{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* CVE-2024-50047 fix. // CVE-url: https://ubuntu.com/security/CVE-2025-38488\n - smb: client: fix use-after-free in crypt_message when using async crypto\n * CVE-url: https://ubuntu.com/security/CVE-2024-57996 // CVE-url:\n https://ubuntu.com/security/CVE-2025-37752\n - net_sched: sch_sfq: move the limit validation\n * CVE-url: https://ubuntu.com/security/CVE-2023-52975\n - scsi: iscsi: Move pool freeing\n - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress\n * CVE-url: https://ubuntu.com/security/CVE-2023-52757\n - smb: client: fix potential deadlock when releasing mids\n * CVE-url: https://ubuntu.com/security/CVE-2025-38083\n - net_sched: prio: fix a race in prio_tune()\n * CVE-url: https://ubuntu.com/security/CVE-2024-49950\n - Bluetooth: L2CAP: Fix uaf in l2cap_connect\n - Bluetooth: hci_core: Fix calling mgmt_device_connected\n * CVE-url: https://ubuntu.com/security/CVE-2024-50073\n - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n * CVE-url: https://ubuntu.com/security/CVE-2025-37797\n - net_sched: hfsc: Fix a UAF vulnerability in class handling\n * CVE-url: https://ubuntu.com/security/CVE-2024-38541\n - of: module: add buffer overflow check in of_modalias()\n * CVE-url: https://ubuntu.com/security/CVE-2025-37997\n - netfilter: ipset: fix region locking in hash types\n * CVE-url: https://ubuntu.com/security/CVE-2024-53051\n - drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability\n * CVE-url: https://ubuntu.com/security/CVE-2025-37890\n - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc\n - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()\n - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice\n * CVE-url: https://ubuntu.com/security/CVE-2025-37782\n - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key\n * CVE-url: https://ubuntu.com/security/CVE-2024-53185\n - smb: client: fix NULL ptr deref in crypto_aead_setkey()\n * CVE-url: https://ubuntu.com/security/CVE-2024-50047\n - smb: client: fix UAF in async decryption\n * CVE-url: https://ubuntu.com/security/CVE-2024-56662\n - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl\n * Miscellaneous upstream changes\n - Revert \"UBUNTU: SAUCE: fs: hfs/hfsplus: add key_len boundary check to\n hfs_bnode_read_key\"", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu20.04els/advisories/2025/clsa-2025_1758019011.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1758019011", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1758019011" } ], "tracking": { "current_release_date": "2025-09-16T13:52:31Z", "generator": { "date": "2025-09-16T13:52:31Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1758019011", "initial_release_date": "2025-09-16T10:36:53Z", "revision_history": [ { "date": "2025-09-16T10:36:53Z", "number": "1", "summary": "Initial version" }, { "date": "2025-09-16T13:52:31Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Fix of 17 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 20.04", "product": { "name": "Ubuntu 20.04", "product_id": "Ubuntu-20", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product": { "name": "linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product_id": "linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-modules-5.4.0-221-tuxcare.els3-lowlatency@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product": { "name": "linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product_id": "linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "product": { "name": "linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "product_id": "linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-cloud-tools-5.4.0-221-tuxcare.els3@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product": { "name": "linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product_id": "linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-buildinfo-5.4.0-221-tuxcare.els3-generic@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product": { "name": "linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product_id": "linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-tools-5.4.0-221-tuxcare.els3-generic@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "product": { "name": "linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "product_id": "linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-tools-5.4.0-221-tuxcare.els3@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product": { "name": "linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product_id": "linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-cloud-tools-5.4.0-221-tuxcare.els3-generic@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product": { "name": "linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product_id": "linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-image-unsigned-5.4.0-221-tuxcare.els3-generic@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product": { "name": "linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product_id": "linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-modules-5.4.0-221-tuxcare.els3-generic@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product": { "name": "linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product_id": "linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-headers-5.4.0-221-tuxcare.els3-lowlatency@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product": { "name": "linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product_id": "linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-headers-5.4.0-221-tuxcare.els3-generic@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product": { "name": "linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product_id": "linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-modules-extra-5.4.0-221-tuxcare.els3-generic@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-libc-dev-0:5.4.0-221.241.amd64", "product": { "name": "linux-libc-dev-0:5.4.0-221.241.amd64", "product_id": "linux-libc-dev-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-libc-dev@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product": { "name": "linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product_id": "linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-tools-5.4.0-221-tuxcare.els3-lowlatency@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product": { "name": "linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product_id": "linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency@5.4.0-221.241?arch=amd64" } } }, { "category": "product_version", "name": "linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product": { "name": "linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product_id": "linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency@5.4.0-221.241?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "linux-cloud-tools-common-0:5.4.0-221.241.all", "product": { "name": "linux-cloud-tools-common-0:5.4.0-221.241.all", "product_id": "linux-cloud-tools-common-0:5.4.0-221.241.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-cloud-tools-common@5.4.0-221.241?arch=all" } } }, { "category": "product_version", "name": "linux-source-5.4.0-0:5.4.0-221.241.all", "product": { "name": "linux-source-5.4.0-0:5.4.0-221.241.all", "product_id": "linux-source-5.4.0-0:5.4.0-221.241.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-source-5.4.0@5.4.0-221.241?arch=all" } } }, { "category": "product_version", "name": "linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "product": { "name": "linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "product_id": "linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-headers-5.4.0-221-tuxcare.els3@5.4.0-221.241?arch=all" } } }, { "category": "product_version", "name": "linux-tools-common-0:5.4.0-221.241.all", "product": { "name": "linux-tools-common-0:5.4.0-221.241.all", "product_id": "linux-tools-common-0:5.4.0-221.241.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-tools-common@5.4.0-221.241?arch=all" } } }, { "category": "product_version", "name": "linux-tools-host-0:5.4.0-221.241.all", "product": { "name": "linux-tools-host-0:5.4.0-221.241.all", "product_id": "linux-tools-host-0:5.4.0-221.241.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-tools-host@5.4.0-221.241?arch=all" } } }, { "category": "product_version", "name": "linux-doc-0:5.4.0-221.241.all", "product": { "name": "linux-doc-0:5.4.0-221.241.all", "product_id": "linux-doc-0:5.4.0-221.241.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-doc@5.4.0-221.241?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64" }, "product_reference": "linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64" }, "product_reference": "linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-common-0:5.4.0-221.241.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all" }, "product_reference": "linux-cloud-tools-common-0:5.4.0-221.241.all", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64" }, "product_reference": "linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64" }, "product_reference": "linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64" }, "product_reference": "linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64" }, "product_reference": "linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64" }, "product_reference": "linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64" }, "product_reference": "linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64" }, "product_reference": "linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-source-5.4.0-0:5.4.0-221.241.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all" }, "product_reference": "linux-source-5.4.0-0:5.4.0-221.241.all", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64" }, "product_reference": "linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64" }, "product_reference": "linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64" }, "product_reference": "linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all" }, "product_reference": "linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-libc-dev-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64" }, "product_reference": "linux-libc-dev-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-common-0:5.4.0-221.241.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all" }, "product_reference": "linux-tools-common-0:5.4.0-221.241.all", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64" }, "product_reference": "linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64" }, "product_reference": "linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-host-0:5.4.0-221.241.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all" }, "product_reference": "linux-tools-host-0:5.4.0-221.241.all", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64" }, "product_reference": "linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-doc-0:5.4.0-221.241.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" }, "product_reference": "linux-doc-0:5.4.0-221.241.all", "relates_to_product_reference": "Ubuntu-20" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-50073", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Fix use-after-free in gsm_cleanup_mux\n\nBUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0\ndrivers/tty/n_gsm.c:3160 [n_gsm]\nRead of size 8 at addr ffff88815fe99c00 by task poc/3379\nCPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56\nHardware name: VMware, Inc. VMware Virtual Platform/440BX\nDesktop Reference Platform, BIOS 6.00 11/12/2020\nCall Trace:\n \n gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm]\n __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389\n update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500\n __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846\n __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107\n __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm]\n ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195\n ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79\n __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338\n __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\nAllocated by task 65:\n gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm]\n gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm]\n gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm]\n gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm]\n tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391\n tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39\n flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445\n process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229\n worker_thread+0x3dc/0x950 kernel/workqueue.c:3391\n kthread+0x2a3/0x370 kernel/kthread.c:389\n ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257\n\nFreed by task 3367:\n kfree+0x126/0x420 mm/slub.c:4580\n gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm]\n gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm]\n tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818\n\n[Analysis]\ngsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux\ncan be freed by multi threads through ioctl,which leads\nto the occurrence of uaf. Protect it by gsm tx lock.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50073" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0eec592c6a7460ba795d7de29f3dc95cb5422e62", "url": "https://git.kernel.org/stable/c/0eec592c6a7460ba795d7de29f3dc95cb5422e62" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9462f4ca56e7d2430fdb6dcc8498244acbfc4489", "url": "https://git.kernel.org/stable/c/9462f4ca56e7d2430fdb6dcc8498244acbfc4489" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bf171b5e86e41de4c1cf32fb7aefa275c3d7de49", "url": "https://git.kernel.org/stable/c/bf171b5e86e41de4c1cf32fb7aefa275c3d7de49" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c29f192e0d44cc1cbaf698fa1ff198f63556691a", "url": "https://git.kernel.org/stable/c/c29f192e0d44cc1cbaf698fa1ff198f63556691a" } ], "release_date": "2024-10-29T01:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-53185", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix NULL ptr deref in crypto_aead_setkey()\n\nNeither SMB3.0 or SMB3.02 supports encryption negotiate context, so\nwhen SMB2_GLOBAL_CAP_ENCRYPTION flag is set in the negotiate response,\nthe client uses AES-128-CCM as the default cipher. See MS-SMB2\n3.3.5.4.\n\nCommit b0abcd65ec54 (\"smb: client: fix UAF in async decryption\") added\na @server->cipher_type check to conditionally call\nsmb3_crypto_aead_allocate(), but that check would always be false as\n@server->cipher_type is unset for SMB3.02.\n\nFix the following KASAN splat by setting @server->cipher_type for\nSMB3.02 as well.\n\nmount.cifs //srv/share /mnt -o vers=3.02,seal,...\n\nBUG: KASAN: null-ptr-deref in crypto_aead_setkey+0x2c/0x130\nRead of size 8 at addr 0000000000000020 by task mount.cifs/1095\nCPU: 1 UID: 0 PID: 1095 Comm: mount.cifs Not tainted 6.12.0 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nCall Trace:\n \n dump_stack_lvl+0x5d/0x80\n ? crypto_aead_setkey+0x2c/0x130\n kasan_report+0xda/0x110\n ? crypto_aead_setkey+0x2c/0x130\n crypto_aead_setkey+0x2c/0x130\n crypt_message+0x258/0xec0 [cifs]\n ? __asan_memset+0x23/0x50\n ? __pfx_crypt_message+0x10/0x10 [cifs]\n ? mark_lock+0xb0/0x6a0\n ? hlock_class+0x32/0xb0\n ? mark_lock+0xb0/0x6a0\n smb3_init_transform_rq+0x352/0x3f0 [cifs]\n ? lock_acquire.part.0+0xf4/0x2a0\n smb_send_rqst+0x144/0x230 [cifs]\n ? __pfx_smb_send_rqst+0x10/0x10 [cifs]\n ? hlock_class+0x32/0xb0\n ? smb2_setup_request+0x225/0x3a0 [cifs]\n ? __pfx_cifs_compound_last_callback+0x10/0x10 [cifs]\n compound_send_recv+0x59b/0x1140 [cifs]\n ? __pfx_compound_send_recv+0x10/0x10 [cifs]\n ? __create_object+0x5e/0x90\n ? hlock_class+0x32/0xb0\n ? do_raw_spin_unlock+0x9a/0xf0\n cifs_send_recv+0x23/0x30 [cifs]\n SMB2_tcon+0x3ec/0xb30 [cifs]\n ? __pfx_SMB2_tcon+0x10/0x10 [cifs]\n ? lock_acquire.part.0+0xf4/0x2a0\n ? __pfx_lock_release+0x10/0x10\n ? do_raw_spin_trylock+0xc6/0x120\n ? lock_acquire+0x3f/0x90\n ? _get_xid+0x16/0xd0 [cifs]\n ? __pfx_SMB2_tcon+0x10/0x10 [cifs]\n ? cifs_get_smb_ses+0xcdd/0x10a0 [cifs]\n cifs_get_smb_ses+0xcdd/0x10a0 [cifs]\n ? __pfx_cifs_get_smb_ses+0x10/0x10 [cifs]\n ? cifs_get_tcp_session+0xaa0/0xca0 [cifs]\n cifs_mount_get_session+0x8a/0x210 [cifs]\n dfs_mount_share+0x1b0/0x11d0 [cifs]\n ? __pfx___lock_acquire+0x10/0x10\n ? __pfx_dfs_mount_share+0x10/0x10 [cifs]\n ? lock_acquire.part.0+0xf4/0x2a0\n ? find_held_lock+0x8a/0xa0\n ? hlock_class+0x32/0xb0\n ? lock_release+0x203/0x5d0\n cifs_mount+0xb3/0x3d0 [cifs]\n ? do_raw_spin_trylock+0xc6/0x120\n ? __pfx_cifs_mount+0x10/0x10 [cifs]\n ? lock_acquire+0x3f/0x90\n ? find_nls+0x16/0xa0\n ? smb3_update_mnt_flags+0x372/0x3b0 [cifs]\n cifs_smb3_do_mount+0x1e2/0xc80 [cifs]\n ? __pfx_vfs_parse_fs_string+0x10/0x10\n ? __pfx_cifs_smb3_do_mount+0x10/0x10 [cifs]\n smb3_get_tree+0x1bf/0x330 [cifs]\n vfs_get_tree+0x4a/0x160\n path_mount+0x3c1/0xfb0\n ? kasan_quarantine_put+0xc7/0x1d0\n ? __pfx_path_mount+0x10/0x10\n ? kmem_cache_free+0x118/0x3e0\n ? user_path_at+0x74/0xa0\n __x64_sys_mount+0x1a6/0x1e0\n ? __pfx___x64_sys_mount+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-53185" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/22127c1dc04364cda3da812161e70921e6c3c0af", "url": "https://git.kernel.org/stable/c/22127c1dc04364cda3da812161e70921e6c3c0af" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/44c495818d9c4a741ab9e6bc9203ccc9f55f6f40", "url": "https://git.kernel.org/stable/c/44c495818d9c4a741ab9e6bc9203ccc9f55f6f40" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/46f8e25926817272ec8d5bfbd003569bdeb9a8c8", "url": "https://git.kernel.org/stable/c/46f8e25926817272ec8d5bfbd003569bdeb9a8c8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4a788ebbb10db9da453d52eaf44a41c13dc446df", "url": "https://git.kernel.org/stable/c/4a788ebbb10db9da453d52eaf44a41c13dc446df" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4bdec0d1f658f7c98749bd2c5a486e6cfa8565d2", "url": "https://git.kernel.org/stable/c/4bdec0d1f658f7c98749bd2c5a486e6cfa8565d2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/92c5b62879073b489793a067dbe8d4f2728cdcad", "url": "https://git.kernel.org/stable/c/92c5b62879073b489793a067dbe8d4f2728cdcad" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9b8904b53b5ace0519c74cd89fc3ca763f3856d4", "url": "https://git.kernel.org/stable/c/9b8904b53b5ace0519c74cd89fc3ca763f3856d4" } ], "release_date": "2024-12-27T14:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-57996", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: don't allow 1 packet limit\n\nThe current implementation does not work correctly with a limit of\n1. iproute2 actually checks for this and this patch adds the check in\nkernel as well.\n\nThis fixes the following syzkaller reported crash:\n\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6\nindex 65535 is out of range for type 'struct sfq_head[128]'\nCPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x125/0x19f lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:148 [inline]\n __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347\n sfq_link net/sched/sch_sfq.c:210 [inline]\n sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238\n sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500\n sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319\n qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026\n dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296\n netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline]\n dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362\n __dev_close_many+0x214/0x350 net/core/dev.c:1468\n dev_close_many+0x207/0x510 net/core/dev.c:1506\n unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738\n unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695\n unregister_netdevice include/linux/netdevice.h:2893 [inline]\n __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689\n tun_detach drivers/net/tun.c:705 [inline]\n tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640\n __fput+0x203/0x840 fs/file_table.c:280\n task_work_run+0x129/0x1b0 kernel/task_work.c:185\n exit_task_work include/linux/task_work.h:33 [inline]\n do_exit+0x5ce/0x2200 kernel/exit.c:931\n do_group_exit+0x144/0x310 kernel/exit.c:1046\n __do_sys_exit_group kernel/exit.c:1057 [inline]\n __se_sys_exit_group kernel/exit.c:1055 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055\n do_syscall_64+0x6c/0xd0\n entry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fe5e7b52479\nCode: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.\nRSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0\nR13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270\n\nThe crash can be also be reproduced with the following (with a tc\nrecompiled to allow for sfq limits of 1):\n\ntc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s\n../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1\nifconfig dummy0 up\nping -I dummy0 -f -c2 -W0.1 8.8.8.8\nsleep 1\n\nScenario that triggers the crash:\n\n* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1\n\n* TBF dequeues: it peeks from SFQ which moves the packet to the\n gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so\n it schedules itself for later.\n\n* the second packet is sent and TBF tries to queues it to SFQ. qdisc\n qlen is now 2 and because the SFQ limit is 1 the packet is dropped\n by SFQ. At this point qlen is 1, and all of the SFQ slots are empty,\n however q->tail is not NULL.\n\nAt this point, assuming no more packets are queued, when sch_dequeue\nruns again it will decrement the qlen for the current empty slot\ncausing an underflow and the subsequent out of bounds access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-57996" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/10685681bafce6febb39770f3387621bf5d67d0b", "url": "https://git.kernel.org/stable/c/10685681bafce6febb39770f3387621bf5d67d0b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1b562b7f9231432da40d12e19786c1bd7df653a7", "url": "https://git.kernel.org/stable/c/1b562b7f9231432da40d12e19786c1bd7df653a7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1e6d9d87626cf89eeffb4d943db12cb5b10bf961", "url": "https://git.kernel.org/stable/c/1e6d9d87626cf89eeffb4d943db12cb5b10bf961" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/35d0137305ae2f97260a9047f445bd4434bd6cc7", "url": "https://git.kernel.org/stable/c/35d0137305ae2f97260a9047f445bd4434bd6cc7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7d8947f2153ee9c5ab4cb17861a11cc45f30e8c4", "url": "https://git.kernel.org/stable/c/7d8947f2153ee9c5ab4cb17861a11cc45f30e8c4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7fefc294204f10a3405f175f4ac2be16d63f135e", "url": "https://git.kernel.org/stable/c/7fefc294204f10a3405f175f4ac2be16d63f135e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/833e9a1c27b82024db7ff5038a51651f48f05e5e", "url": "https://git.kernel.org/stable/c/833e9a1c27b82024db7ff5038a51651f48f05e5e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e12f6013d0a69660e8b99bfe381b9546ae667328", "url": "https://git.kernel.org/stable/c/e12f6013d0a69660e8b99bfe381b9546ae667328" } ], "release_date": "2025-02-27T02:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-56662", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nacpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl\n\nFix an issue detected by syzbot with KASAN:\n\nBUG: KASAN: vmalloc-out-of-bounds in cmd_to_func drivers/acpi/nfit/\ncore.c:416 [inline]\nBUG: KASAN: vmalloc-out-of-bounds in acpi_nfit_ctl+0x20e8/0x24a0\ndrivers/acpi/nfit/core.c:459\n\nThe issue occurs in cmd_to_func when the call_pkg->nd_reserved2\narray is accessed without verifying that call_pkg points to a buffer\nthat is appropriately sized as a struct nd_cmd_pkg. This can lead\nto out-of-bounds access and undefined behavior if the buffer does not\nhave sufficient space.\n\nTo address this, a check was added in acpi_nfit_ctl() to ensure that\nbuf is not NULL and that buf_len is less than sizeof(*call_pkg)\nbefore accessing it. This ensures safe access to the members of\ncall_pkg, including the nd_reserved2 array.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-56662" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/143f723e9eb4f0302ffb7adfdc7ef77eab3f68e0", "url": "https://git.kernel.org/stable/c/143f723e9eb4f0302ffb7adfdc7ef77eab3f68e0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/212846fafb753a48e869e2a342fc1e24048da771", "url": "https://git.kernel.org/stable/c/212846fafb753a48e869e2a342fc1e24048da771" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/265e98f72bac6c41a4492d3e30a8e5fd22fe0779", "url": "https://git.kernel.org/stable/c/265e98f72bac6c41a4492d3e30a8e5fd22fe0779" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/616aa5f3c86e0479bcbb81e41c08c43ff32af637", "url": "https://git.kernel.org/stable/c/616aa5f3c86e0479bcbb81e41c08c43ff32af637" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bbdb3307f609ec4dc9558770f464ede01fe52aed", "url": "https://git.kernel.org/stable/c/bbdb3307f609ec4dc9558770f464ede01fe52aed" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e08dc2dc3c3f7938df0e4476fe3e6fdec5583c1d", "url": "https://git.kernel.org/stable/c/e08dc2dc3c3f7938df0e4476fe3e6fdec5583c1d" } ], "release_date": "2024-12-27T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-50047", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix UAF in async decryption\n\nDoing an async decryption (large read) crashes with a\nslab-use-after-free way down in the crypto API.\n\nReproducer:\n # mount.cifs -o ...,seal,esize=1 //srv/share /mnt\n # dd if=/mnt/largefile of=/dev/null\n ...\n [ 194.196391] ==================================================================\n [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110\n [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899\n [ 194.197707]\n [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43\n [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\n [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs]\n [ 194.200032] Call Trace:\n [ 194.200191] \n [ 194.200327] dump_stack_lvl+0x4e/0x70\n [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.200809] print_report+0x174/0x505\n [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10\n [ 194.201352] ? srso_return_thunk+0x5/0x5f\n [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0\n [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202128] kasan_report+0xc8/0x150\n [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110\n [ 194.202616] gf128mul_4k_lle+0xc1/0x110\n [ 194.202863] ghash_update+0x184/0x210\n [ 194.203103] shash_ahash_update+0x184/0x2a0\n [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10\n [ 194.203651] ? srso_return_thunk+0x5/0x5f\n [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340\n [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140\n [ 194.204434] crypt_message+0xec1/0x10a0 [cifs]\n [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs]\n [ 194.208507] ? srso_return_thunk+0x5/0x5f\n [ 194.209205] ? srso_return_thunk+0x5/0x5f\n [ 194.209925] ? srso_return_thunk+0x5/0x5f\n [ 194.210443] ? srso_return_thunk+0x5/0x5f\n [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs]\n [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]\n [ 194.214670] ? srso_return_thunk+0x5/0x5f\n [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs]\n\nThis is because TFM is being used in parallel.\n\nFix this by allocating a new AEAD TFM for async decryption, but keep\nthe existing one for synchronous READ cases (similar to what is done\nin smb3_calc_signature()).\n\nAlso remove the calls to aead_request_set_callback() and\ncrypto_wait_req() since it's always going to be a synchronous operation.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50047" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0809fb86ad13b29e1d6d491364fc7ea4fb545995", "url": "https://git.kernel.org/stable/c/0809fb86ad13b29e1d6d491364fc7ea4fb545995" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/538c26d9bf70c90edc460d18c81008a4e555925a", "url": "https://git.kernel.org/stable/c/538c26d9bf70c90edc460d18c81008a4e555925a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f14a476abba13144df5434871a7225fd29af633", "url": "https://git.kernel.org/stable/c/8f14a476abba13144df5434871a7225fd29af633" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b0abcd65ec545701b8793e12bc27dc98042b151a", "url": "https://git.kernel.org/stable/c/b0abcd65ec545701b8793e12bc27dc98042b151a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bce966530fd5542bbb422cb45ecb775f7a1a6bc3", "url": "https://git.kernel.org/stable/c/bce966530fd5542bbb422cb45ecb775f7a1a6bc3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ef51c0d544b1518b35364480317ab6d3468f205d", "url": "https://git.kernel.org/stable/c/ef51c0d544b1518b35364480317ab6d3468f205d" } ], "release_date": "2024-10-21T20:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-49950", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix uaf in l2cap_connect\n\n[Syzbot reported]\nBUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\nRead of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci2 hci_rx_work\nCall Trace:\n \n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:488\n kasan_report+0xd9/0x110 mm/kasan/report.c:601\n l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949\n l2cap_connect_req net/bluetooth/l2cap_core.c:4080 [inline]\n l2cap_bredr_sig_cmd net/bluetooth/l2cap_core.c:4772 [inline]\n l2cap_sig_channel net/bluetooth/l2cap_core.c:5543 [inline]\n l2cap_recv_frame+0xf0b/0x8eb0 net/bluetooth/l2cap_core.c:6825\n l2cap_recv_acldata+0x9b4/0xb70 net/bluetooth/l2cap_core.c:7514\n hci_acldata_packet net/bluetooth/hci_core.c:3791 [inline]\n hci_rx_work+0xaab/0x1610 net/bluetooth/hci_core.c:4028\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n...\n\nFreed by task 5245:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:579\n poison_slab_object+0xf7/0x160 mm/kasan/common.c:240\n __kasan_slab_free+0x32/0x50 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x12a/0x3b0 mm/slub.c:4598\n l2cap_conn_free net/bluetooth/l2cap_core.c:1810 [inline]\n kref_put include/linux/kref.h:65 [inline]\n l2cap_conn_put net/bluetooth/l2cap_core.c:1822 [inline]\n l2cap_conn_del+0x59d/0x730 net/bluetooth/l2cap_core.c:1802\n l2cap_connect_cfm+0x9e6/0xf80 net/bluetooth/l2cap_core.c:7241\n hci_connect_cfm include/net/bluetooth/hci_core.h:1960 [inline]\n hci_conn_failed+0x1c3/0x370 net/bluetooth/hci_conn.c:1265\n hci_abort_conn_sync+0x75a/0xb50 net/bluetooth/hci_sync.c:5583\n abort_conn_sync+0x197/0x360 net/bluetooth/hci_conn.c:2917\n hci_cmd_sync_work+0x1a4/0x410 net/bluetooth/hci_sync.c:328\n process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231\n process_scheduled_works kernel/workqueue.c:3312 [inline]\n worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389\n kthread+0x2c1/0x3a0 kernel/kthread.c:389\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-49950" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/333b4fd11e89b29c84c269123f871883a30be586", "url": "https://git.kernel.org/stable/c/333b4fd11e89b29c84c269123f871883a30be586" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/686e05c9dbd68766c6bda5f31f7e077f36a7fb29", "url": "https://git.kernel.org/stable/c/686e05c9dbd68766c6bda5f31f7e077f36a7fb29" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/78d30ce16fdf9c301bcd8b83ce613cea079cea83", "url": "https://git.kernel.org/stable/c/78d30ce16fdf9c301bcd8b83ce613cea079cea83" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a1c6174e23df10b8e5770e82d63bc6e2118a3dc7", "url": "https://git.kernel.org/stable/c/a1c6174e23df10b8e5770e82d63bc6e2118a3dc7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b22346eec479a30bfa4a02ad2c551b54809694d0", "url": "https://git.kernel.org/stable/c/b22346eec479a30bfa4a02ad2c551b54809694d0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b90907696c30172b809aa3dd2f0caffae761e4c6", "url": "https://git.kernel.org/stable/c/b90907696c30172b809aa3dd2f0caffae761e4c6" } ], "release_date": "2024-10-21T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37782", "notes": [ { "category": "description", "text": "[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved:\nhfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37782" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-38541", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nof: module: add buffer overflow check in of_modalias()\nIn of_modalias(), if the buffer happens to be too small even for the 1st\nsnprintf() call, the len parameter will become negative and str parameter\n(if not NULL initially) will point beyond the buffer's end. Add the buffer\noverflow check after the 1st snprintf() call and fix such check after the\nstrlen() call (accounting for the terminating NUL char).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-38541" } ], "release_date": "2024-06-19T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2023-52975", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nscsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress\nBug report and analysis from Ding Hui.\nDuring iSCSI session logout, if another task accesses the shost ipaddress\nattr, we can get a KASAN UAF report like this:\n[ 276.942144] BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x78/0xe0\n[ 276.942535] Write of size 4 at addr ffff8881053b45b8 by task cat/4088\n[ 276.943511] CPU: 2 PID: 4088 Comm: cat Tainted: G E 6.1.0-rc8+ #3\n[ 276.943997] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\n[ 276.944470] Call Trace:\n[ 276.944943] \n[ 276.945397] dump_stack_lvl+0x34/0x48\n[ 276.945887] print_address_description.constprop.0+0x86/0x1e7\n[ 276.946421] print_report+0x36/0x4f\n[ 276.947358] kasan_report+0xad/0x130\n[ 276.948234] kasan_check_range+0x35/0x1c0\n[ 276.948674] _raw_spin_lock_bh+0x78/0xe0\n[ 276.949989] iscsi_sw_tcp_host_get_param+0xad/0x2e0 [iscsi_tcp]\n[ 276.951765] show_host_param_ISCSI_HOST_PARAM_IPADDRESS+0xe9/0x130 [scsi_transport_iscsi]\n[ 276.952185] dev_attr_show+0x3f/0x80\n[ 276.953005] sysfs_kf_seq_show+0x1fb/0x3e0\n[ 276.953401] seq_read_iter+0x402/0x1020\n[ 276.954260] vfs_read+0x532/0x7b0\n[ 276.955113] ksys_read+0xed/0x1c0\n[ 276.955952] do_syscall_64+0x38/0x90\n[ 276.956347] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 276.956769] RIP: 0033:0x7f5d3a679222\n[ 276.957161] Code: c0 e9 b2 fe ff ff 50 48 8d 3d 32 c0 0b 00 e8 a5 fe 01 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24\n[ 276.958009] RSP: 002b:00007ffc864d16a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n[ 276.958431] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f5d3a679222\n[ 276.958857] RDX: 0000000000020000 RSI: 00007f5d3a4fe000 RDI: 0000000000000003\n[ 276.959281] RBP: 00007f5d3a4fe000 R08: 00000000ffffffff R09: 0000000000000000\n[ 276.959682] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000020000\n[ 276.960126] R13: 0000000000000003 R14: 0000000000000000 R15: 0000557a26dada58\n[ 276.960536] \n[ 276.961357] Allocated by task 2209:\n[ 276.961756] kasan_save_stack+0x1e/0x40\n[ 276.962170] kasan_set_track+0x21/0x30\n[ 276.962557] __kasan_kmalloc+0x7e/0x90\n[ 276.962923] __kmalloc+0x5b/0x140\n[ 276.963308] iscsi_alloc_session+0x28/0x840 [scsi_transport_iscsi]\n[ 276.963712] iscsi_session_setup+0xda/0xba0 [libiscsi]\n[ 276.964078] iscsi_sw_tcp_session_create+0x1fd/0x330 [iscsi_tcp]\n[ 276.964431] iscsi_if_create_session.isra.0+0x50/0x260 [scsi_transport_iscsi]\n[ 276.964793] iscsi_if_recv_msg+0xc5a/0x2660 [scsi_transport_iscsi]\n[ 276.965153] iscsi_if_rx+0x198/0x4b0 [scsi_transport_iscsi]\n[ 276.965546] netlink_unicast+0x4d5/0x7b0\n[ 276.965905] netlink_sendmsg+0x78d/0xc30\n[ 276.966236] sock_sendmsg+0xe5/0x120\n[ 276.966576] ____sys_sendmsg+0x5fe/0x860\n[ 276.966923] ___sys_sendmsg+0xe0/0x170\n[ 276.967300] __sys_sendmsg+0xc8/0x170\n[ 276.967666] do_syscall_64+0x38/0x90\n[ 276.968028] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 276.968773] Freed by task 2209:\n[ 276.969111] kasan_save_stack+0x1e/0x40\n[ 276.969449] kasan_set_track+0x21/0x30\n[ 276.969789] kasan_save_free_info+0x2a/0x50\n[ 276.970146] __kasan_slab_free+0x106/0x190\n[ 276.970470] __kmem_cache_free+0x133/0x270\n[ 276.970816] device_release+0x98/0x210\n[ 276.971145] kobject_cleanup+0x101/0x360\n[ 276.971462] iscsi_session_teardown+0x3fb/0x530 [libiscsi]\n[ 276.971775] iscsi_sw_tcp_session_destroy+0xd8/0x130 [iscsi_tcp]\n[ 276.972143] iscsi_if_recv_msg+0x1bf1/0x2660 [scsi_transport_iscsi]\n[ 276.972485] iscsi_if_rx+0x198/0x4b0 [scsi_transport_iscsi]\n[ 276.972808] netlink_unicast+0x4d5/0x7b0\n[ 276.973201] netlink_sendmsg+0x78d/0xc30\n[ 276.973544] sock_sendmsg+0xe5/0x120\n[ 276.973864] ____sys_sendmsg+0x5fe/0x860\n[ 276.974248] ___sys_\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52975" } ], "release_date": "2025-03-27T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37997", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: ipset: fix region locking in hash types\nRegion locking introduced in v5.6-rc4 contained three macros to handle\nthe region locks: ahash_bucket_start(), ahash_bucket_end() which gave\nback the start and end hash bucket values belonging to a given region\nlock and ahash_region() which should give back the region lock belonging\nto a given hash bucket. The latter was incorrect which can lead to a\nrace condition between the garbage collector and adding new elements\nwhen a hash type of set is defined with timeouts.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37997" } ], "release_date": "2025-05-29T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38488", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nsmb: client: fix use-after-free in crypt_message when using async crypto\nThe CVE-2024-50047 fix removed asynchronous crypto handling from\ncrypt_message(), assuming all crypto operations are synchronous.\nHowever, when hardware crypto accelerators are used, this can cause\nuse-after-free crashes:\ncrypt_message()\n// Allocate the creq buffer containing the req\ncreq = smb2_get_aead_req(..., &req);\n// Async encryption returns -EINPROGRESS immediately\nrc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);\n// Free creq while async operation is still in progress\nkvfree_sensitive(creq, ...);\nHardware crypto modules often implement async AEAD operations for\nperformance. When crypto_aead_encrypt/decrypt() returns -EINPROGRESS,\nthe operation completes asynchronously. Without crypto_wait_req(),\nthe function immediately frees the request buffer, leading to crashes\nwhen the driver later accesses the freed memory.\nThis results in a use-after-free condition when the hardware crypto\ndriver later accesses the freed request structure, leading to kernel\ncrashes with NULL pointer dereferences.\nThe issue occurs because crypto_alloc_aead() with mask=0 doesn't\nguarantee synchronous operation. Even without CRYPTO_ALG_ASYNC in\nthe mask, async implementations can be selected.\nFix by restoring the async crypto handling:\n- DECLARE_CRYPTO_WAIT(wait) for completion tracking\n- aead_request_set_callback() for async completion notification\n- crypto_wait_req() to wait for operation completion\nThis ensures the request buffer isn't freed until the crypto operation\ncompletes, whether synchronous or asynchronous, while preserving the\nCVE-2024-50047 fix.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38488" } ], "release_date": "2025-07-28T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38083", "cwe": { "id": "CWE-366", "name": "Race Condition within a Thread" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: prio: fix a race in prio_tune()\nGerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer\nfires at the wrong time.\nThe race is as follows:\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n|\n| [5]: lock root\n| [6]: rehash\n| [7]: qdisc_tree_reduce_backlog()\n|\n[4]: qdisc_put()\nThis can be abused to underflow a parent's qlen.\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38083" } ], "release_date": "2025-06-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37890", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc\nAs described in Gerrard's report [1], we have a UAF case when an hfsc class\nhas a netem child qdisc. The crux of the issue is that hfsc is assuming\nthat checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted\nthe class in the vttree or eltree (which is not true for the netem\nduplicate case).\nThis patch checks the n_active class variable to make sure that the code\nwon't insert the class in the vttree or eltree twice, catering for the\nreentrant case.\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37890" } ], "release_date": "2025-05-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37797", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\ncodel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\nthe class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\nare in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn't emptied.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37797" } ], "release_date": "2025-05-02T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37752", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: sch_sfq: move the limit validation\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\nThis fixes the following syzkaller reported crash:\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type 'struct sfq_head[128]'\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\nubsan_epilogue lib/ubsan.c:231 [inline]\n__ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\nsfq_link net/sched/sch_sfq.c:203 [inline]\nsfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\nsfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\nsfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\nqdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\ntbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\nqdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\ndev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\nnetdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\ndev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37752" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-53051", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/hdcp: Add encoder check in intel_hdcp_get_capability\n\nSometimes during hotplug scenario or suspend/resume scenario encoder is\nnot always initialized when intel_hdcp_get_capability add\na check to avoid kernel null pointer dereference.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-53051" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/31b42af516afa1e184d1a9f9dd4096c54044269a", "url": "https://git.kernel.org/stable/c/31b42af516afa1e184d1a9f9dd4096c54044269a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4912e8fb3c37fb2dedf48d9c18bbbecd70e720f8", "url": "https://git.kernel.org/stable/c/4912e8fb3c37fb2dedf48d9c18bbbecd70e720f8" } ], "release_date": "2024-11-19T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2023-52757", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential deadlock when releasing mids\n\nAll release_mid() callers seem to hold a reference of @mid so there is\nno need to call kref_put(&mid->refcount, __release_mid) under\n@server->mid_lock spinlock. If they don't, then an use-after-free bug\nwould have occurred anyways.\n\nBy getting rid of such spinlock also fixes a potential deadlock as\nshown below\n\nCPU 0 CPU 1\n------------------------------------------------------------------\ncifs_demultiplex_thread() cifs_debug_data_proc_show()\n release_mid()\n spin_lock(&server->mid_lock);\n spin_lock(&cifs_tcp_ses_lock)\n\t\t\t\t spin_lock(&server->mid_lock)\n __release_mid()\n smb2_find_smb_tcon()\n spin_lock(&cifs_tcp_ses_lock) *deadlock*", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52757" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/99f476e27aad5964ab13777d84fda67d1356dec1", "url": "https://git.kernel.org/stable/c/99f476e27aad5964ab13777d84fda67d1356dec1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29", "url": "https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf", "url": "https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26", "url": "https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ce49569079a9d4cad26c0f1d4653382fd9a5ca7a", "url": "https://git.kernel.org/stable/c/ce49569079a9d4cad26c0f1d4653382fd9a5ca7a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7", "url": "https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7" } ], "release_date": "2024-05-21T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-221.241.all", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-221-tuxcare.els3-generic-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-headers-5.4.0-221-tuxcare.els3-0:5.4.0-221.241.all", "Ubuntu-20:linux-libc-dev-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-221.241.all", "Ubuntu-20:linux-tools-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-tools-host-0:5.4.0-221.241.all", "Ubuntu-20:linux-buildinfo-5.4.0-221-tuxcare.els3-lowlatency-0:5.4.0-221.241.amd64", "Ubuntu-20:linux-doc-0:5.4.0-221.241.all" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }