1495 [inline]\n__se_sys_creat fs/open.c:1489 [inline]\n__x64_sys_creat+0x123/0x170 fs/open.c:1489\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nFreed by task 5336:\nkasan_save_stack mm/kasan/common.c:47 [inline]\nkasan_save_track+0x3f/0x80 mm/kasan/common.c:68\nkasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\npoison_slab_object mm/kasan/common.c:247 [inline]\n__kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\nkasan_slab_free include/linux/kasan.h:233 [inline]\nslab_free_hook mm/slub.c:2353 [inline]\nslab_free mm/slub.c:4613 [inline]\nkfree+0x196/0x430 mm/slub.c:4761\ncleanup_transaction fs/btrfs/transaction.c:2063 [inline]\nbtrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\ninsert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\nbtrfs_balance+0x992/\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21753" } ], "release_date": "2025-02-27T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-35937", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: check A-MSDU format more carefully\n\nIf it looks like there's another subframe in the A-MSDU\nbut the header isn't fully there, we can end up reading\ndata out of bounds, only to discard later. Make this a\nbit more careful and check if the subframe header can\neven be present.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-35937" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544", "url": "https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9", "url": "https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc", "url": "https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e", "url": "https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e" } ], "release_date": "2024-05-19T11:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21898", "cwe": { "id": "CWE-369", "name": "Divide By Zero" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Avoid potential division by zero in function_stat_show()\n\nCheck whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64}\nproduce zero and skip stddev computation in that case.\n\nFor now don't care about rec->counter * rec->counter overflow because\nrec->time * rec->time overflow will likely happen earlier.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21898" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3d738b53ed6cddb68e68c9874520a4bf846163b5", "url": "https://git.kernel.org/stable/c/3d738b53ed6cddb68e68c9874520a4bf846163b5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5b3d32f607f0478b414b16516cf27f9170cf66c8", "url": "https://git.kernel.org/stable/c/5b3d32f607f0478b414b16516cf27f9170cf66c8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/746cc474a95473591853927b3a9792a2d671155b", "url": "https://git.kernel.org/stable/c/746cc474a95473591853927b3a9792a2d671155b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/992775227843c9376773784b8b362add44592ad7", "url": "https://git.kernel.org/stable/c/992775227843c9376773784b8b362add44592ad7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6", "url": "https://git.kernel.org/stable/c/9cdac46fa7e854e587eb5f393fe491b6d7a9bdf6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a1a7eb89ca0b89dc1c326eeee2596f263291aca3", "url": "https://git.kernel.org/stable/c/a1a7eb89ca0b89dc1c326eeee2596f263291aca3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ca381f60a3bb7cfaa618d73ca411610bd7fc3149", "url": "https://git.kernel.org/stable/c/ca381f60a3bb7cfaa618d73ca411610bd7fc3149" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3", "url": "https://git.kernel.org/stable/c/f58a3f8e284d0bdf94164a8e61cd4e70d337a1a3" } ], "release_date": "2025-04-01T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-21772", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\npartitions: mac: fix handling of bogus partition table\nFix several issues in partition probing:\n- The bailout for a bad partoffset must use put_dev_sector(), since the\npreceding read_part_sector() succeeded.\n- If the partition table claims a silly sector size like 0xfff bytes\n(which results in partition table entries straddling sector boundaries),\nbail out instead of accessing out-of-bounds memory.\n- We must not assume that the partition table contains proper NUL\ntermination - use strnlen() and strncmp() instead of strlen() and\nstrcmp().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21772" } ], "release_date": "2025-02-27T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }