{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* CVE-url: https://ubuntu.com/security/CVE-2024-46787\n - userfaultfd: fix checks for huge PMDs\n * CVE-url: https://ubuntu.com/security/CVE-2025-37798\n - sch_htb: make htb_qlen_notify() idempotent\n - sch_drr: make drr_qlen_notify() idempotent\n - sch_hfsc: make hfsc_qlen_notify() idempotent\n - sch_qfq: make qfq_qlen_notify() idempotent\n - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()\n * CVE-url: https://ubuntu.com/security/CVE-2025-37803\n - udmabuf: fix a buf size overflow issue during udmabuf creation\n * CVE-url: https://ubuntu.com/security/CVE-2025-37785\n - ext4: optimize __ext4_check_dir_entry()\n - ext4: fix OOB read when checking dotdot dir\n * CVE-url: https://ubuntu.com/security/CVE-2025-22038\n - ksmbd: validate zero num_subauth before sub_auth is accessed\n * CVE-url: https://ubuntu.com/security/CVE-2025-21927\n - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()\n * CVE-url: https://ubuntu.com/security/CVE-2025-21969\n - Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n * CVE-url: https://ubuntu.com/security/CVE-2025-21855\n - ibmvnic: Don't reference skb after sending to VIOS\n * CVE-url: https://ubuntu.com/security/CVE-2025-21780\n - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n * CVE-url: https://ubuntu.com/security/CVE-2023-0386\n - ovl: fail on invalid uid/gid mapping at copy up", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu20.04els/advisories/2025/clsa-2025_1753085842.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753085842", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1753085842" } ], "tracking": { "current_release_date": "2025-07-21T08:19:10Z", "generator": { "date": "2025-07-21T08:19:10Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1753085842", "initial_release_date": "2025-07-21T08:19:10Z", "revision_history": [ { "date": "2025-07-21T08:19:10Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "Fix of 10 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 20.04", "product": { "name": "Ubuntu 20.04", "product_id": "Ubuntu-20", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "product": { "name": "linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "product_id": "linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-modules-5.4.0-220-tuxcare.els2-lowlatency@5.4.0-220.240?arch=amd64" } } }, { "category": "product_version", "name": "linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product": { "name": "linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product_id": "linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-cloud-tools-5.4.0-220-tuxcare.els2-generic@5.4.0-220.240?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product": { "name": "linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product_id": "linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-modules-extra-5.4.0-220-tuxcare.els2-generic@5.4.0-220.240?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "product": { "name": "linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "product_id": "linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-headers-5.4.0-220-tuxcare.els2-lowlatency@5.4.0-220.240?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product": { "name": "linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product_id": "linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-image-unsigned-5.4.0-220-tuxcare.els2-generic@5.4.0-220.240?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "product": { "name": "linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "product_id": "linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-tools-5.4.0-220-tuxcare.els2-lowlatency@5.4.0-220.240?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product": { "name": "linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product_id": "linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-headers-5.4.0-220-tuxcare.els2-generic@5.4.0-220.240?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product": { "name": "linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product_id": "linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-tools-5.4.0-220-tuxcare.els2-generic@5.4.0-220.240?arch=amd64" } } }, { "category": "product_version", "name": "linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64", "product": { "name": "linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64", "product_id": "linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-cloud-tools-5.4.0-220-tuxcare.els2@5.4.0-220.240?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "linux-cloud-tools-common-0:5.4.0-220.240.all", "product": { "name": "linux-cloud-tools-common-0:5.4.0-220.240.all", "product_id": "linux-cloud-tools-common-0:5.4.0-220.240.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-cloud-tools-common@5.4.0-220.240?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64" }, "product_reference": "linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64" }, "product_reference": "linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64" }, "product_reference": "linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64" }, "product_reference": "linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-common-0:5.4.0-220.240.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all" }, "product_reference": "linux-cloud-tools-common-0:5.4.0-220.240.all", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64" }, "product_reference": "linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64" }, "product_reference": "linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64" }, "product_reference": "linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64" }, "product_reference": "linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" }, "product_reference": "linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64", "relates_to_product_reference": "Ubuntu-20" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-37785", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix OOB read when checking dotdot dir\n\nMounting a corrupted filesystem with directory which contains '.' dir\nentry with rec_len == block size results in out-of-bounds read (later\non, when the corrupted directory is removed).\n\next4_empty_dir() assumes every ext4 directory contains at least '.'\nand '..' as directory entries in the first data block. It first loads\nthe '.' dir entry, performs sanity checks by calling ext4_check_dir_entry()\nand then uses its rec_len member to compute the location of '..' dir\nentry (in ext4_next_entry). It assumes the '..' dir entry fits into the\nsame data block.\n\nIf the rec_len of '.' is precisely one block (4KB), it slips through the\nsanity checks (it is considered the last directory entry in the data\nblock) and leaves \"struct ext4_dir_entry_2 *de\" point exactly past the\nmemory slot allocated to the data block. The following call to\next4_check_dir_entry() on new value of de then dereferences this pointer\nwhich results in out-of-bounds mem access.\n\nFix this by extending __ext4_check_dir_entry() to check for '.' dir\nentries that reach the end of data block. Make sure to ignore the phony\ndir entries for checksum (by checking name_len for non-zero).\n\nNote: This is reported by KASAN as use-after-free in case another\nstructure was recently freed from the slot past the bound, but it is\nreally an OOB read.\n\nThis issue was found by syzkaller tool.\n\nCall Trace:\n[ 38.594108] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x67e/0x710\n[ 38.594649] Read of size 2 at addr ffff88802b41a004 by task syz-executor/5375\n[ 38.595158]\n[ 38.595288] CPU: 0 UID: 0 PID: 5375 Comm: syz-executor Not tainted 6.14.0-rc7 #1\n[ 38.595298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 38.595304] Call Trace:\n[ 38.595308] \n[ 38.595311] dump_stack_lvl+0xa7/0xd0\n[ 38.595325] print_address_description.constprop.0+0x2c/0x3f0\n[ 38.595339] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595349] print_report+0xaa/0x250\n[ 38.595359] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595368] ? kasan_addr_to_slab+0x9/0x90\n[ 38.595378] kasan_report+0xab/0xe0\n[ 38.595389] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595400] __ext4_check_dir_entry+0x67e/0x710\n[ 38.595410] ext4_empty_dir+0x465/0x990\n[ 38.595421] ? __pfx_ext4_empty_dir+0x10/0x10\n[ 38.595432] ext4_rmdir.part.0+0x29a/0xd10\n[ 38.595441] ? __dquot_initialize+0x2a7/0xbf0\n[ 38.595455] ? __pfx_ext4_rmdir.part.0+0x10/0x10\n[ 38.595464] ? __pfx___dquot_initialize+0x10/0x10\n[ 38.595478] ? down_write+0xdb/0x140\n[ 38.595487] ? __pfx_down_write+0x10/0x10\n[ 38.595497] ext4_rmdir+0xee/0x140\n[ 38.595506] vfs_rmdir+0x209/0x670\n[ 38.595517] ? lookup_one_qstr_excl+0x3b/0x190\n[ 38.595529] do_rmdir+0x363/0x3c0\n[ 38.595537] ? __pfx_do_rmdir+0x10/0x10\n[ 38.595544] ? strncpy_from_user+0x1ff/0x2e0\n[ 38.595561] __x64_sys_unlinkat+0xf0/0x130\n[ 38.595570] do_syscall_64+0x5b/0x180\n[ 38.595583] entry_SYSCALL_64_after_hwframe+0x76/0x7e", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37785" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/14da7dbecb430e35b5889da8dae7bef33173b351", "url": "https://git.kernel.org/stable/c/14da7dbecb430e35b5889da8dae7bef33173b351" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/52a5509ab19a5d3afe301165d9b5787bba34d842", "url": "https://git.kernel.org/stable/c/52a5509ab19a5d3afe301165d9b5787bba34d842" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/53bc45da8d8da92ec07877f5922b130562eb4b00", "url": "https://git.kernel.org/stable/c/53bc45da8d8da92ec07877f5922b130562eb4b00" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/89503e5eae64637d0fa2218912b54660effe7d93", "url": "https://git.kernel.org/stable/c/89503e5eae64637d0fa2218912b54660effe7d93" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ac28c5684c1cdab650a7e5065b19e91577d37a4b", "url": "https://git.kernel.org/stable/c/ac28c5684c1cdab650a7e5065b19e91577d37a4b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b47584c556444cf7acb66b26a62cbc348eb92b78", "url": "https://git.kernel.org/stable/c/b47584c556444cf7acb66b26a62cbc348eb92b78" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b7531a4f99c3887439d778afaf418d1a01a5f01b", "url": "https://git.kernel.org/stable/c/b7531a4f99c3887439d778afaf418d1a01a5f01b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d5e206778e96e8667d3bde695ad372c296dc9353", "url": "https://git.kernel.org/stable/c/d5e206778e96e8667d3bde695ad372c296dc9353" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e47f472a664d70a3d104a6c2a035cdff55a719b4", "url": "https://git.kernel.org/stable/c/e47f472a664d70a3d104a6c2a035cdff55a719b4" } ], "release_date": "2025-04-18T07:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37798", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncodel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()\nAfter making all ->qlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37798" } ], "release_date": "2025-05-02T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-46787", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: fix checks for huge PMDs\n\nPatch series \"userfaultfd: fix races around pmd_trans_huge() check\", v2.\n\nThe pmd_trans_huge() code in mfill_atomic() is wrong in three different\nways depending on kernel version:\n\n1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit\n the right two race windows) - I've tested this in a kernel build with\n some extra mdelay() calls. See the commit message for a description\n of the race scenario.\n On older kernels (before 6.5), I think the same bug can even\n theoretically lead to accessing transhuge page contents as a page table\n if you hit the right 5 narrow race windows (I haven't tested this case).\n2. As pointed out by Qi Zheng, pmd_trans_huge() is not sufficient for\n detecting PMDs that don't point to page tables.\n On older kernels (before 6.5), you'd just have to win a single fairly\n wide race to hit this.\n I've tested this on 6.1 stable by racing migration (with a mdelay()\n patched into try_to_migrate()) against UFFDIO_ZEROPAGE - on my x86\n VM, that causes a kernel oops in ptlock_ptr().\n3. On newer kernels (>=6.5), for shmem mappings, khugepaged is allowed\n to yank page tables out from under us (though I haven't tested that),\n so I think the BUG_ON() checks in mfill_atomic() are just wrong.\n\nI decided to write two separate fixes for these (one fix for bugs 1+2, one\nfix for bug 3), so that the first fix can be backported to kernels\naffected by bugs 1+2.\n\n\nThis patch (of 2):\n\nThis fixes two issues.\n\nI discovered that the following race can occur:\n\n mfill_atomic other thread\n ============ ============\n \n pmdp_get_lockless() [reads none pmd]\n \n \n \n __pte_alloc [no-op]\n \n \n BUG_ON(pmd_none(*dst_pmd))\n\nI have experimentally verified this in a kernel with extra mdelay() calls;\nthe BUG_ON(pmd_none(*dst_pmd)) triggers.\n\nOn kernels newer than commit 0d940a9b270b (\"mm/pgtable: allow\npte_offset_map[_lock]() to fail\"), this can't lead to anything worse than\na BUG_ON(), since the page table access helpers are actually designed to\ndeal with page tables concurrently disappearing; but on older kernels\n(<=6.4), I think we could probably theoretically race past the two\nBUG_ON() checks and end up treating a hugepage as a page table.\n\nThe second issue is that, as Qi Zheng pointed out, there are other types\nof huge PMDs that pmd_trans_huge() can't catch: devmap PMDs and swap PMDs\n(in particular, migration PMDs).\n\nOn <=6.4, this is worse than the first issue: If mfill_atomic() runs on a\nPMD that contains a migration entry (which just requires winning a single,\nfairly wide race), it will pass the PMD to pte_offset_map_lock(), which\nassumes that the PMD points to a page table.\n\nBreakage follows: First, the kernel tries to take the PTE lock (which will\ncrash or maybe worse if there is no \"struct page\" for the address bits in\nthe migration entry PMD - I think at least on X86 there usually is no\ncorresponding \"struct page\" thanks to the PTE inversion mitigation, amd64\nlooks different).\n\nIf that didn't crash, the kernel would next try to write a PTE into what\nit wrongly thinks is a page table.\n\nAs part of fixing these issues, get rid of the check for pmd_trans_huge()\nbefore __pte_alloc() - that's redundant, we're going to have to check for\nthat after the __pte_alloc() anyway.\n\nBackport note: pmdp_get_lockless() is pmd_read_atomic() in older kernels.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-46787" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3c6b4bcf37845c9359aed926324bed66bdd2448d", "url": "https://git.kernel.org/stable/c/3c6b4bcf37845c9359aed926324bed66bdd2448d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8", "url": "https://git.kernel.org/stable/c/71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/98cc18b1b71e23fe81a5194ed432b20c2d81a01a", "url": "https://git.kernel.org/stable/c/98cc18b1b71e23fe81a5194ed432b20c2d81a01a" } ], "release_date": "2024-09-18T08:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2023-0386", "cwe": { "id": "CWE-282", "name": "Improper Ownership Management" }, "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-0386" }, { "category": "external", "summary": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html", "url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230420-0004/", "url": "https://security.netapp.com/advisory/ntap-20230420-0004/" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5402", "url": "https://www.debian.org/security/2023/dsa-5402" } ], "release_date": "2023-03-22T21:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21969", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd\n\nAfter the hci sync command releases l2cap_conn, the hci receive data work\nqueue references the released l2cap_conn when sending to the upper layer.\nAdd hci dev lock to the hci receive data work queue to synchronize the two.\n\n[1]\nBUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\nRead of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837\n\nCPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: hci1 hci_rx_work\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline]\n l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954\n l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline]\n l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817\n hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline]\n hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \n\nAllocated by task 5837:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kzalloc_noprof include/linux/slab.h:1037 [inline]\n l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860\n l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726\n hci_event_func net/bluetooth/hci_event.c:7473 [inline]\n hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525\n hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n\nFreed by task 54:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2353 [inline]\n slab_free mm/slub.c:4613 [inline]\n kfree+0x196/0x430 mm/slub.c:4761\n l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235\n hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline]\n hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266\n hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21969" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7790a79c6fce8d5d552bc64f5c82819f719e4f28", "url": "https://git.kernel.org/stable/c/7790a79c6fce8d5d552bc64f5c82819f719e4f28" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b4f82f9ed43aefa79bec2504ae8c29be0c0f5d1d", "url": "https://git.kernel.org/stable/c/b4f82f9ed43aefa79bec2504ae8c29be0c0f5d1d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c96cce853542b3b13da3738f35ef1be8cfcc9d1d", "url": "https://git.kernel.org/stable/c/c96cce853542b3b13da3738f35ef1be8cfcc9d1d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f8094625a591eeb0b75b1bd9e713fac1d93f5ca9", "url": "https://git.kernel.org/stable/c/f8094625a591eeb0b75b1bd9e713fac1d93f5ca9" } ], "release_date": "2025-04-01T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37803", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: fix a buf size overflow issue during udmabuf creation\n\nby casting size_limit_mb to u64 when calculate pglimit.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37803" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/021ba7f1babd029e714d13a6bf2571b08af96d0f", "url": "https://git.kernel.org/stable/c/021ba7f1babd029e714d13a6bf2571b08af96d0f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/13fe12c037b470321436deec393030c6153cfeb9", "url": "https://git.kernel.org/stable/c/13fe12c037b470321436deec393030c6153cfeb9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2b8419c6ecf69007dcff54ea0b9f0b215282c55a", "url": "https://git.kernel.org/stable/c/2b8419c6ecf69007dcff54ea0b9f0b215282c55a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/373512760e13fdaa726faa9502d0f5be2abb3d33", "url": "https://git.kernel.org/stable/c/373512760e13fdaa726faa9502d0f5be2abb3d33" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3f6c9d66e0f8eb9679b57913aa64b4d2266f6fbe", "url": "https://git.kernel.org/stable/c/3f6c9d66e0f8eb9679b57913aa64b4d2266f6fbe" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b2ff4e9c599b000833d16a917f519aa2e4a75de2", "url": "https://git.kernel.org/stable/c/b2ff4e9c599b000833d16a917f519aa2e4a75de2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e84a08fc7e25cdad5d9a3def42cc770ff711193f", "url": "https://git.kernel.org/stable/c/e84a08fc7e25cdad5d9a3def42cc770ff711193f" } ], "release_date": "2025-05-08T07:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-22038", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate zero num_subauth before sub_auth is accessed\n\nAccess psid->sub_auth[psid->num_subauth - 1] without checking\nif num_subauth is non-zero leads to an out-of-bounds read.\nThis patch adds a validation step to ensure num_subauth != 0\nbefore sub_auth is accessed.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22038" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0e36a3e080d6d8bd7a34e089345d043da4ac8283", "url": "https://git.kernel.org/stable/c/0e36a3e080d6d8bd7a34e089345d043da4ac8283" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3ac65de111c686c95316ade660f8ba7aea3cd3cc", "url": "https://git.kernel.org/stable/c/3ac65de111c686c95316ade660f8ba7aea3cd3cc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/56de7778a48560278c334077ace7b9ac4bfb2fd1", "url": "https://git.kernel.org/stable/c/56de7778a48560278c334077ace7b9ac4bfb2fd1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/68c6c3142bfcdb049839d40a9a59ebe8ea865002", "url": "https://git.kernel.org/stable/c/68c6c3142bfcdb049839d40a9a59ebe8ea865002" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bf21e29d78cd2c2371023953d9c82dfef82ebb36", "url": "https://git.kernel.org/stable/c/bf21e29d78cd2c2371023953d9c82dfef82ebb36" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c8bfe1954a0b89e7b29b3a3e7f4c5e0ebd295e20", "url": "https://git.kernel.org/stable/c/c8bfe1954a0b89e7b29b3a3e7f4c5e0ebd295e20" } ], "release_date": "2025-04-16T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21927", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()\n\nnvme_tcp_recv_pdu() doesn't check the validity of the header length.\nWhen header digests are enabled, a target might send a packet with an\ninvalid header length (e.g. 255), causing nvme_tcp_verify_hdgst()\nto access memory outside the allocated area and cause memory corruptions\nby overwriting it with the calculated digest.\n\nFix this by rejecting packets with an unexpected header length.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21927" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126", "url": "https://git.kernel.org/stable/c/22b06c89aa6b2d1ecb8aea72edfb9d53af8d5126" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9fbc953d6b38bc824392e01850f0aeee3b348722", "url": "https://git.kernel.org/stable/c/9fbc953d6b38bc824392e01850f0aeee3b348722" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e76e03e031391064", "url": "https://git.kernel.org/stable/c/ad95bab0cd28ed77c2c0d0b6e76e03e031391064" } ], "release_date": "2025-04-01T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21855", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Don't reference skb after sending to VIOS\n\nPreviously, after successfully flushing the xmit buffer to VIOS,\nthe tx_bytes stat was incremented by the length of the skb.\n\nIt is invalid to access the skb memory after sending the buffer to\nthe VIOS because, at any point after sending, the VIOS can trigger\nan interrupt to free this memory. A race between reading skb->len\nand freeing the skb is possible (especially during LPM) and will\nresult in use-after-free:\n ==================================================================\n BUG: KASAN: slab-use-after-free in ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n Read of size 4 at addr c00000024eb48a70 by task hxecom/14495\n <...>\n Call Trace:\n [c000000118f66cf0] [c0000000018cba6c] dump_stack_lvl+0x84/0xe8 (unreliable)\n [c000000118f66d20] [c0000000006f0080] print_report+0x1a8/0x7f0\n [c000000118f66df0] [c0000000006f08f0] kasan_report+0x128/0x1f8\n [c000000118f66f00] [c0000000006f2868] __asan_load4+0xac/0xe0\n [c000000118f66f20] [c0080000046eac84] ibmvnic_xmit+0x75c/0x1808 [ibmvnic]\n [c000000118f67340] [c0000000014be168] dev_hard_start_xmit+0x150/0x358\n <...>\n Freed by task 0:\n kasan_save_stack+0x34/0x68\n kasan_save_track+0x2c/0x50\n kasan_save_free_info+0x64/0x108\n __kasan_mempool_poison_object+0x148/0x2d4\n napi_skb_cache_put+0x5c/0x194\n net_tx_action+0x154/0x5b8\n handle_softirqs+0x20c/0x60c\n do_softirq_own_stack+0x6c/0x88\n <...>\n The buggy address belongs to the object at c00000024eb48a00 which\n belongs to the cache skbuff_head_cache of size 224\n==================================================================", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21855" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/093b0e5c90592773863f300b908b741622eef597", "url": "https://git.kernel.org/stable/c/093b0e5c90592773863f300b908b741622eef597" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/25dddd01dcc8ef3acff964dbb32eeb0d89f098e9", "url": "https://git.kernel.org/stable/c/25dddd01dcc8ef3acff964dbb32eeb0d89f098e9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/501ac6a7e21b82e05207c6b4449812d82820f306", "url": "https://git.kernel.org/stable/c/501ac6a7e21b82e05207c6b4449812d82820f306" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/abaff2717470e4b5b7c0c3a90e128b211a23da09", "url": "https://git.kernel.org/stable/c/abaff2717470e4b5b7c0c3a90e128b211a23da09" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bdf5d13aa05ec314d4385b31ac974d6c7e0997c9", "url": "https://git.kernel.org/stable/c/bdf5d13aa05ec314d4385b31ac974d6c7e0997c9" } ], "release_date": "2025-03-12T10:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21780", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()\n\nIt malicious user provides a small pptable through sysfs and then\na bigger pptable, it may cause buffer overflow attack in function\nsmu_sys_set_pp_table().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21780" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1abb2648698bf10783d2236a6b4a7ca5e8021699", "url": "https://git.kernel.org/stable/c/1abb2648698bf10783d2236a6b4a7ca5e8021699" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/231075c5a8ea54f34b7c4794687baa980814e6de", "url": "https://git.kernel.org/stable/c/231075c5a8ea54f34b7c4794687baa980814e6de" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2498d2db1d35e88a2060ea191ae75dce853dd084", "url": "https://git.kernel.org/stable/c/2498d2db1d35e88a2060ea191ae75dce853dd084" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a", "url": "https://git.kernel.org/stable/c/3484ea33157bc7334f57e64826ec5a4bf992151a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e43a8b9c4d700ffec819c5043a48769b3e7d9cab", "url": "https://git.kernel.org/stable/c/e43a8b9c4d700ffec819c5043a48769b3e7d9cab" } ], "release_date": "2025-02-27T03:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-220.240.all", "Ubuntu-20:linux-image-unsigned-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-lowlatency-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-headers-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-tools-5.4.0-220-tuxcare.els2-generic-0:5.4.0-220.240.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-220-tuxcare.els2-0:5.4.0-220.240.amd64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }