{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* Focal update: v5.4.292 upstream stable release (LP: #2109357) // CVE-url:\n https://ubuntu.com/security/CVE-2025-37937\n - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()\n * Focal update: v5.4.287 upstream stable release (LP: #2095145) // CVE-url:\n https://ubuntu.com/security/CVE-2024-53197\n - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox\n devices\n * CVE-url: https://ubuntu.com/security/CVE-2024-46787\n - userfaultfd: fix checks for huge PMDs\n * CVE-url: https://ubuntu.com/security/CVE-2025-37798\n - sch_drr: make drr_qlen_notify() idempotent\n - sch_hfsc: make hfsc_qlen_notify() idempotent\n - sch_qfq: make qfq_qlen_notify() idempotent\n - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()\n * Focal update: v5.4.285 upstream stable release (LP: #2089233) //\n CVE-2024-50116 // CVE-url: https://ubuntu.com/security/CVE-2024-50116\n - nilfs2: fix kernel bug due to missing clearing of buffer delay flag\n * Focal update: v5.4.285 upstream stable release (LP: #2089233) //\n CVE-2024-49958 // CVE-url: https://ubuntu.com/security/CVE-2024-49958\n - ocfs2: reserve space for inline xattr before attaching reflink tree\n * Focal update: v5.4.286 upstream stable release (LP: #2089558) // CVE-url:\n https://ubuntu.com/security/CVE-2021-47195\n - spi: fix use-after-free of the add_lock mutex\n * CVE-url: https://ubuntu.com/security/CVE-2021-47469\n - spi: Fix deadlock when adding SPI controllers on SPI buses\n * CVE-url: https://ubuntu.com/security/CVE-2025-39735\n - jfs: fix slab-out-of-bounds read in ea_get()\n * CVE-url: https://ubuntu.com/security/CVE-2025-22020\n - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove\n * CVE-url: https://ubuntu.com/security/CVE-2025-22004\n - net: atm: fix use after free in lec_send()\n * CVE-url: https://ubuntu.com/security/CVE-2025-39688\n - nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()\n * CVE-url: https://ubuntu.com/security/CVE-2022-49892\n - ftrace: Fix use-after-free for dynamic ftrace_ops\n * CVE-url: https://ubuntu.com/security/CVE-2021-47293\n - net/sched: act_skbmod: Skip non-Ethernet packets\n * CVE-url: https://ubuntu.com/security/CVE-2024-50106\n - nfsd: simplify nfs4_put_deleg_lease calls\n - nfsd: factor out common delegation-destruction code\n - nfsd: Fix race to FREE_STATEID and cl_revoked\n - nfsd: don't call functions with side-effecting inside WARN_ON()\n - nfsd: remove fault injection code\n - nfsd: avoid race after unhash_delegation_locked()\n - nfsd4: don't set lock stateid's sc_type to CLOSED\n - nfsd: split sc_status out of sc_type\n - nfsd: fix race between laundromat and free_stateid\n * CVE-url: https://ubuntu.com/security/CVE-2024-57982\n - xfrm: state: fix out-of-bounds read during lookup\n * CVE-url: https://ubuntu.com/security/CVE-2023-52588\n - f2fs: fix to tag gcing flag on page during block migration\n * Miscellaneous Ubuntu changes\n - [Config] updateconfigs for NFSD_FAULT_INJECTION", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu18.04els/advisories/2025/clsa-2025_1753083608.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753083608", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753083608" } ], "tracking": { "current_release_date": "2025-07-21T07:41:56Z", "generator": { "date": "2025-07-21T07:41:56Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1753083608", "initial_release_date": "2025-07-21T07:41:56Z", "revision_history": [ { "date": "2025-07-21T07:41:56Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "Fix of 17 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 18.04", "product": { "name": "Ubuntu 18.04", "product_id": "Ubuntu-18", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "product": { "name": "linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "product_id": "linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-image-unsigned-4.15.0-249-tuxcare.els37-generic@4.15.0-249.260?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "product": { "name": "linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "product_id": "linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-modules-extra-4.15.0-249-tuxcare.els37-generic@4.15.0-249.260?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "product": { "name": "linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "product_id": "linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-modules-4.15.0-249-tuxcare.els37-lowlatency@4.15.0-249.260?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "product": { "name": "linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "product_id": "linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency@4.15.0-249.260?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "product": { "name": "linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "product_id": "linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-headers-4.15.0-249-tuxcare.els37-generic@4.15.0-249.260?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "product": { "name": "linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "product_id": "linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-4.15.0-249-tuxcare.els37-lowlatency@4.15.0-249.260?arch=amd64" } } }, { "category": "product_version", "name": "linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "product": { "name": "linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "product_id": "linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-buildinfo-4.15.0-249-tuxcare.els37-generic@4.15.0-249.260?arch=amd64" } } }, { "category": "product_version", "name": "linux-libc-dev-0:4.15.0-249.260.amd64", "product": { "name": "linux-libc-dev-0:4.15.0-249.260.amd64", "product_id": "linux-libc-dev-0:4.15.0-249.260.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-libc-dev@4.15.0-249.260?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "linux-tools-host-0:4.15.0-249.260.all", "product": { "name": "linux-tools-host-0:4.15.0-249.260.all", "product_id": "linux-tools-host-0:4.15.0-249.260.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-host@4.15.0-249.260?arch=all" } } }, { "category": "product_version", "name": "linux-doc-0:4.15.0-249.260.all", "product": { "name": "linux-doc-0:4.15.0-249.260.all", "product_id": "linux-doc-0:4.15.0-249.260.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-doc@4.15.0-249.260?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64" }, "product_reference": "linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64" }, "product_reference": "linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64" }, "product_reference": "linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64" }, "product_reference": "linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64" }, "product_reference": "linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-host-0:4.15.0-249.260.all as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all" }, "product_reference": "linux-tools-host-0:4.15.0-249.260.all", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-doc-0:4.15.0-249.260.all as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-doc-0:4.15.0-249.260.all" }, "product_reference": "linux-doc-0:4.15.0-249.260.all", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64" }, "product_reference": "linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64" }, "product_reference": "linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-libc-dev-0:4.15.0-249.260.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" }, "product_reference": "linux-libc-dev-0:4.15.0-249.260.amd64", "relates_to_product_reference": "Ubuntu-18" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-37937", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nobjtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()\nIf dib8000_set_dds()'s call to dib8000_read32() returns zero, the result\nis a divide-by-zero. Prevent that from happening.\nFixes the following warning with an UBSAN kernel:\ndrivers/media/dvb-frontends/dib8000.o: warning: objtool: dib8000_tune() falls through to next function dib8096p_cfg_DibRx()", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37937" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-22020", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\nRead of size 8 at addr ffff888136335380 by task kworker/6:0/140241\n\nCPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G E 6.14.0-rc6+ #1\nTainted: [E]=UNSIGNED_MODULE\nHardware name: LENOVO 30FNA1V7CW/1057, BIOS S0EKT54A 07/01/2024\nWorkqueue: events rtsx_usb_ms_poll_card [rtsx_usb_ms]\nCall Trace:\n \n dump_stack_lvl+0x51/0x70\n print_address_description.constprop.0+0x27/0x320\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n print_report+0x3e/0x70\n kasan_report+0xab/0xe0\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n ? __pfx_rtsx_usb_ms_poll_card+0x10/0x10 [rtsx_usb_ms]\n ? __pfx___schedule+0x10/0x10\n ? kick_pool+0x3b/0x270\n process_one_work+0x357/0x660\n worker_thread+0x390/0x4c0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x190/0x1d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n\nAllocated by task 161446:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0x7b/0x90\n __kmalloc_noprof+0x1a7/0x470\n memstick_alloc_host+0x1f/0xe0 [memstick]\n rtsx_usb_ms_drv_probe+0x47/0x320 [rtsx_usb_ms]\n platform_probe+0x60/0xe0\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n bus_probe_device+0xbd/0xd0\n device_add+0x4a5/0x760\n platform_device_add+0x189/0x370\n mfd_add_device+0x587/0x5e0\n mfd_add_devices+0xb1/0x130\n rtsx_usb_probe+0x28e/0x2e0 [rtsx_usb]\n usb_probe_interface+0x15c/0x460\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n rebind_marked_interfaces.isra.0+0xcc/0x110\n usb_reset_device+0x352/0x410\n usbdev_do_ioctl+0xe5c/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 161506:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x36/0x60\n __kasan_slab_free+0x34/0x50\n kfree+0x1fd/0x3b0\n device_release+0x56/0xf0\n kobject_cleanup+0x73/0x1c0\n rtsx_usb_ms_drv_remove+0x13d/0x220 [rtsx_usb_ms]\n platform_remove+0x2f/0x50\n device_release_driver_internal+0x24b/0x2e0\n bus_remove_device+0x124/0x1d0\n device_del+0x239/0x530\n platform_device_del.part.0+0x19/0xe0\n platform_device_unregister+0x1c/0x40\n mfd_remove_devices_fn+0x167/0x170\n device_for_each_child_reverse+0xc9/0x130\n mfd_remove_devices+0x6e/0xa0\n rtsx_usb_disconnect+0x2e/0xd0 [rtsx_usb]\n usb_unbind_interface+0xf3/0x3f0\n device_release_driver_internal+0x24b/0x2e0\n proc_disconnect_claim+0x13d/0x220\n usbdev_do_ioctl+0xb5e/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x360\n __irq_exit_rcu+0x114/0x130\n sysvec_apic_timer_interrupt+0x72/0x90\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22020" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0067cb7d7e7c277e91a0887a3c24e71462379469", "url": "https://git.kernel.org/stable/c/0067cb7d7e7c277e91a0887a3c24e71462379469" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/31f0eaed6914333f42501fc7e0f6830879f5ef2d", "url": "https://git.kernel.org/stable/c/31f0eaed6914333f42501fc7e0f6830879f5ef2d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4676741a3464b300b486e70585c3c9b692be1632", "url": "https://git.kernel.org/stable/c/4676741a3464b300b486e70585c3c9b692be1632" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/52d942a5302eefb3b7a3bfee310a5a33feeedc21", "url": "https://git.kernel.org/stable/c/52d942a5302eefb3b7a3bfee310a5a33feeedc21" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6186fb2cd36317277a8423687982140a7f3f7841", "url": "https://git.kernel.org/stable/c/6186fb2cd36317277a8423687982140a7f3f7841" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/75123adf204f997e11bbddee48408c284f51c050", "url": "https://git.kernel.org/stable/c/75123adf204f997e11bbddee48408c284f51c050" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/914c5e5bfceb9878f3056eaf4d1c88f2cbe0a185", "url": "https://git.kernel.org/stable/c/914c5e5bfceb9878f3056eaf4d1c88f2cbe0a185" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9dfaf4d723c62bda8d9d1340e2e78acf0c190439", "url": "https://git.kernel.org/stable/c/9dfaf4d723c62bda8d9d1340e2e78acf0c190439" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b094e8e3988e02e8cef7a756c8d2cea9c12509ab", "url": "https://git.kernel.org/stable/c/b094e8e3988e02e8cef7a756c8d2cea9c12509ab" } ], "release_date": "2025-04-16T11:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-57982", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: state: fix out-of-bounds read during lookup\n\nlookup and resize can run in parallel.\n\nThe xfrm_state_hash_generation seqlock ensures a retry, but the hash\nfunctions can observe a hmask value that is too large for the new hlist\narray.\n\nrehash does:\n rcu_assign_pointer(net->xfrm.state_bydst, ndst) [..]\n net->xfrm.state_hmask = nhashmask;\n\nWhile state lookup does:\n h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family);\n hlist_for_each_entry_rcu(x, net->xfrm.state_bydst + h, bydst) {\n\nThis is only safe in case the update to state_bydst is larger than\nnet->xfrm.xfrm_state_hmask (or if the lookup function gets\nserialized via state spinlock again).\n\nFix this by prefetching state_hmask and the associated pointers.\nThe xfrm_state_hash_generation seqlock retry will ensure that the pointer\nand the hmask will be consistent.\n\nThe existing helpers, like xfrm_dst_hash(), are now unsafe for RCU side,\nadd lockdep assertions to document that they are only safe for insert\nside.\n\nxfrm_state_lookup_byaddr() uses the spinlock rather than RCU.\nAFAICS this is an oversight from back when state lookup was converted to\nRCU, this lock should be replaced with RCU in a future patch.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-57982" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a16871c7832ea6435abb6e0b58289ae7dcb7e4fc", "url": "https://git.kernel.org/stable/c/a16871c7832ea6435abb6e0b58289ae7dcb7e4fc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dd4c2a174994238d55ab54da2545543d36f4e0d0", "url": "https://git.kernel.org/stable/c/dd4c2a174994238d55ab54da2545543d36f4e0d0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e952837f3ddb0ff726d5b582aa1aad9aa38d024d", "url": "https://git.kernel.org/stable/c/e952837f3ddb0ff726d5b582aa1aad9aa38d024d" } ], "release_date": "2025-02-27T02:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-53197", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices\nA bogus device can provide a bNumConfigurations value that exceeds the\ninitial value used in usb_get_configuration for allocating dev->config.\nThis can lead to out-of-bounds accesses later, e.g. in\nusb_destroy_configuration.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-53197" } ], "release_date": "2024-12-27T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2021-47469", "cwe": { "id": "CWE-833", "name": "Deadlock" }, "notes": [ { "category": "description", "text": "[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved:\nspi: Fix deadlock when adding SPI controllers on SPI buses\nThe Linux kernel CVE team has assigned CVE-2021-47469 to this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47469" } ], "release_date": "2024-05-22T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-49958", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: reserve space for inline xattr before attaching reflink tree\n\nOne of our customers reported a crash and a corrupted ocfs2 filesystem. \nThe crash was due to the detection of corruption. Upon troubleshooting,\nthe fsck -fn output showed the below corruption\n\n[EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record,\nbut fsck believes the largest valid value is 227. Clamp the next record value? n\n\nThe stat output from the debugfs.ocfs2 showed the following corruption\nwhere the \"Next Free Rec:\" had overshot the \"Count:\" in the root metadata\nblock.\n\n Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856)\n FS Generation: 904309833 (0x35e6ac49)\n CRC32: 00000000 ECC: 0000\n Type: Regular Attr: 0x0 Flags: Valid\n Dynamic Features: (0x16) HasXattr InlineXattr Refcounted\n Extended Attributes Block: 0 Extended Attributes Inline Size: 256\n User: 0 (root) Group: 0 (root) Size: 281320357888\n Links: 1 Clusters: 141738\n ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024\n atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024\n mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024\n dtime: 0x0 -- Wed Dec 31 17:00:00 1969\n Refcount Block: 2777346\n Last Extblk: 2886943 Orphan Slot: 0\n Sub Alloc Slot: 0 Sub Alloc Bit: 14\n Tree Depth: 1 Count: 227 Next Free Rec: 230\n ## Offset Clusters Block#\n 0 0 2310 2776351\n 1 2310 2139 2777375\n 2 4449 1221 2778399\n 3 5670 731 2779423\n 4 6401 566 2780447\n ....... .... .......\n ....... .... .......\n\nThe issue was in the reflink workfow while reserving space for inline\nxattr. The problematic function is ocfs2_reflink_xattr_inline(). By the\ntime this function is called the reflink tree is already recreated at the\ndestination inode from the source inode. At this point, this function\nreserves space for inline xattrs at the destination inode without even\nchecking if there is space at the root metadata block. It simply reduces\nthe l_count from 243 to 227 thereby making space of 256 bytes for inline\nxattr whereas the inode already has extents beyond this index (in this\ncase up to 230), thereby causing corruption.\n\nThe fix for this is to reserve space for inline metadata at the destination\ninode before the reflink tree gets recreated. The customer has verified the\nfix.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-49958" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/020f5c53c17f66c0a8f2d37dad27ace301b8d8a1", "url": "https://git.kernel.org/stable/c/020f5c53c17f66c0a8f2d37dad27ace301b8d8a1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5c2072f02c0d75802ec28ec703b7d43a0dd008b5", "url": "https://git.kernel.org/stable/c/5c2072f02c0d75802ec28ec703b7d43a0dd008b5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5c9807c523b4fca81d3e8e864dabc8c806402121", "url": "https://git.kernel.org/stable/c/5c9807c523b4fca81d3e8e864dabc8c806402121" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5ca60b86f57a4d9648f68418a725b3a7de2816b0", "url": "https://git.kernel.org/stable/c/5ca60b86f57a4d9648f68418a725b3a7de2816b0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/637c00e06564a945e9d0edb3d78d362d64935f9f", "url": "https://git.kernel.org/stable/c/637c00e06564a945e9d0edb3d78d362d64935f9f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/74364cb578dcc0b6c9109519d19cbe5a56afac9a", "url": "https://git.kernel.org/stable/c/74364cb578dcc0b6c9109519d19cbe5a56afac9a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/96ce4c3537114d1698be635f5e36c62dc49df7a4", "url": "https://git.kernel.org/stable/c/96ce4c3537114d1698be635f5e36c62dc49df7a4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9f9a8f3ac65b4147f1a7b6c05fad5192c0e3c3d9", "url": "https://git.kernel.org/stable/c/9f9a8f3ac65b4147f1a7b6c05fad5192c0e3c3d9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/aac31d654a0a31cb0d2fa36ae694f4e164a52707", "url": "https://git.kernel.org/stable/c/aac31d654a0a31cb0d2fa36ae694f4e164a52707" } ], "release_date": "2024-10-21T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22004", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: atm: fix use after free in lec_send()\nThe ->send() operation frees skb so save the length before calling\n->send() to avoid a use after free.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22004" } ], "release_date": "2025-04-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-39735", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix slab-out-of-bounds read in ea_get()\n\nDuring the \"size_check\" label in ea_get(), the code checks if the extended\nattribute list (xattr) size matches ea_size. If not, it logs\n\"ea_get: invalid extended attribute\" and calls print_hex_dump().\n\nHere, EALIST_SIZE(ea_buf->xattr) returns 4110417968, which exceeds\nINT_MAX (2,147,483,647). Then ea_size is clamped:\n\n\tint size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr));\n\nAlthough clamp_t aims to bound ea_size between 0 and 4110417968, the upper\nlimit is treated as an int, causing an overflow above 2^31 - 1. This leads\n\"size\" to wrap around and become negative (-184549328).\n\nThe \"size\" is then passed to print_hex_dump() (called \"len\" in\nprint_hex_dump()), it is passed as type size_t (an unsigned\ntype), this is then stored inside a variable called\n\"int remaining\", which is then assigned to \"int linelen\" which\nis then passed to hex_dump_to_buffer(). In print_hex_dump()\nthe for loop, iterates through 0 to len-1, where len is\n18446744073525002176, calling hex_dump_to_buffer()\non each iteration:\n\n\tfor (i = 0; i < len; i += rowsize) {\n\t\tlinelen = min(remaining, rowsize);\n\t\tremaining -= rowsize;\n\n\t\thex_dump_to_buffer(ptr + i, linelen, rowsize, groupsize,\n\t\t\t\t linebuf, sizeof(linebuf), ascii);\n\n\t\t...\n\t}\n\nThe expected stopping condition (i < len) is effectively broken\nsince len is corrupted and very large. This eventually leads to\nthe \"ptr+i\" being passed to hex_dump_to_buffer() to get closer\nto the end of the actual bounds of \"ptr\", eventually an out of\nbounds access is done in hex_dump_to_buffer() in the following\nfor loop:\n\n\tfor (j = 0; j < len; j++) {\n\t\t\tif (linebuflen < lx + 2)\n\t\t\t\tgoto overflow2;\n\t\t\tch = ptr[j];\n\t\t...\n\t}\n\nTo fix this we should validate \"EALIST_SIZE(ea_buf->xattr)\"\nbefore it is utilised.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39735" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0beddc2a3f9b9cf7d8887973041e36c2d0fa3652", "url": "https://git.kernel.org/stable/c/0beddc2a3f9b9cf7d8887973041e36c2d0fa3652" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/16d3d36436492aa248b2d8045e75585ebcc2f34d", "url": "https://git.kernel.org/stable/c/16d3d36436492aa248b2d8045e75585ebcc2f34d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3d6fd5b9c6acbc005e53d0211c7381f566babec1", "url": "https://git.kernel.org/stable/c/3d6fd5b9c6acbc005e53d0211c7381f566babec1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/46e2c031aa59ea65128991cbca474bd5c0c2ecdb", "url": "https://git.kernel.org/stable/c/46e2c031aa59ea65128991cbca474bd5c0c2ecdb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/50afcee7011155933d8d5e8832f52eeee018cfd3", "url": "https://git.kernel.org/stable/c/50afcee7011155933d8d5e8832f52eeee018cfd3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5263822558a8a7c0d0248d5679c2dcf4d5cda61f", "url": "https://git.kernel.org/stable/c/5263822558a8a7c0d0248d5679c2dcf4d5cda61f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/78c9cbde8880ec02d864c166bcb4fe989ce1d95f", "url": "https://git.kernel.org/stable/c/78c9cbde8880ec02d864c166bcb4fe989ce1d95f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a8c31808925b11393a6601f534bb63bac5366bab", "url": "https://git.kernel.org/stable/c/a8c31808925b11393a6601f534bb63bac5366bab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fdf480da5837c23b146c4743c18de97202fcab37", "url": "https://git.kernel.org/stable/c/fdf480da5837c23b146c4743c18de97202fcab37" } ], "release_date": "2025-04-18T07:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-50106", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix race between laundromat and free_stateid\n\nThere is a race between laundromat handling of revoked delegations\nand a client sending free_stateid operation. Laundromat thread\nfinds that delegation has expired and needs to be revoked so it\nmarks the delegation stid revoked and it puts it on a reaper list\nbut then it unlock the state lock and the actual delegation revocation\nhappens without the lock. Once the stid is marked revoked a racing\nfree_stateid processing thread does the following (1) it calls\nlist_del_init() which removes it from the reaper list and (2) frees\nthe delegation stid structure. The laundromat thread ends up not\ncalling the revoke_delegation() function for this particular delegation\nbut that means it will no release the lock lease that exists on\nthe file.\n\nNow, a new open for this file comes in and ends up finding that\nlease list isn't empty and calls nfsd_breaker_owns_lease() which ends\nup trying to derefence a freed delegation stateid. Leading to the\nfollowint use-after-free KASAN warning:\n\nkernel: ==================================================================\nkernel: BUG: KASAN: slab-use-after-free in nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: Read of size 8 at addr ffff0000e73cd0c8 by task nfsd/6205\nkernel:\nkernel: CPU: 2 UID: 0 PID: 6205 Comm: nfsd Kdump: loaded Not tainted 6.11.0-rc7+ #9\nkernel: Hardware name: Apple Inc. Apple Virtualization Generic Platform, BIOS 2069.0.0.0.0 08/03/2024\nkernel: Call trace:\nkernel: dump_backtrace+0x98/0x120\nkernel: show_stack+0x1c/0x30\nkernel: dump_stack_lvl+0x80/0xe8\nkernel: print_address_description.constprop.0+0x84/0x390\nkernel: print_report+0xa4/0x268\nkernel: kasan_report+0xb4/0xf8\nkernel: __asan_report_load8_noabort+0x1c/0x28\nkernel: nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd]\nkernel: nfsd_file_acquire_opened+0x84/0x110 [nfsd]\nkernel: nfs4_get_vfs_file+0x634/0x958 [nfsd]\nkernel: nfsd4_process_open2+0xa40/0x1a40 [nfsd]\nkernel: nfsd4_open+0xa08/0xe80 [nfsd]\nkernel: nfsd4_proc_compound+0xb8c/0x2130 [nfsd]\nkernel: nfsd_dispatch+0x22c/0x718 [nfsd]\nkernel: svc_process_common+0x8e8/0x1960 [sunrpc]\nkernel: svc_process+0x3d4/0x7e0 [sunrpc]\nkernel: svc_handle_xprt+0x828/0xe10 [sunrpc]\nkernel: svc_recv+0x2cc/0x6a8 [sunrpc]\nkernel: nfsd+0x270/0x400 [nfsd]\nkernel: kthread+0x288/0x310\nkernel: ret_from_fork+0x10/0x20\n\nThis patch proposes a fixed that's based on adding 2 new additional\nstid's sc_status values that help coordinate between the laundromat\nand other operations (nfsd4_free_stateid() and nfsd4_delegreturn()).\n\nFirst to make sure, that once the stid is marked revoked, it is not\nremoved by the nfsd4_free_stateid(), the laundromat take a reference\non the stateid. Then, coordinating whether the stid has been put\non the cl_revoked list or we are processing FREE_STATEID and need to\nmake sure to remove it from the list, each check that state and act\naccordingly. If laundromat has added to the cl_revoke list before\nthe arrival of FREE_STATEID, then nfsd4_free_stateid() knows to remove\nit from the list. If nfsd4_free_stateid() finds that operations arrived\nbefore laundromat has placed it on cl_revoke list, it marks the state\nfreed and then laundromat will no longer add it to the list.\n\nAlso, for nfsd4_delegreturn() when looking for the specified stid,\nwe need to access stid that are marked removed or freeable, it means\nthe laundromat has started processing it but hasn't finished and this\ndelegreturn needs to return nfserr_deleg_revoked and not\nnfserr_bad_stateid. The latter will not trigger a FREE_STATEID and the\nlack of it will leave this stid on the cl_revoked list indefinitely.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50106" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a", "url": "https://git.kernel.org/stable/c/8dd91e8d31febf4d9cca3ae1bb4771d33ae7ee5a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/967faa26f313a62e7bebc55d5b8122eaee43b929", "url": "https://git.kernel.org/stable/c/967faa26f313a62e7bebc55d5b8122eaee43b929" } ], "release_date": "2024-11-05T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-50116", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of buffer delay flag\n\nSyzbot reported that after nilfs2 reads a corrupted file system image\nand degrades to read-only, the BUG_ON check for the buffer delay flag\nin submit_bh_wbc() may fail, causing a kernel bug.\n\nThis is because the buffer delay flag is not cleared when clearing the\nbuffer state flags to discard a page/folio or a buffer head. So, fix\nthis.\n\nThis became necessary when the use of nilfs2's own page clear routine\nwas expanded. This state inconsistency does not occur if the buffer\nis written normally by log writing.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50116" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/033bc52f35868c2493a2d95c56ece7fc155d7cb3", "url": "https://git.kernel.org/stable/c/033bc52f35868c2493a2d95c56ece7fc155d7cb3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/27524f65621f490184f2ace44cd8e5f3685af4a3", "url": "https://git.kernel.org/stable/c/27524f65621f490184f2ace44cd8e5f3685af4a3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/412a30b1b28d6073ba29c46a2b0f324c5936293f", "url": "https://git.kernel.org/stable/c/412a30b1b28d6073ba29c46a2b0f324c5936293f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6ed469df0bfbef3e4b44fca954a781919db9f7ab", "url": "https://git.kernel.org/stable/c/6ed469df0bfbef3e4b44fca954a781919db9f7ab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/743c78d455e784097011ea958b27396001181567", "url": "https://git.kernel.org/stable/c/743c78d455e784097011ea958b27396001181567" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/822203f6355f4b322d21e7115419f6b98284be25", "url": "https://git.kernel.org/stable/c/822203f6355f4b322d21e7115419f6b98284be25" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9f2ab98371c2f2488bf3bf3f9b2a73510545e9c1", "url": "https://git.kernel.org/stable/c/9f2ab98371c2f2488bf3bf3f9b2a73510545e9c1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c6f58ff2d4c552927fe9a187774e668ebba6c7aa", "url": "https://git.kernel.org/stable/c/c6f58ff2d4c552927fe9a187774e668ebba6c7aa" } ], "release_date": "2024-11-05T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-extra-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-modules-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-headers-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-249.260.all", "Ubuntu-18:linux-doc-0:4.15.0-249.260.all", "Ubuntu-18:linux-tools-4.15.0-249-tuxcare.els37-lowlatency-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-249-tuxcare.els37-generic-0:4.15.0-249.260.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-249.260.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] } ] }