{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu18.04els/vex/2025/cve-2025-21753-els_os-ubuntu18_04els.json" } ], "title": "Security update on CVE-2025-21753", "tracking": { "current_release_date": "2025-12-23T22:15:38Z", "generator": { "date": "2025-12-23T22:15:38Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2025-21753-ELS_OS-UBUNTU18.04ELS", "initial_release_date": "2025-02-27T00:00:00Z", "revision_history": [ { "date": "2025-02-27T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-06-10T09:45:36Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-12-23T22:15:38Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 18.04", "product": { "name": "Ubuntu 18.04", "product_id": "Ubuntu-18", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "product": { "name": "linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "product_id": "linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency@4.15.0-248.259?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "product": { "name": "linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "product_id": "linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency@4.15.0-248.259?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product": { "name": "linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_id": "linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-modules-extra-4.15.0-248-tuxcare.els36-generic@4.15.0-248.259?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product": { "name": "linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_id": "linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-modules-4.15.0-248-tuxcare.els36-generic@4.15.0-248.259?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product": { "name": "linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_id": "linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-headers-4.15.0-248-tuxcare.els36-generic@4.15.0-248.259?arch=amd64" } } }, { "category": "product_version", "name": "linux-libc-dev-0:4.15.0-248.259.amd64", "product": { "name": "linux-libc-dev-0:4.15.0-248.259.amd64", "product_id": "linux-libc-dev-0:4.15.0-248.259.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-libc-dev@4.15.0-248.259?arch=amd64" } } }, { "category": "product_version", "name": "linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product": { "name": "linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_id": "linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-buildinfo-4.15.0-248-tuxcare.els36-generic@4.15.0-248.259?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "product": { "name": "linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "product_id": "linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-headers-4.15.0-248-tuxcare.els36@4.15.0-248.259?arch=all" } } }, { "category": "product_version", "name": "linux-tools-host-0:4.15.0-248.259.all", "product": { "name": "linux-tools-host-0:4.15.0-248.259.all", "product_id": "linux-tools-host-0:4.15.0-248.259.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-tools-host@4.15.0-248.259?arch=all" } } }, { "category": "product_version", "name": "linux-doc-0:4.15.0-248.259.all", "product": { "name": "linux-doc-0:4.15.0-248.259.all", "product_id": "linux-doc-0:4.15.0-248.259.all", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/linux-doc@4.15.0-248.259?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64" }, "product_reference": "linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64" }, "product_reference": "linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all" }, "product_reference": "linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" }, "product_reference": "linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-host-0:4.15.0-248.259.all as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all" }, "product_reference": "linux-tools-host-0:4.15.0-248.259.all", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-doc-0:4.15.0-248.259.all as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-doc-0:4.15.0-248.259.all" }, "product_reference": "linux-doc-0:4.15.0-248.259.all", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" }, "product_reference": "linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" }, "product_reference": "linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-libc-dev-0:4.15.0-248.259.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64" }, "product_reference": "linux-libc-dev-0:4.15.0-248.259.amd64", "relates_to_product_reference": "Ubuntu-18" }, { "category": "default_component_of", "full_product_name": { "name": "linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64 as a component of Ubuntu 18.04", "product_id": "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" }, "product_reference": "linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "relates_to_product_reference": "Ubuntu-18" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-21753", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nbtrfs: fix use-after-free when attempting to join an aborted transaction\nWhen we are trying to join the current transaction and if it's aborted,\nwe read its 'aborted' field after unlocking fs_info->trans_lock and\nwithout holding any extra reference count on it. This means that a\nconcurrent task that is aborting the transaction may free the transaction\nbefore we read its 'aborted' field, leading to a use-after-free.\nFix this by reading the 'aborted' field while holding fs_info->trans_lock\nsince any freeing task must first acquire that lock and set\nfs_info->running_transaction to NULL before freeing the transaction.\nThis was reported by syzbot and Dmitry with the following stack traces\nfrom KASAN:\n==================================================================\nBUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\nRead of size 4 at addr ffff888011839024 by task kworker/u4:9/1128\nCPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: events_unbound btrfs_async_reclaim_data_space\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:378 [inline]\nprint_report+0x169/0x550 mm/kasan/report.c:489\nkasan_report+0x143/0x180 mm/kasan/report.c:602\njoin_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278\nstart_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\nflush_space+0x448/0xcf0 fs/btrfs/space-info.c:803\nbtrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321\nprocess_one_work kernel/workqueue.c:3236 [inline]\nprocess_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317\nworker_thread+0x870/0xd30 kernel/workqueue.c:3398\nkthread+0x2f0/0x390 kernel/kthread.c:389\nret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\nret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nAllocated by task 5315:\nkasan_save_stack mm/kasan/common.c:47 [inline]\nkasan_save_track+0x3f/0x80 mm/kasan/common.c:68\npoison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n__kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\nkasan_kmalloc include/linux/kasan.h:260 [inline]\n__kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\nkmalloc_noprof include/linux/slab.h:901 [inline]\njoin_transaction+0x144/0xda0 fs/btrfs/transaction.c:308\nstart_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697\nbtrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572\nlookup_open fs/namei.c:3649 [inline]\nopen_last_lookups fs/namei.c:3748 [inline]\npath_openat+0x1c03/0x3590 fs/namei.c:3984\ndo_filp_open+0x27f/0x4e0 fs/namei.c:4014\ndo_sys_openat2+0x13e/0x1d0 fs/open.c:1402\ndo_sys_open fs/open.c:1417 [inline]\n__do_sys_creat fs/open.c:1495 [inline]\n__se_sys_creat fs/open.c:1489 [inline]\n__x64_sys_creat+0x123/0x170 fs/open.c:1489\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nFreed by task 5336:\nkasan_save_stack mm/kasan/common.c:47 [inline]\nkasan_save_track+0x3f/0x80 mm/kasan/common.c:68\nkasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\npoison_slab_object mm/kasan/common.c:247 [inline]\n__kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\nkasan_slab_free include/linux/kasan.h:233 [inline]\nslab_free_hook mm/slub.c:2353 [inline]\nslab_free mm/slub.c:4613 [inline]\nkfree+0x196/0x430 mm/slub.c:4761\ncleanup_transaction fs/btrfs/transaction.c:2063 [inline]\nbtrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598\ninsert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757\nbtrfs_balance+0x992/\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21753" } ], "release_date": "2025-02-27T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-18:linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-extra-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-tools-host-0:4.15.0-248.259.all", "Ubuntu-18:linux-doc-0:4.15.0-248.259.all", "Ubuntu-18:linux-modules-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-headers-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-libc-dev-0:4.15.0-248.259.amd64", "Ubuntu-18:linux-buildinfo-4.15.0-248-tuxcare.els36-generic-0:4.15.0-248.259.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }