{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "* CVE-2025-39683\n - tracing: Remove unneeded goto out logic {CVE-2025-39683}\n - tracing: Limit access to parser->buffer when trace_get_user failed\n {CVE-2025-39683}\n * CVE-2025-38079\n - crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079}\n * CVE-2025-38159\n - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds\n {CVE-2025-38159}\n * CVE-2025-38211\n - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\n {CVE-2025-38211}\n * CVE-2025-38024\n - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug\n {CVE-2025-38024}\n * CVE-2025-38103\n - HID: hyperv: Correctly access fields declared as __le16 {CVE-2025-38103}\n - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()\n {CVE-2025-38103}\n * CVE-2025-38157\n - wifi: ath9k_htc: Abort software beacon handling if disabled\n {CVE-2025-38157}\n * CVE-2025-38230\n - jfs: add sanity check for agwidth in dbMount {CVE-2025-38230}\n - fs/jfs: consolidate sanity checking in dbMount {CVE-2025-38230}\n - jfs: validate AG parameters in dbMount() to prevent crashes\n {CVE-2025-38230}\n * CVE-2025-39955\n - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().\n {CVE-2025-39955}\n * CVE-2025-38680\n - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()\n {CVE-2025-38680}\n * CVE-2025-38708\n - drbd: add missing kref_get in handle_write_conflicts {CVE-2025-38708}\n * CVE-2025-39759\n - btrfs: qgroup: introduce quota mode {CVE-2025-39759}\n - btrfs: qgroup: fix race between quota disable and quota rescan ioctl\n {CVE-2025-39759}\n * CVE-2025-38666\n - net: appletalk: Fix use-after-free in AARP proxy probe {CVE-2025-38666}\n * CVE-2025-40269\n - ALSA: usb-audio: Improve frames size computation {CVE-2025-40269}\n - ALSA: usb-audio: Replace s/frame/packet/ where appropriate\n {CVE-2025-40269}\n - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer\n {CVE-2025-40269}\n * CVE-2025-40149\n - net: netdevice: Add operation ndo_sk_get_lower_dev {CVE-2025-40149}\n - net/tls: Device offload to use lowest netdevice in chain\n {CVE-2025-40149}\n - tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().\n {CVE-2025-40149}\n * CVE-2025-71089\n - iommu: disable SVA when CONFIG_X86 is set {CVE-2025-71089}\n * CVE-2026-23234\n - f2fs: fix to avoid UAF in f2fs_write_end_io() {CVE-2026-23234}\n * CVE-2026-23089\n - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()\n {CVE-2026-23089}\n * CVE-2026-23074\n - net/sched: Enforce that teql can only be used as root qdisc\n {CVE-2026-23074}\n * CVE-2026-23061\n - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak\n {CVE-2026-23061}\n * CVE-2026-23060\n - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN\n spec {CVE-2026-23060}\n * CVE-2026-22997\n - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session\n upon receiving the second rts {CVE-2026-22997}\n * CVE-2026-22991\n - libceph: make free_choose_arg_map() resilient to partial allocation\n {CVE-2026-22991}\n * CVE-2026-22990\n - libceph: replace overzealous BUG_ON in osdmap_apply_incremental()\n {CVE-2026-22990}\n * CVE-2026-22978\n - wifi: avoid kernel-infoleak from struct iw_point {CVE-2026-22978}\n * CVE-2026-22977\n - net: sock: fix hardened usercopy panic in sock_recv_errqueue\n {CVE-2026-22977}\n * CVE-2025-71154\n - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure\n {CVE-2025-71154}\n * CVE-2025-71085\n - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n {CVE-2025-71085}\n * CVE-2025-68734\n - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()\n {CVE-2025-68734}\n * CVE-2025-68349\n - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in\n pnfs_mark_layout_stateid_invalid {CVE-2025-68349}\n * CVE-2025-68340\n - team: Move team device type change at the end of team_port_add\n {CVE-2025-68340}\n * CVE-2025-68325\n - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop\n {CVE-2025-68325}\n * CVE-2025-68287\n - usb: dwc3: Fix race condition between concurrent dwc3_remove_requests()\n call paths {CVE-2025-68287}\n * CVE-2025-68285\n - libceph: fix potential use-after-free in have_mon_and_osd_map()\n {CVE-2025-68285}\n * CVE-2025-68241\n - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe\n {CVE-2025-68241}\n * CVE-2025-68229\n - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()\n {CVE-2025-68229}\n * CVE-2025-68220\n - net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return\n NULL on error {CVE-2025-68220}\n * CVE-2025-68194\n - media: imon: make send_packet() more robust {CVE-2025-68194}\n * CVE-2025-68192\n - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup\n {CVE-2025-68192}\n * CVE-2025-68185\n - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode\n dereferencing {CVE-2025-68185}\n * CVE-2025-68168\n - jfs: fix uninitialized waitqueue in transaction manager {CVE-2025-68168}\n * CVE-2025-40363\n - net: ipv6: fix field-spanning memcpy warning in AH output\n {CVE-2025-40363}\n * CVE-2025-40331\n - sctp: Prevent TOCTOU out-of-bounds write {CVE-2025-40331}\n * CVE-2025-40322\n - fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322}\n * CVE-2025-40317\n - regmap: slimbus: fix bus_context pointer in regmap init calls\n {CVE-2025-40317}\n * CVE-2025-40315\n - usb: gadget: f_fs: Fix epfile null pointer access after ep enable.\n {CVE-2025-40315}\n * CVE-2025-40309\n - Bluetooth: SCO: Fix UAF on sco_conn_free {CVE-2025-40309}\n * CVE-2025-40308\n - Bluetooth: bcsp: receive data only if registered {CVE-2025-40308}\n * CVE-2025-40306\n - orangefs: fix xattr related buffer overflow... {CVE-2025-40306}\n * CVE-2025-40304\n - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds\n {CVE-2025-40304}\n * CVE-2025-40283\n - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF\n {CVE-2025-40283}\n * CVE-2025-40282\n - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path\n {CVE-2025-40282}\n * CVE-2025-40277\n - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE\n {CVE-2025-40277}\n * CVE-2025-40275\n - ALSA: usb-audio: Fix NULL pointer dereference in\n snd_usb_mixer_controls_badd {CVE-2025-40275}\n * CVE-2025-40264\n - be2net: pass wrb_params in case of OS2BMC {CVE-2025-40264}\n * CVE-2025-40263\n - Input: cros_ec_keyb - fix an invalid memory access {CVE-2025-40263}\n * CVE-2025-40259\n - scsi: sg: Do not sleep in atomic context {CVE-2025-40259}\n * CVE-2025-40254\n - net: openvswitch: remove never-working support for setting nsh fields\n {CVE-2025-40254}\n * CVE-2025-40248\n - vsock: Ignore signal/timeout on connect() if already established\n {CVE-2025-40248}\n * CVE-2025-40211\n - ACPI: video: Fix use-after-free in acpi_video_switch_brightness()\n {CVE-2025-40211}\n * CVE-2025-40106\n - comedi: fix divide-by-zero in comedi_buf_munge() {CVE-2025-40106}\n * CVE-2025-40087\n - NFSD: Define a proc_layoutcommit for the FlexFiles layout type\n {CVE-2025-40087}\n * CVE-2025-40055\n - ocfs2: fix double free in user_cluster_connect() {CVE-2025-40055}\n * CVE-2025-39945\n - cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945}\n * CVE-2025-39738\n - btrfs: do proper error handling in create_reloc_root {CVE-2025-39738}\n - btrfs: do not allow relocation of partially dropped subvolumes\n {CVE-2025-39738}\n * CVE-2025-39685\n - comedi: pcl726: Prevent invalid irq number {CVE-2025-39685}\n * CVE-2024-46830\n - KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS\n {CVE-2024-46830}\n * CVE-2024-41014\n - xfs: add bounds checking to xlog_recover_process_data {CVE-2024-41014}\n * CVE-2025-39866\n - fs: writeback: fix use-after-free in __mark_inode_dirty()\n {CVE-2025-39866}\n * CVE-2025-39686\n - comedi: Fix some signed shift left operations {CVE-2025-39686}\n - comedi: Make insn_rw_emulate_bits() do insn->n samples {CVE-2025-39686}\n * CVE-2025-39766\n - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit\n {CVE-2025-39766}\n * CVE-2025-39828\n - net/atm: remove the atmdev_ops {get, set}sockopt methods\n {CVE-2025-39828}\n - atm: atmtcp: Free invalid length skb in atmtcp_c_send().\n {CVE-2025-39828}\n - atm: Revert atm_account_tx() if copy_from_iter_full() fails.\n {CVE-2025-39828}\n - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().\n {CVE-2025-39828}\n * CVE-2022-49267\n - mmc: core: Do not export MMC_NAME= and MODALIAS=mmc:block for SDIO cards\n {CVE-2022-49267}\n - mmc: core: Export device/vendor ids from Common CIS for SDIO cards\n {CVE-2022-49267}\n - mmc: sdio: Extend sdio_config_attr macro and use it also for modalias\n {CVE-2022-49267}\n - mmc: sdio: Export SDIO revision and info strings to userspace\n {CVE-2022-49267}\n - mmc: sdio: Parse CISTPL_VERS_1 major and minor revision numbers\n {CVE-2022-49267}\n - mmc: core: use sysfs_emit() instead of sprintf() {CVE-2022-49267}\n * CVE-2025-39967\n - fbcon: fix integer overflow in fbcon_do_set_font {CVE-2025-39967}\n * CVE-2025-38108\n - net_sched: red: fix a race in __red_change() {CVE-2025-38108}\n * CVE-2025-38212\n - ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212}\n * CVE-2025-38403\n - vsock/vmci: Clear the vmci transport packet properly when initializing\n it {CVE-2025-38403}\n * CVE-2025-38464\n - tipc: Fix use-after-free in tipc_conn_close(). {CVE-2025-38464}\n * CVE-2025-38555\n - usb: gadget : fix use-after-free in composite_dev_cleanup()\n {CVE-2025-38555}\n * CVE-2025-38652\n - f2fs: fix to avoid out-of-boundary access in devs.path {CVE-2025-38652}\n * CVE-2025-38677\n - f2fs: fix to avoid out-of-boundary access in dnode page {CVE-2025-38677}\n * CVE-2025-38713\n - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n {CVE-2025-38713}\n * CVE-2025-38714\n - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() {CVE-2025-38714}\n * CVE-2025-38715\n - hfs: fix slab-out-of-bounds in hfs_bnode_read() {CVE-2025-38715}\n * CVE-2025-38729\n - ALSA: usb-audio: Validate UAC3 power domain descriptors, too\n {CVE-2025-38729}\n * CVE-2025-39691\n - fs/buffer: fix use-after-free when call bh_read() helper\n {CVE-2025-39691}\n * CVE-2025-39743\n - jfs: truncate good inode pages when hard link is 0 {CVE-2025-39743}\n * CVE-2025-39783\n - PCI: endpoint: Fix configfs group list head handling {CVE-2025-39783}\n * CVE-2025-39824\n - HID: asus: fix UAF via HID_CLAIMED_INPUT validation {CVE-2025-39824}\n * CVE-2025-39839\n - batman-adv: fix OOB read/write in network-coding decode {CVE-2025-39839}\n * CVE-2025-39913\n - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to\n allocate psock->cork. {CVE-2025-39913}\n * CVE-2025-40240\n - sctp: avoid NULL dereference when chunk data buffer is missing\n {CVE-2025-40240}\n * CVE-2025-38004\n - can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004}\n * Miscellaneous upstream changes\n - wifi: wilc1000: avoid buffer overflow in WID string configuration\n {CVE-2025-39952}\n - Revert \"dm-bufio: don't schedule in atomic context {CVE-2025-37928}\"", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu20.04els/advisories/2026/clsa-2026_1775224807.json" } ], "tracking": { "current_release_date": "2026-04-03T17:50:57Z", "generator": { "date": "2026-04-03T17:50:56Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1775224807", "initial_release_date": "2026-04-03T14:09:36Z", "revision_history": [ { "date": "2026-04-03T14:09:36Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-03T17:50:57Z", "number": "2", "summary": "Update document" } ], "status": "final", "version": "2" }, "title": "Fix of 95 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 20.04", "product": { "name": "Ubuntu 20.04", "product_id": "Ubuntu-20", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product": { "name": "linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product_id": "linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-buildinfo-5.4.0-226-tuxcare.els8-generic@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-libc-dev-0:5.4.0-226.246.amd64", "product": { "name": "linux-libc-dev-0:5.4.0-226.246.amd64", "product_id": "linux-libc-dev-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-libc-dev@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product": { "name": "linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product_id": "linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-modules-5.4.0-226-tuxcare.els8-generic@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product": { "name": "linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product_id": "linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-modules-extra-5.4.0-226-tuxcare.els8-generic@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product": { "name": "linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product_id": "linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product": { "name": "linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product_id": "linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product": { "name": "linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product_id": "linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-modules-5.4.0-226-tuxcare.els8-lowlatency@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product": { "name": "linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product_id": "linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-image-unsigned-5.4.0-226-tuxcare.els8-generic@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "product": { "name": "linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "product_id": "linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-cloud-tools-5.4.0-226-tuxcare.els8@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product": { "name": "linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product_id": "linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-tools-5.4.0-226-tuxcare.els8-lowlatency@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product": { "name": "linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product_id": "linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-tools-5.4.0-226-tuxcare.els8-generic@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product": { "name": "linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product_id": "linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-headers-5.4.0-226-tuxcare.els8-lowlatency@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product": { "name": "linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product_id": "linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "product": { "name": "linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "product_id": "linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-tools-5.4.0-226-tuxcare.els8@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product": { "name": "linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product_id": "linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-cloud-tools-5.4.0-226-tuxcare.els8-generic@5.4.0-226.246?arch=amd64" } } }, { "category": "product_version", "name": "linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product": { "name": "linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product_id": "linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-headers-5.4.0-226-tuxcare.els8-generic@5.4.0-226.246?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "linux-tools-common-0:5.4.0-226.246.all", "product": { "name": "linux-tools-common-0:5.4.0-226.246.all", "product_id": "linux-tools-common-0:5.4.0-226.246.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-tools-common@5.4.0-226.246?arch=all" } } }, { "category": "product_version", "name": "linux-cloud-tools-common-0:5.4.0-226.246.all", "product": { "name": "linux-cloud-tools-common-0:5.4.0-226.246.all", "product_id": "linux-cloud-tools-common-0:5.4.0-226.246.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-cloud-tools-common@5.4.0-226.246?arch=all" } } }, { "category": "product_version", "name": "linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "product": { "name": "linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "product_id": "linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-headers-5.4.0-226-tuxcare.els8@5.4.0-226.246?arch=all" } } }, { "category": "product_version", "name": "linux-source-5.4.0-0:5.4.0-226.246.all", "product": { "name": "linux-source-5.4.0-0:5.4.0-226.246.all", "product_id": "linux-source-5.4.0-0:5.4.0-226.246.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-source-5.4.0@5.4.0-226.246?arch=all" } } }, { "category": "product_version", "name": "linux-tools-host-0:5.4.0-226.246.all", "product": { "name": "linux-tools-host-0:5.4.0-226.246.all", "product_id": "linux-tools-host-0:5.4.0-226.246.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-tools-host@5.4.0-226.246?arch=all" } } }, { "category": "product_version", "name": "linux-doc-0:5.4.0-226.246.all", "product": { "name": "linux-doc-0:5.4.0-226.246.all", "product_id": "linux-doc-0:5.4.0-226.246.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/linux-doc@5.4.0-226.246?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64" }, "product_reference": "linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-libc-dev-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64" }, "product_reference": "linux-libc-dev-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64" }, "product_reference": "linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64" }, "product_reference": "linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64" }, "product_reference": "linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64" }, "product_reference": "linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64" }, "product_reference": "linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-common-0:5.4.0-226.246.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all" }, "product_reference": "linux-tools-common-0:5.4.0-226.246.all", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64" }, "product_reference": "linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64" }, "product_reference": "linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64" }, "product_reference": "linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-common-0:5.4.0-226.246.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all" }, "product_reference": "linux-cloud-tools-common-0:5.4.0-226.246.all", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all" }, "product_reference": "linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-source-5.4.0-0:5.4.0-226.246.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all" }, "product_reference": "linux-source-5.4.0-0:5.4.0-226.246.all", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64" }, "product_reference": "linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64" }, "product_reference": "linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64" }, "product_reference": "linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64" }, "product_reference": "linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-tools-host-0:5.4.0-226.246.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" }, "product_reference": "linux-tools-host-0:5.4.0-226.246.all", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64" }, "product_reference": "linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64 as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64" }, "product_reference": "linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "relates_to_product_reference": "Ubuntu-20" }, { "category": "default_component_of", "full_product_name": { "name": "linux-doc-0:5.4.0-226.246.all as a component of Ubuntu 20.04", "product_id": "Ubuntu-20:linux-doc-0:5.4.0-226.246.all" }, "product_reference": "linux-doc-0:5.4.0-226.246.all", "relates_to_product_reference": "Ubuntu-20" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-40275", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd\nIn snd_usb_create_streams(), for UAC version 3 devices, the Interface\nAssociation Descriptor (IAD) is retrieved via usb_ifnum_to_if(). If this\ncall fails, a fallback routine attempts to obtain the IAD from the next\ninterface and sets a BADD profile. However, snd_usb_mixer_controls_badd()\nassumes that the IAD retrieved from usb_ifnum_to_if() is always valid,\nwithout performing a NULL check. This can lead to a NULL pointer\ndereference when usb_ifnum_to_if() fails to find the interface descriptor.\nThis patch adds a NULL pointer check after calling usb_ifnum_to_if() in\nsnd_usb_mixer_controls_badd() to prevent the dereference.\nThis issue was discovered by syzkaller, which triggered the bug by sending\na crafted USB device descriptor.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40275" } ], "release_date": "2025-12-06T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40306", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix xattr related buffer overflow...\n\nWilly Tarreau forwarded me a message from\nDisclosure with the following\nwarning:\n\n> The helper `xattr_key()` uses the pointer variable in the loop condition\n> rather than dereferencing it. As `key` is incremented, it remains non-NULL\n> (until it runs into unmapped memory), so the loop does not terminate on\n> valid C strings and will walk memory indefinitely, consuming CPU or hanging\n> the thread.\n\nI easily reproduced this with setfattr and getfattr, causing a kernel\noops, hung user processes and corrupted orangefs files. Disclosure\nsent along a diff (not a patch) with a suggested fix, which I based\nthis patch on.\n\nAfter xattr_key started working right, xfstest generic/069 exposed an\nxattr related memory leak that lead to OOM. xattr_key returns\na hashed key. When adding xattrs to the orangefs xattr cache, orangefs\nused hash_add, a kernel hashing macro. hash_add also hashes the key using\nhash_log which resulted in additions to the xattr cache going to the wrong\nhash bucket. generic/069 tortures a single file and orangefs does a\ngetattr for the xattr \"security.capability\" every time. Orangefs\nnegative caches on xattrs which includes a kmalloc. Since adds to the\nxattr cache were going to the wrong bucket, every getattr for\n\"security.capability\" resulted in another kmalloc, none of which were\never freed.\n\nI changed the two uses of hash_add to hlist_add_head instead\nand the memory leak ceased and generic/069 quit throwing furniture.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40306" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/025e880759c279ec64d0f754fe65bf45961da864", "url": "https://git.kernel.org/stable/c/025e880759c279ec64d0f754fe65bf45961da864" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/15afebb9597449c444801d1ff0b8d8b311f950ab", "url": "https://git.kernel.org/stable/c/15afebb9597449c444801d1ff0b8d8b311f950ab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9127d1e90c90e5960c8bc72a4ce2c209691a7021", "url": "https://git.kernel.org/stable/c/9127d1e90c90e5960c8bc72a4ce2c209691a7021" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bc812574de633cf9a9ad6974490e45f6a4bb5126", "url": "https://git.kernel.org/stable/c/bc812574de633cf9a9ad6974490e45f6a4bb5126" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c2ca015ac109fd743fdde27933d59dc5ad46658e", "url": "https://git.kernel.org/stable/c/c2ca015ac109fd743fdde27933d59dc5ad46658e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c6564ff6b53c9a8dc786b6f1c51ae7688273f931", "url": "https://git.kernel.org/stable/c/c6564ff6b53c9a8dc786b6f1c51ae7688273f931" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e09a096104fc65859422817fb2211f35855983fe", "url": "https://git.kernel.org/stable/c/e09a096104fc65859422817fb2211f35855983fe" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ef892d2bf4f3fa2c8de1677dd307e678bdd3d865", "url": "https://git.kernel.org/stable/c/ef892d2bf4f3fa2c8de1677dd307e678bdd3d865" } ], "release_date": "2025-12-08T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40331", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nsctp: Prevent TOCTOU out-of-bounds write\nFor the following path not holding the sock lock,\nsctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump()\nmake sure not to exceed bounds in case the address list has grown\nbetween buffer allocation (time-of-check) and write (time-of-use).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40331" } ], "release_date": "2025-12-09T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-68734", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nisdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()\nIn hfcsusb_probe(), the memory allocated for ctrl_urb gets leaked when\nsetup_instance() fails with an error code. Fix that by freeing the urb\nbefore freeing the hw structure. Also change the error paths to use the\ngoto ladder style.\nCompile tested only. Issue found using a prototype static analysis tool.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68734" } ], "release_date": "2025-12-24T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40304", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nfbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds\nAdd bounds checking to prevent writes past framebuffer boundaries when\nrendering text near screen edges. Return early if the Y position is off-screen\nand clip image height to screen boundary. Break from the rendering loop if the\nX position is off-screen. When clipping image width to fit the screen, update\nthe character count to match the clipped width to prevent buffer size\nmismatches.\nWithout the character count update, bit_putcs_aligned and bit_putcs_unaligned\nreceive mismatched parameters where the buffer is allocated for the clipped\nwidth but cnt reflects the original larger count, causing out-of-bounds writes.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40304" } ], "release_date": "2025-12-08T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40106", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: fix divide-by-zero in comedi_buf_munge()\n\nThe comedi_buf_munge() function performs a modulo operation\n`async->munge_chan %= async->cmd.chanlist_len` without first\nchecking if chanlist_len is zero. If a user program submits a command with\nchanlist_len set to zero, this causes a divide-by-zero error when the device\nprocesses data in the interrupt handler path.\n\nAdd a check for zero chanlist_len at the beginning of the\nfunction, similar to the existing checks for !map and\nCMDF_RAWDATA flag. When chanlist_len is zero, update\nmunge_count and return early, indicating the data was\nhandled without munging.\n\nThis prevents potential kernel panics from malformed user commands.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40106" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2670932f2465793fea1ef073e40883e8390fa4d9", "url": "https://git.kernel.org/stable/c/2670932f2465793fea1ef073e40883e8390fa4d9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4ffea48c69cb2b96a281cb7e5e42d706996631db", "url": "https://git.kernel.org/stable/c/4ffea48c69cb2b96a281cb7e5e42d706996631db" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/55520f65fd447e04099a2c44185453c18ea73b7e", "url": "https://git.kernel.org/stable/c/55520f65fd447e04099a2c44185453c18ea73b7e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6db19822512396be1a3e1e20c16c97270285ba1a", "url": "https://git.kernel.org/stable/c/6db19822512396be1a3e1e20c16c97270285ba1a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/87b318ba81dda2ee7b603f4f6c55e78ec3e95974", "url": "https://git.kernel.org/stable/c/87b318ba81dda2ee7b603f4f6c55e78ec3e95974" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f3e4cd9be4b47246ea73ce5e3e0fa2f57f0d10c", "url": "https://git.kernel.org/stable/c/8f3e4cd9be4b47246ea73ce5e3e0fa2f57f0d10c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a4bb5d1bc2f238461bcbe5303eb500466690bb2c", "url": "https://git.kernel.org/stable/c/a4bb5d1bc2f238461bcbe5303eb500466690bb2c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d4854eff25efb06d0d84c13e7129bbdba4125f8c", "url": "https://git.kernel.org/stable/c/d4854eff25efb06d0d84c13e7129bbdba4125f8c" } ], "release_date": "2025-10-31T10:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-23089", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()\n\nWhen snd_usb_create_mixer() fails, snd_usb_mixer_free() frees\nmixer->id_elems but the controls already added to the card still\nreference the freed memory. Later when snd_card_register() runs,\nthe OSS mixer layer calls their callbacks and hits a use-after-free read.\n\nCall trace:\n get_ctl_value+0x63f/0x820 sound/usb/mixer.c:411\n get_min_max_with_quirks.isra.0+0x240/0x1f40 sound/usb/mixer.c:1241\n mixer_ctl_feature_info+0x26b/0x490 sound/usb/mixer.c:1381\n snd_mixer_oss_build_test+0x174/0x3a0 sound/core/oss/mixer_oss.c:887\n ...\n snd_card_register+0x4ed/0x6d0 sound/core/init.c:923\n usb_audio_probe+0x5ef/0x2a90 sound/usb/card.c:1025\n\nFix by calling snd_ctl_remove() for all mixer controls before freeing\nid_elems. We save the next pointer first because snd_ctl_remove()\nfrees the current element.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-23089" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/51b1aa6fe7dc87356ba58df06afb9677c9b841ea", "url": "https://git.kernel.org/stable/c/51b1aa6fe7dc87356ba58df06afb9677c9b841ea" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/56fb6efd5d04caf6f14994d51ec85393b9a896c6", "url": "https://git.kernel.org/stable/c/56fb6efd5d04caf6f14994d51ec85393b9a896c6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7009daeefa945973a530b2f605fe445fc03747af", "url": "https://git.kernel.org/stable/c/7009daeefa945973a530b2f605fe445fc03747af" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7bff0156d13f0ad9436e5178b979b063d59f572a", "url": "https://git.kernel.org/stable/c/7bff0156d13f0ad9436e5178b979b063d59f572a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/930e69757b74c3ae083b0c3c7419bfe7f0edc7b2", "url": "https://git.kernel.org/stable/c/930e69757b74c3ae083b0c3c7419bfe7f0edc7b2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dc1a5dd80af1ee1f29d8375b12dd7625f6294dad", "url": "https://git.kernel.org/stable/c/dc1a5dd80af1ee1f29d8375b12dd7625f6294dad" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e6f103a22b08daf5df2f4aa158081840e5910963", "url": "https://git.kernel.org/stable/c/e6f103a22b08daf5df2f4aa158081840e5910963" } ], "release_date": "2026-02-04T17:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39866", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: writeback: fix use-after-free in __mark_inode_dirty()\n\nAn use-after-free issue occurred when __mark_inode_dirty() get the\nbdi_writeback that was in the progress of switching.\n\nCPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1\n......\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __mark_inode_dirty+0x124/0x418\nlr : __mark_inode_dirty+0x118/0x418\nsp : ffffffc08c9dbbc0\n........\nCall trace:\n __mark_inode_dirty+0x124/0x418\n generic_update_time+0x4c/0x60\n file_modified+0xcc/0xd0\n ext4_buffered_write_iter+0x58/0x124\n ext4_file_write_iter+0x54/0x704\n vfs_write+0x1c0/0x308\n ksys_write+0x74/0x10c\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x40/0xe4\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x194/0x198\n\nRoot cause is:\n\nsystemd-random-seed kworker\n----------------------------------------------------------------------\n___mark_inode_dirty inode_switch_wbs_work_fn\n\n spin_lock(&inode->i_lock);\n inode_attach_wb\n locked_inode_to_wb_and_lock_list\n get inode->i_wb\n spin_unlock(&inode->i_lock);\n spin_lock(&wb->list_lock)\n spin_lock(&inode->i_lock)\n inode_io_list_move_locked\n spin_unlock(&wb->list_lock)\n spin_unlock(&inode->i_lock)\n spin_lock(&old_wb->list_lock)\n inode_do_switch_wbs\n spin_lock(&inode->i_lock)\n inode->i_wb = new_wb\n spin_unlock(&inode->i_lock)\n spin_unlock(&old_wb->list_lock)\n wb_put_many(old_wb, nr_switched)\n cgwb_release\n old wb released\n wb_wakeup_delayed() accesses wb,\n then trigger the use-after-free\n issue\n\nFix this race condition by holding inode spinlock until\nwb_wakeup_delayed() finished.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39866" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1edc2feb9c759a9883dfe81cb5ed231412d8b2e4", "url": "https://git.kernel.org/stable/c/1edc2feb9c759a9883dfe81cb5ed231412d8b2e4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b187c976111960e6e54a6b1fff724f6e3d39406c", "url": "https://git.kernel.org/stable/c/b187c976111960e6e54a6b1fff724f6e3d39406c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bf89b1f87c72df79cf76203f71fbf8349cd5c9de", "url": "https://git.kernel.org/stable/c/bf89b1f87c72df79cf76203f71fbf8349cd5c9de" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c8c14adf80bd1a6e4a1d7ee9c2a816881c26d17a", "url": "https://git.kernel.org/stable/c/c8c14adf80bd1a6e4a1d7ee9c2a816881c26d17a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d02d2c98d25793902f65803ab853b592c7a96b29", "url": "https://git.kernel.org/stable/c/d02d2c98d25793902f65803ab853b592c7a96b29" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e2a14bbae5d8bacaa301362744a110e2be40a3a3", "url": "https://git.kernel.org/stable/c/e2a14bbae5d8bacaa301362744a110e2be40a3a3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e63052921f1b25a836feb1500b841bff7a4a0456", "url": "https://git.kernel.org/stable/c/e63052921f1b25a836feb1500b841bff7a4a0456" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-19T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38108", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: red: fix a race in __red_change()\n\nGerrard Tai reported a race condition in RED, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent's qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38108" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/110a47efcf23438ff8d31dbd9c854fae2a48bf98", "url": "https://git.kernel.org/stable/c/110a47efcf23438ff8d31dbd9c854fae2a48bf98" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2790c4ec481be45a80948d059cd7c9a06bc37493", "url": "https://git.kernel.org/stable/c/2790c4ec481be45a80948d059cd7c9a06bc37493" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2a71924ca4af59ffc00f0444732b6cd54b153d0e", "url": "https://git.kernel.org/stable/c/2a71924ca4af59ffc00f0444732b6cd54b153d0e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/444ad445df5496a785705019268a8a84b84484bb", "url": "https://git.kernel.org/stable/c/444ad445df5496a785705019268a8a84b84484bb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4b755305b2b0618e857fdadb499365b5f2e478d1", "url": "https://git.kernel.org/stable/c/4b755305b2b0618e857fdadb499365b5f2e478d1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/85a3e0ede38450ea3053b8c45d28cf55208409b8", "url": "https://git.kernel.org/stable/c/85a3e0ede38450ea3053b8c45d28cf55208409b8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a1bf6a4e9264a685b0e642994031f9c5aad72414", "url": "https://git.kernel.org/stable/c/a1bf6a4e9264a685b0e642994031f9c5aad72414" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f569984417a4e12c67366e69bdcb752970de921d", "url": "https://git.kernel.org/stable/c/f569984417a4e12c67366e69bdcb752970de921d" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-07-03T09:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68168", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\njfs: fix uninitialized waitqueue in transaction manager\nThe transaction manager initialization in txInit() was not properly\ninitializing TxBlock[0].waitor waitqueue, causing a crash when\ntxEnd(0) is called on read-only filesystems.\nWhen a filesystem is mounted read-only, txBegin() returns tid=0 to\nindicate no transaction. However, txEnd(0) still gets called and\ntries to access TxBlock[0].waitor via tid_to_tblock(0), but this\nwaitqueue was never initialized because the initialization loop\nstarted at index 1 instead of 0.\nThis causes a 'non-static key' lockdep warning and system crash:\nINFO: trying to register non-static key in txEnd\nFix by ensuring all transaction blocks including TxBlock[0] have\ntheir waitqueues properly initialized during txInit().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68168" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-71085", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()\n\nThere exists a kernel oops caused by a BUG_ON(nhead < 0) at\nnet/core/skbuff.c:2232 in pskb_expand_head().\nThis bug is triggered as part of the calipso_skbuff_setattr()\nroutine when skb_cow() is passed headroom > INT_MAX\n(i.e. (int)(skb_headroom(skb) + len_delta) < 0).\n\nThe root cause of the bug is due to an implicit integer cast in\n__skb_cow(). The check (headroom > skb_headroom(skb)) is meant to ensure\nthat delta = headroom - skb_headroom(skb) is never negative, otherwise\nwe will trigger a BUG_ON in pskb_expand_head(). However, if\nheadroom > INT_MAX and delta <= -NET_SKB_PAD, the check passes, delta\nbecomes negative, and pskb_expand_head() is passed a negative value for\nnhead.\n\nFix the trigger condition in calipso_skbuff_setattr(). Avoid passing\n\"negative\" headroom sizes to skb_cow() within calipso_skbuff_setattr()\nby only using skb_cow() to grow headroom.\n\nPoC:\n\tUsing `netlabelctl` tool:\n\n netlabelctl map del default\n netlabelctl calipso add pass doi:7\n netlabelctl map add default address:0::1/128 protocol:calipso,7\n\n Then run the following PoC:\n\n int fd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);\n\n // setup msghdr\n int cmsg_size = 2;\n int cmsg_len = 0x60;\n struct msghdr msg;\n struct sockaddr_in6 dest_addr;\n struct cmsghdr * cmsg = (struct cmsghdr *) calloc(1,\n sizeof(struct cmsghdr) + cmsg_len);\n msg.msg_name = &dest_addr;\n msg.msg_namelen = sizeof(dest_addr);\n msg.msg_iov = NULL;\n msg.msg_iovlen = 0;\n msg.msg_control = cmsg;\n msg.msg_controllen = cmsg_len;\n msg.msg_flags = 0;\n\n // setup sockaddr\n dest_addr.sin6_family = AF_INET6;\n dest_addr.sin6_port = htons(31337);\n dest_addr.sin6_flowinfo = htonl(31337);\n dest_addr.sin6_addr = in6addr_loopback;\n dest_addr.sin6_scope_id = 31337;\n\n // setup cmsghdr\n cmsg->cmsg_len = cmsg_len;\n cmsg->cmsg_level = IPPROTO_IPV6;\n cmsg->cmsg_type = IPV6_HOPOPTS;\n char * hop_hdr = (char *)cmsg + sizeof(struct cmsghdr);\n hop_hdr[1] = 0x9; //set hop size - (0x9 + 1) * 8 = 80\n\n sendmsg(fd, &msg, 0);", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-71085" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2bb759062efa188ea5d07242a43e5aa5464bbae1", "url": "https://git.kernel.org/stable/c/2bb759062efa188ea5d07242a43e5aa5464bbae1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/58fc7342b529803d3c221101102fe913df7adb83", "url": "https://git.kernel.org/stable/c/58fc7342b529803d3c221101102fe913df7adb83" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6b7522424529556c9cbc15e15e7bd4eeae310910", "url": "https://git.kernel.org/stable/c/6b7522424529556c9cbc15e15e7bd4eeae310910" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/73744ad5696dce0e0f43872aba8de6a83d6ad570", "url": "https://git.kernel.org/stable/c/73744ad5696dce0e0f43872aba8de6a83d6ad570" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/86f365897068d09418488165a68b23cb5baa37f2", "url": "https://git.kernel.org/stable/c/86f365897068d09418488165a68b23cb5baa37f2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bf3709738d8a8cc6fa275773170c5c29511a0b24", "url": "https://git.kernel.org/stable/c/bf3709738d8a8cc6fa275773170c5c29511a0b24" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c53aa6a5086f03f19564096ee084a202a8c738c0", "url": "https://git.kernel.org/stable/c/c53aa6a5086f03f19564096ee084a202a8c738c0" } ], "release_date": "2026-01-13T16:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40363", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: ipv6: fix field-spanning memcpy warning in AH output\nFix field-spanning memcpy warnings in ah6_output() and\nah6_output_done() where extension headers are copied to/from IPv6\naddress fields, triggering fortify-string warnings about writes beyond\nthe 16-byte address fields.\nmemcpy: detected field-spanning write (size 40) of single field \"&top_iph->saddr\" at net/ipv6/ah6.c:439 (size 16)\nWARNING: CPU: 0 PID: 8838 at net/ipv6/ah6.c:439 ah6_output+0xe7e/0x14e0 net/ipv6/ah6.c:439\nThe warnings are false positives as the extension headers are\nintentionally placed after the IPv6 header in memory. Fix by properly\ncopying addresses and extension headers separately, and introduce\nhelper functions to avoid code duplication.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40363" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-39686", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Make insn_rw_emulate_bits() do insn->n samples\n\nThe `insn_rw_emulate_bits()` function is used as a default handler for\n`INSN_READ` instructions for subdevices that have a handler for\n`INSN_BITS` but not for `INSN_READ`. Similarly, it is used as a default\nhandler for `INSN_WRITE` instructions for subdevices that have a handler\nfor `INSN_BITS` but not for `INSN_WRITE`. It works by emulating the\n`INSN_READ` or `INSN_WRITE` instruction handling with a constructed\n`INSN_BITS` instruction. However, `INSN_READ` and `INSN_WRITE`\ninstructions are supposed to be able read or write multiple samples,\nindicated by the `insn->n` value, but `insn_rw_emulate_bits()` currently\nonly handles a single sample. For `INSN_READ`, the comedi core will\ncopy `insn->n` samples back to user-space. (That triggered KASAN\nkernel-infoleak errors when `insn->n` was greater than 1, but that is\nbeing fixed more generally elsewhere in the comedi core.)\n\nMake `insn_rw_emulate_bits()` either handle `insn->n` samples, or return\nan error, to conform to the general expectation for `INSN_READ` and\n`INSN_WRITE` handlers.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39686" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7afba9221f70d4cbce0f417c558879cba0eb5e66", "url": "https://git.kernel.org/stable/c/7afba9221f70d4cbce0f417c558879cba0eb5e66" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/842f307a1d115b24f2bcb2415c4e344f11f55930", "url": "https://git.kernel.org/stable/c/842f307a1d115b24f2bcb2415c4e344f11f55930" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/92352ed2f9ac422181e381c2430c2d0dfb46faa0", "url": "https://git.kernel.org/stable/c/92352ed2f9ac422181e381c2430c2d0dfb46faa0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ab77e85bd3bc006ef40738f26f446a660813da44", "url": "https://git.kernel.org/stable/c/ab77e85bd3bc006ef40738f26f446a660813da44" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ae8bc1f07bcb31b8636420e03d1f9c3df6219a2b", "url": "https://git.kernel.org/stable/c/ae8bc1f07bcb31b8636420e03d1f9c3df6219a2b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dc0a2f142d655700db43de90cb6abf141b73d908", "url": "https://git.kernel.org/stable/c/dc0a2f142d655700db43de90cb6abf141b73d908" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-05T18:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39955", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk->sk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)->fastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet's call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 <0f> 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n ", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39955" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/17d699727577814198d744d6afe54735c6b54c99", "url": "https://git.kernel.org/stable/c/17d699727577814198d744d6afe54735c6b54c99" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/33a4fdf0b4a25f8ce65380c3b0136b407ca57609", "url": "https://git.kernel.org/stable/c/33a4fdf0b4a25f8ce65380c3b0136b407ca57609" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/45c8a6cc2bcd780e634a6ba8e46bffbdf1fc5c01", "url": "https://git.kernel.org/stable/c/45c8a6cc2bcd780e634a6ba8e46bffbdf1fc5c01" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7ec092a91ff351dcde89c23e795b73a328274db6", "url": "https://git.kernel.org/stable/c/7ec092a91ff351dcde89c23e795b73a328274db6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a4378dedd6e07e62f2fccb17d78c9665718763d0", "url": "https://git.kernel.org/stable/c/a4378dedd6e07e62f2fccb17d78c9665718763d0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ae313d14b45eca7a6bb29cb9bf396d977e7d28fb", "url": "https://git.kernel.org/stable/c/ae313d14b45eca7a6bb29cb9bf396d977e7d28fb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dfd06131107e7b699ef1e2a24ed2f7d17c917753", "url": "https://git.kernel.org/stable/c/dfd06131107e7b699ef1e2a24ed2f7d17c917753" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fa4749c065644af4db496b338452a69a3e5147d9", "url": "https://git.kernel.org/stable/c/fa4749c065644af4db496b338452a69a3e5147d9" } ], "release_date": "2025-10-09T10:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68241", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe\nThe sit driver's packet transmission path calls: sit_tunnel_xmit() ->\nupdate_or_create_fnhe(), which lead to fnhe_remove_oldest() being called\nto delete entries exceeding FNHE_RECLAIM_DEPTH+random.\nThe race window is between fnhe_remove_oldest() selecting fnheX for\ndeletion and the subsequent kfree_rcu(). During this time, the\nconcurrent path's __mkroute_output() -> find_exception() can fetch the\nsoon-to-be-deleted fnheX, and rt_bind_exception() then binds it with a\nnew dst using a dst_hold(). When the original fnheX is freed via RCU,\nthe dst reference remains permanently leaked.\nCPU 0 CPU 1\n__mkroute_output()\nfind_exception() [fnheX]\nupdate_or_create_fnhe()\nfnhe_remove_oldest() [fnheX]\nrt_bind_exception() [bind dst]\nRCU callback [fnheX freed, dst leak]\nThis issue manifests as a device reference count leak and a warning in\ndmesg when unregistering the net device:\nunregister_netdevice: waiting for sitX to become free. Usage count = N\nIdo Schimmel provided the simple test validation method [1].\nThe fix clears 'oldest->fnhe_daddr' before calling fnhe_flush_routes().\nSince rt_bind_exception() checks this field, setting it to zero prevents\nthe stale fnhe from being reused and bound to a new dst just before it\nis freed.\n[1]\nip netns add ns1\nip -n ns1 link set dev lo up\nip -n ns1 address add 192.0.2.1/32 dev lo\nip -n ns1 link add name dummy1 up type dummy\nip -n ns1 route add 192.0.2.2/32 dev dummy1\nip -n ns1 link add name gretap1 up arp off type gretap \\\nlocal 192.0.2.1 remote 192.0.2.2\nip -n ns1 route add 198.51.0.0/16 dev gretap1\ntaskset -c 0 ip netns exec ns1 mausezahn gretap1 \\\n-A 198.51.100.1 -B 198.51.0.0/16 -t udp -p 1000 -c 0 -q &\ntaskset -c 2 ip netns exec ns1 mausezahn gretap1 \\\n-A 198.51.100.1 -B 198.51.0.0/16 -t udp -p 1000 -c 0 -q &\nsleep 10\nip netns pids ns1 | xargs kill\nip netns del ns1", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68241" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-38555", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget : fix use-after-free in composite_dev_cleanup()\n\n1. In func configfs_composite_bind() -> composite_os_desc_req_prepare():\nif kmalloc fails, the pointer cdev->os_desc_req will be freed but not\nset to NULL. Then it will return a failure to the upper-level function.\n2. in func configfs_composite_bind() -> composite_dev_cleanup():\nit will checks whether cdev->os_desc_req is NULL. If it is not NULL, it\nwill attempt to use it.This will lead to a use-after-free issue.\n\nBUG: KASAN: use-after-free in composite_dev_cleanup+0xf4/0x2c0\nRead of size 8 at addr 0000004827837a00 by task init/1\n\nCPU: 10 PID: 1 Comm: init Tainted: G O 5.10.97-oh #1\n kasan_report+0x188/0x1cc\n __asan_load8+0xb4/0xbc\n composite_dev_cleanup+0xf4/0x2c0\n configfs_composite_bind+0x210/0x7ac\n udc_bind_to_driver+0xb4/0x1ec\n usb_gadget_probe_driver+0xec/0x21c\n gadget_dev_desc_UDC_store+0x264/0x27c", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38555" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/151c0aa896c47a4459e07fee7d4843f44c1bb18e", "url": "https://git.kernel.org/stable/c/151c0aa896c47a4459e07fee7d4843f44c1bb18e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2db29235e900a084a656dea7e0939b0abb7bb897", "url": "https://git.kernel.org/stable/c/2db29235e900a084a656dea7e0939b0abb7bb897" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5f06ee9f9a3665d43133f125c17e5258a13f3963", "url": "https://git.kernel.org/stable/c/5f06ee9f9a3665d43133f125c17e5258a13f3963" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8afb22aa063f706f3343707cdfb8cda4d021dd33", "url": "https://git.kernel.org/stable/c/8afb22aa063f706f3343707cdfb8cda4d021dd33" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/aada327a9f8028c573636fa60c0abc80fb8135c9", "url": "https://git.kernel.org/stable/c/aada327a9f8028c573636fa60c0abc80fb8135c9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bd3c4ef60baf7f65c963f3e12d9d7b2b091e20ba", "url": "https://git.kernel.org/stable/c/bd3c4ef60baf7f65c963f3e12d9d7b2b091e20ba" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dba96dfa5a0f685b959dd28a52ac8dab0b805204", "url": "https://git.kernel.org/stable/c/dba96dfa5a0f685b959dd28a52ac8dab0b805204" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e1be1f380c82a69f80c68c96a7cfe8759fb30355", "url": "https://git.kernel.org/stable/c/e1be1f380c82a69f80c68c96a7cfe8759fb30355" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e624bf26127645a2f7821e73fdf6dc64bad07835", "url": "https://git.kernel.org/stable/c/e624bf26127645a2f7821e73fdf6dc64bad07835" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-08-19T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38159", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds\n\nSet the size to 6 instead of 2, since 'para' array is passed to\n'rtw_fw_bt_wifi_control(rtwdev, para[0], ¶[1])', which reads\n5 bytes:\n\nvoid rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)\n{\n ...\n SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);\n SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));\n ...\n SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));\n\nDetected using the static analysis tool - Svace.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38159" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1ee8ea6937d13b20f90ff35d71ccc03ba448182d", "url": "https://git.kernel.org/stable/c/1ee8ea6937d13b20f90ff35d71ccc03ba448182d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4c2c372de2e108319236203cce6de44d70ae15cd", "url": "https://git.kernel.org/stable/c/4c2c372de2e108319236203cce6de44d70ae15cd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/68a1037f0bac4de9a585aa9c879ef886109f3647", "url": "https://git.kernel.org/stable/c/68a1037f0bac4de9a585aa9c879ef886109f3647" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/74e18211c2c89ab66c9546baa7408288db61aa0d", "url": "https://git.kernel.org/stable/c/74e18211c2c89ab66c9546baa7408288db61aa0d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9febcc8bded8be0d7efd8237fcef599b6d93b788", "url": "https://git.kernel.org/stable/c/9febcc8bded8be0d7efd8237fcef599b6d93b788" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c13255389499275bc5489a0b5b7940ccea3aef04", "url": "https://git.kernel.org/stable/c/c13255389499275bc5489a0b5b7940ccea3aef04" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-07-03T09:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39952", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: avoid buffer overflow in WID string configuration\n\nFix the following copy overflow warning identified by Smatch checker.\n\n drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()\n error: '__memcpy()' 'cfg->s[i]->str' copy overflow (512 vs 65537)\n\nThis patch introduces size check before accessing the memory buffer.\nThe checks are base on the WID type of received data from the firmware.\nFor WID string configuration, the size limit is determined by individual\nelement size in 'struct wilc_cfg_str_vals' that is maintained in 'len' field\nof 'struct wilc_cfg_str'.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39952" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2203ef417044b10a8563ade6a17c74183745d72e", "url": "https://git.kernel.org/stable/c/2203ef417044b10a8563ade6a17c74183745d72e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6085291a1a5865d4ad70f0e5812d524ebd5d1711", "url": "https://git.kernel.org/stable/c/6085291a1a5865d4ad70f0e5812d524ebd5d1711" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ae50f8562306a7ea1cf3c9722f97ee244f974729", "url": "https://git.kernel.org/stable/c/ae50f8562306a7ea1cf3c9722f97ee244f974729" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fe9e4d0c39311d0f97b024147a0d155333f388b5", "url": "https://git.kernel.org/stable/c/fe9e4d0c39311d0f97b024147a0d155333f388b5" } ], "release_date": "2025-10-04T08:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39759", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix race between quota disable and quota rescan ioctl\n\nThere's a race between a task disabling quotas and another running the\nrescan ioctl that can result in a use-after-free of qgroup records from\nthe fs_info->qgroup_tree rbtree.\n\nThis happens as follows:\n\n1) Task A enters btrfs_ioctl_quota_rescan() -> btrfs_qgroup_rescan();\n\n2) Task B enters btrfs_quota_disable() and calls\n btrfs_qgroup_wait_for_completion(), which does nothing because at that\n point fs_info->qgroup_rescan_running is false (it wasn't set yet by\n task A);\n\n3) Task B calls btrfs_free_qgroup_config() which starts freeing qgroups\n from fs_info->qgroup_tree without taking the lock fs_info->qgroup_lock;\n\n4) Task A enters qgroup_rescan_zero_tracking() which starts iterating\n the fs_info->qgroup_tree tree while holding fs_info->qgroup_lock,\n but task B is freeing qgroup records from that tree without holding\n the lock, resulting in a use-after-free.\n\nFix this by taking fs_info->qgroup_lock at btrfs_free_qgroup_config().\nAlso at btrfs_qgroup_rescan() don't start the rescan worker if quotas\nwere already disabled.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39759" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2fd0f5ceb997f90f4332ccbab6c7e907e6b2d0eb", "url": "https://git.kernel.org/stable/c/2fd0f5ceb997f90f4332ccbab6c7e907e6b2d0eb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7cda0fdde5d9890976861421d207870500f9aace", "url": "https://git.kernel.org/stable/c/7cda0fdde5d9890976861421d207870500f9aace" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b172535ccba12f0cf7d23b3b840989de47fc104d", "url": "https://git.kernel.org/stable/c/b172535ccba12f0cf7d23b3b840989de47fc104d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c38028ce0d0045ca600b6a8345a0ff92bfb47b66", "url": "https://git.kernel.org/stable/c/c38028ce0d0045ca600b6a8345a0ff92bfb47b66" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dd0b28d877b293b1d7f8727a7de08ae36b6b9ef0", "url": "https://git.kernel.org/stable/c/dd0b28d877b293b1d7f8727a7de08ae36b6b9ef0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e1249667750399a48cafcf5945761d39fa584edf", "url": "https://git.kernel.org/stable/c/e1249667750399a48cafcf5945761d39fa584edf" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-11T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40269", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nALSA: usb-audio: Fix potential overflow of PCM transfer buffer\nThe PCM stream data in USB-audio driver is transferred over USB URB\npacket buffers, and each packet size is determined dynamically. The\npacket sizes are limited by some factors such as wMaxPacketSize USB\ndescriptor. OTOH, in the current code, the actually used packet sizes\nare determined only by the rate and the PPS, which may be bigger than\nthe size limit above. This results in a buffer overflow, as reported\nby syzbot.\nBasically when the limit is smaller than the calculated packet size,\nit implies that something is wrong, most likely a weird USB\ndescriptor. So the best option would be just to return an error at\nthe parameter setup time before doing any further operations.\nThis patch introduces such a sanity check, and returns -EINVAL when\nthe packet size is greater than maxpacksize. The comparison with\nep->packsize[1] alone should suffice since it's always equal or\ngreater than ep->packsize[0].", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40269" } ], "release_date": "2025-12-06T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38079", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38079" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0346f4b742345d1c733c977f3a7aef5a6419a967", "url": "https://git.kernel.org/stable/c/0346f4b742345d1c733c977f3a7aef5a6419a967" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/134daaba93193df9e988524b5cd2f52d15eb1993", "url": "https://git.kernel.org/stable/c/134daaba93193df9e988524b5cd2f52d15eb1993" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2f45a8d64fb4ed4830a4b3273834ecd6ca504896", "url": "https://git.kernel.org/stable/c/2f45a8d64fb4ed4830a4b3273834ecd6ca504896" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5bff312b59b3f2a54ff504e4f4e47272b64f3633", "url": "https://git.kernel.org/stable/c/5bff312b59b3f2a54ff504e4f4e47272b64f3633" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b2df03ed4052e97126267e8c13ad4204ea6ba9b6", "url": "https://git.kernel.org/stable/c/b2df03ed4052e97126267e8c13ad4204ea6ba9b6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bf7bba75b91539e93615f560893a599c1e1c98bf", "url": "https://git.kernel.org/stable/c/bf7bba75b91539e93615f560893a599c1e1c98bf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c3059d58f79fdfb2201249c2741514e34562b547", "url": "https://git.kernel.org/stable/c/c3059d58f79fdfb2201249c2741514e34562b547" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f0f3d09f53534ea385d55ced408f2b67059b16e4", "url": "https://git.kernel.org/stable/c/f0f3d09f53534ea385d55ced408f2b67059b16e4" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-06-18T10:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39743", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: truncate good inode pages when hard link is 0\n\nThe fileset value of the inode copy from the disk by the reproducer is\nAGGR_RESERVED_I. When executing evict, its hard link number is 0, so its\ninode pages are not truncated. This causes the bugon to be triggered when\nexecuting clear_inode() because nrpages is greater than 0.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39743" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1bb5cdc3e39f0c2b311fcb631258b7e60d3fb0d3", "url": "https://git.kernel.org/stable/c/1bb5cdc3e39f0c2b311fcb631258b7e60d3fb0d3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2b1d5ca395a5fb170c3f885cd42c16179f7f54ec", "url": "https://git.kernel.org/stable/c/2b1d5ca395a5fb170c3f885cd42c16179f7f54ec" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2d91b3765cd05016335cd5df5e5c6a29708ec058", "url": "https://git.kernel.org/stable/c/2d91b3765cd05016335cd5df5e5c6a29708ec058" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/34d8e982bac48bdcca7524644a8825a580edce74", "url": "https://git.kernel.org/stable/c/34d8e982bac48bdcca7524644a8825a580edce74" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5845b926c561b8333cd65169526eec357d7bb449", "url": "https://git.kernel.org/stable/c/5845b926c561b8333cd65169526eec357d7bb449" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/89fff8e3d6710fc32507b8e19eb5afa9fb79b896", "url": "https://git.kernel.org/stable/c/89fff8e3d6710fc32507b8e19eb5afa9fb79b896" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8ed7275910fb7177012619864e04d3008763f3ea", "url": "https://git.kernel.org/stable/c/8ed7275910fb7177012619864e04d3008763f3ea" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b5b471820c33365a8ccd2d463578bf4e47056c2c", "url": "https://git.kernel.org/stable/c/b5b471820c33365a8ccd2d463578bf4e47056c2c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/df3fd8daf278eca365f221749ae5b728e8382a04", "url": "https://git.kernel.org/stable/c/df3fd8daf278eca365f221749ae5b728e8382a04" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-11T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40087", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\n\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40087" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/34d187e020cbda112a6c6f094f0ca5e6a8672b75", "url": "https://git.kernel.org/stable/c/34d187e020cbda112a6c6f094f0ca5e6a8672b75" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4b47a8601b71ad98833b447d465592d847b4dc77", "url": "https://git.kernel.org/stable/c/4b47a8601b71ad98833b447d465592d847b4dc77" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/785ec512afa80d0540f2ca797c0e56de747a6083", "url": "https://git.kernel.org/stable/c/785ec512afa80d0540f2ca797c0e56de747a6083" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a156af6a4dc38c2aa7c98e89520a70fb3b3e7df4", "url": "https://git.kernel.org/stable/c/a156af6a4dc38c2aa7c98e89520a70fb3b3e7df4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a75994dd879401c3e24ff51c2536559f1a53ea27", "url": "https://git.kernel.org/stable/c/a75994dd879401c3e24ff51c2536559f1a53ea27" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ba88a53d7f5df4191583abf214214efe0cda91d2", "url": "https://git.kernel.org/stable/c/ba88a53d7f5df4191583abf214214efe0cda91d2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/da9129ef77786839a3ccd1d7afeeab790bceaa1d", "url": "https://git.kernel.org/stable/c/da9129ef77786839a3ccd1d7afeeab790bceaa1d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f7353208c91ab004e0179c5fb6c365b0f132f9f0", "url": "https://git.kernel.org/stable/c/f7353208c91ab004e0179c5fb6c365b0f132f9f0" } ], "release_date": "2025-10-30T10:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-49267", "notes": [ { "category": "description", "text": "No description is available for this CVE.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49267" } ], "release_date": "2025-02-26T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-38713", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nThe hfsplus_readdir() method is capable to crash by calling\nhfsplus_uni2asc():\n\n[ 667.121659][ T9805] ==================================================================\n[ 667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10\n[ 667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805\n[ 667.124578][ T9805]\n[ 667.124876][ T9805] CPU: 3 UID: 0 PID: 9805 Comm: repro Not tainted 6.16.0-rc3 #1 PREEMPT(full)\n[ 667.124886][ T9805] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 667.124890][ T9805] Call Trace:\n[ 667.124893][ T9805] \n[ 667.124896][ T9805] dump_stack_lvl+0x10e/0x1f0\n[ 667.124911][ T9805] print_report+0xd0/0x660\n[ 667.124920][ T9805] ? __virt_addr_valid+0x81/0x610\n[ 667.124928][ T9805] ? __phys_addr+0xe8/0x180\n[ 667.124934][ T9805] ? hfsplus_uni2asc+0x902/0xa10\n[ 667.124942][ T9805] kasan_report+0xc6/0x100\n[ 667.124950][ T9805] ? hfsplus_uni2asc+0x902/0xa10\n[ 667.124959][ T9805] hfsplus_uni2asc+0x902/0xa10\n[ 667.124966][ T9805] ? hfsplus_bnode_read+0x14b/0x360\n[ 667.124974][ T9805] hfsplus_readdir+0x845/0xfc0\n[ 667.124984][ T9805] ? __pfx_hfsplus_readdir+0x10/0x10\n[ 667.124994][ T9805] ? stack_trace_save+0x8e/0xc0\n[ 667.125008][ T9805] ? iterate_dir+0x18b/0xb20\n[ 667.125015][ T9805] ? trace_lock_acquire+0x85/0xd0\n[ 667.125022][ T9805] ? lock_acquire+0x30/0x80\n[ 667.125029][ T9805] ? iterate_dir+0x18b/0xb20\n[ 667.125037][ T9805] ? down_read_killable+0x1ed/0x4c0\n[ 667.125044][ T9805] ? putname+0x154/0x1a0\n[ 667.125051][ T9805] ? __pfx_down_read_killable+0x10/0x10\n[ 667.125058][ T9805] ? apparmor_file_permission+0x239/0x3e0\n[ 667.125069][ T9805] iterate_dir+0x296/0xb20\n[ 667.125076][ T9805] __x64_sys_getdents64+0x13c/0x2c0\n[ 667.125084][ T9805] ? __pfx___x64_sys_getdents64+0x10/0x10\n[ 667.125091][ T9805] ? __x64_sys_openat+0x141/0x200\n[ 667.125126][ T9805] ? __pfx_filldir64+0x10/0x10\n[ 667.125134][ T9805] ? do_user_addr_fault+0x7fe/0x12f0\n[ 667.125143][ T9805] do_syscall_64+0xc9/0x480\n[ 667.125151][ T9805] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 667.125158][ T9805] RIP: 0033:0x7fa8753b2fc9\n[ 667.125164][ T9805] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 48\n[ 667.125172][ T9805] RSP: 002b:00007ffe96f8e0f8 EFLAGS: 00000217 ORIG_RAX: 00000000000000d9\n[ 667.125181][ T9805] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa8753b2fc9\n[ 667.125185][ T9805] RDX: 0000000000000400 RSI: 00002000000063c0 RDI: 0000000000000004\n[ 667.125190][ T9805] RBP: 00007ffe96f8e110 R08: 00007ffe96f8e110 R09: 00007ffe96f8e110\n[ 667.125195][ T9805] R10: 0000000000000000 R11: 0000000000000217 R12: 0000556b1e3b4260\n[ 667.125199][ T9805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 667.125207][ T9805] \n[ 667.125210][ T9805]\n[ 667.145632][ T9805] Allocated by task 9805:\n[ 667.145991][ T9805] kasan_save_stack+0x20/0x40\n[ 667.146352][ T9805] kasan_save_track+0x14/0x30\n[ 667.146717][ T9805] __kasan_kmalloc+0xaa/0xb0\n[ 667.147065][ T9805] __kmalloc_noprof+0x205/0x550\n[ 667.147448][ T9805] hfsplus_find_init+0x95/0x1f0\n[ 667.147813][ T9805] hfsplus_readdir+0x220/0xfc0\n[ 667.148174][ T9805] iterate_dir+0x296/0xb20\n[ 667.148549][ T9805] __x64_sys_getdents64+0x13c/0x2c0\n[ 667.148937][ T9805] do_syscall_64+0xc9/0x480\n[ 667.149291][ T9805] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 667.149809][ T9805]\n[ 667.150030][ T9805] The buggy address belongs to the object at ffff88802592f000\n[ 667.150030][ T9805] which belongs to the cache kmalloc-2k of size 2048\n[ 667.151282][ T9805] The buggy address is located 0 bytes to the right of\n[ 667.151282][ T9805] allocated 1036-byte region [ffff88802592f000, ffff88802592f40c)\n[ 667.1\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38713" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/13604b1d7e7b125fb428cddbec6b8d92baad25d5", "url": "https://git.kernel.org/stable/c/13604b1d7e7b125fb428cddbec6b8d92baad25d5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1ca69007e52a73bd8b84b988b61b319816ca8b01", "url": "https://git.kernel.org/stable/c/1ca69007e52a73bd8b84b988b61b319816ca8b01" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/291bb5d931c6f3cd7227b913302a17be21cf53b0", "url": "https://git.kernel.org/stable/c/291bb5d931c6f3cd7227b913302a17be21cf53b0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9", "url": "https://git.kernel.org/stable/c/6f93694bcbc2c2ab3e01cd8fba2f296faf34e6b9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/73f7da507d787b489761a0fa280716f84fa32b2f", "url": "https://git.kernel.org/stable/c/73f7da507d787b489761a0fa280716f84fa32b2f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/76a4c6636a69d69409aa253b049b1be717a539c5", "url": "https://git.kernel.org/stable/c/76a4c6636a69d69409aa253b049b1be717a539c5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/94458781aee6045bd3d0ad4b80b02886b9e2219b", "url": "https://git.kernel.org/stable/c/94458781aee6045bd3d0ad4b80b02886b9e2219b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ccf0ad56a779e6704c0b27f555dec847f50c7557", "url": "https://git.kernel.org/stable/c/ccf0ad56a779e6704c0b27f555dec847f50c7557" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee", "url": "https://git.kernel.org/stable/c/f7534cbfac0a9ffa4fa17cacc6e8b6446dae24ee" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-04T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40322", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nfbdev: bitblit: bound-check glyph index in bit_putcs*\nbit_putcs_aligned()/unaligned() derived the glyph pointer from the\ncharacter value masked by 0xff/0x1ff, which may exceed the actual font's\nglyph count and read past the end of the built-in font array.\nClamp the index to the actual glyph count before computing the address.\nThis fixes a global out-of-bounds read reported by syzbot.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40322" } ], "release_date": "2025-12-08T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40264", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nbe2net: pass wrb_params in case of OS2BMC\nbe_insert_vlan_in_pkt() is called with the wrb_params argument being NULL\nat be_send_pkt_to_bmc() call site.  This may lead to dereferencing a NULL\npointer when processing a workaround for specific packet, as commit\nbc0c3405abbb (\"be2net: fix a Tx stall bug caused by a specific ipv6\npacket\") states.\nThe correct way would be to pass the wrb_params from be_xmit().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40264" } ], "release_date": "2025-12-04T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-22997", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts\n\nSince j1939_session_deactivate_activate_next() in j1939_tp_rxtimer() is\ncalled only when the timer is enabled, we need to call\nj1939_session_deactivate_activate_next() if we cancelled the timer.\nOtherwise, refcount for j1939_session leaks, which will later appear as\n\n| unregister_netdevice: waiting for vcan0 to become free. Usage count = 2.\n\nproblem.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-22997" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1809c82aa073a11b7d335ae932d81ce51a588a4a", "url": "https://git.kernel.org/stable/c/1809c82aa073a11b7d335ae932d81ce51a588a4a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6121b7564c725b632ffe4764abe85aa239d37703", "url": "https://git.kernel.org/stable/c/6121b7564c725b632ffe4764abe85aa239d37703" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/809a437e27a3bf3c1c6c8c157773635552116f2b", "url": "https://git.kernel.org/stable/c/809a437e27a3bf3c1c6c8c157773635552116f2b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a73e7d7e346dae1c22dc3e95b02ca464b12daf2c", "url": "https://git.kernel.org/stable/c/a73e7d7e346dae1c22dc3e95b02ca464b12daf2c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/adabf01c19561e42899da9de56a6a1da0e6b8a5b", "url": "https://git.kernel.org/stable/c/adabf01c19561e42899da9de56a6a1da0e6b8a5b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b1d67607e97d489c0cfbbf55f48a76b00710b0e4", "url": "https://git.kernel.org/stable/c/b1d67607e97d489c0cfbbf55f48a76b00710b0e4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cb2a610867bc379988bae0bb4b8bbc59c0decf1a", "url": "https://git.kernel.org/stable/c/cb2a610867bc379988bae0bb4b8bbc59c0decf1a" } ], "release_date": "2026-01-25T15:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-41014", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: add bounds checking to xlog_recover_process_data\n\nThere is a lack of verification of the space occupied by fixed members\nof xlog_op_header in the xlog_recover_process_data.\n\nWe can create a crafted image to trigger an out of bounds read by\nfollowing these steps:\n 1) Mount an image of xfs, and do some file operations to leave records\n 2) Before umounting, copy the image for subsequent steps to simulate\n abnormal exit. Because umount will ensure that tail_blk and\n head_blk are the same, which will result in the inability to enter\n xlog_recover_process_data\n 3) Write a tool to parse and modify the copied image in step 2\n 4) Make the end of the xlog_op_header entries only 1 byte away from\n xlog_rec_header->h_size\n 5) xlog_rec_header->h_num_logops++\n 6) Modify xlog_rec_header->h_crc\n\nFix:\nAdd a check to make sure there is sufficient space to access fixed members\nof xlog_op_header.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-41014" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1", "url": "https://git.kernel.org/stable/c/7cd9f0a33e738cd58876f1bc8d6c1aa5bc4fc8c1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143", "url": "https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196", "url": "https://git.kernel.org/stable/c/fb63435b7c7dc112b1ae1baea5486e0a6e27b196" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html", "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html" } ], "release_date": "2024-07-29T07:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40317", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: slimbus: fix bus_context pointer in regmap init calls\n\nCommit 4e65bda8273c (\"ASoC: wcd934x: fix error handling in\nwcd934x_codec_parse_data()\") revealed the problem in the slimbus regmap.\nThat commit breaks audio playback, for instance, on sdm845 Thundercomm\nDragonboard 845c board:\n\n Unable to handle kernel paging request at virtual address ffff8000847cbad4\n ...\n CPU: 5 UID: 0 PID: 776 Comm: aplay Not tainted 6.18.0-rc1-00028-g7ea30958b305 #11 PREEMPT\n Hardware name: Thundercomm Dragonboard 845c (DT)\n ...\n Call trace:\n slim_xfer_msg+0x24/0x1ac [slimbus] (P)\n slim_read+0x48/0x74 [slimbus]\n regmap_slimbus_read+0x18/0x24 [regmap_slimbus]\n _regmap_raw_read+0xe8/0x174\n _regmap_bus_read+0x44/0x80\n _regmap_read+0x60/0xd8\n _regmap_update_bits+0xf4/0x140\n _regmap_select_page+0xa8/0x124\n _regmap_raw_write_impl+0x3b8/0x65c\n _regmap_bus_raw_write+0x60/0x80\n _regmap_write+0x58/0xc0\n regmap_write+0x4c/0x80\n wcd934x_hw_params+0x494/0x8b8 [snd_soc_wcd934x]\n snd_soc_dai_hw_params+0x3c/0x7c [snd_soc_core]\n __soc_pcm_hw_params+0x22c/0x634 [snd_soc_core]\n dpcm_be_dai_hw_params+0x1d4/0x38c [snd_soc_core]\n dpcm_fe_dai_hw_params+0x9c/0x17c [snd_soc_core]\n snd_pcm_hw_params+0x124/0x464 [snd_pcm]\n snd_pcm_common_ioctl+0x110c/0x1820 [snd_pcm]\n snd_pcm_ioctl+0x34/0x4c [snd_pcm]\n __arm64_sys_ioctl+0xac/0x104\n invoke_syscall+0x48/0x104\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xec\n el0t_64_sync_handler+0xa0/0xf0\n el0t_64_sync+0x198/0x19c\n\nThe __devm_regmap_init_slimbus() started to be used instead of\n__regmap_init_slimbus() after the commit mentioned above and turns out\nthe incorrect bus_context pointer (3rd argument) was used in\n__devm_regmap_init_slimbus(). It should be just \"slimbus\" (which is equal\nto &slimbus->dev). Correct it. The wcd934x codec seems to be the only or\nthe first user of devm_regmap_init_slimbus() but we should fix it till\nthe point where __devm_regmap_init_slimbus() was introduced therefore\ntwo \"Fixes\" tags.\n\nWhile at this, also correct the same argument in __regmap_init_slimbus().", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40317" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/02d3041caaa3fe4dd69e5a8afd1ac6b918ddc6a1", "url": "https://git.kernel.org/stable/c/02d3041caaa3fe4dd69e5a8afd1ac6b918ddc6a1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2664bfd8969d1c43dcbe3ea313f130dfa6b74f4c", "url": "https://git.kernel.org/stable/c/2664bfd8969d1c43dcbe3ea313f130dfa6b74f4c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/434f7349a1f00618a620b316f091bd13a12bc8d2", "url": "https://git.kernel.org/stable/c/434f7349a1f00618a620b316f091bd13a12bc8d2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8143e4075d131c528540417a51966f6697be14eb", "url": "https://git.kernel.org/stable/c/8143e4075d131c528540417a51966f6697be14eb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a16e92f8d7dc7371e68f17a9926cb92d2244be7b", "url": "https://git.kernel.org/stable/c/a16e92f8d7dc7371e68f17a9926cb92d2244be7b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b65f3303349eaee333e47d2a99045aa12fa0c3a7", "url": "https://git.kernel.org/stable/c/b65f3303349eaee333e47d2a99045aa12fa0c3a7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c0f05129e5734ff3fd14b2c242709314d9ca5433", "url": "https://git.kernel.org/stable/c/c0f05129e5734ff3fd14b2c242709314d9ca5433" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d979639f099c6e51f06ce4dd8d8e56364d6c17ba", "url": "https://git.kernel.org/stable/c/d979639f099c6e51f06ce4dd8d8e56364d6c17ba" } ], "release_date": "2025-12-08T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38729", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Validate UAC3 power domain descriptors, too\n\nUAC3 power domain descriptors need to be verified with its variable\nbLength for avoiding the unexpected OOB accesses by malicious\nfirmware, too.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38729" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/07c8d78dbb5e0ff8b23f7fd69cd1d4e2ba22b3dc", "url": "https://git.kernel.org/stable/c/07c8d78dbb5e0ff8b23f7fd69cd1d4e2ba22b3dc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1666207ba0a5973735ef010812536adde6174e81", "url": "https://git.kernel.org/stable/c/1666207ba0a5973735ef010812536adde6174e81" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/29b415ec09f5b9d1dfa2423b826725a8c8796b9a", "url": "https://git.kernel.org/stable/c/29b415ec09f5b9d1dfa2423b826725a8c8796b9a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/40714daf4d0448e1692c78563faf0ed0f9d9b5c7", "url": "https://git.kernel.org/stable/c/40714daf4d0448e1692c78563faf0ed0f9d9b5c7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/452ad54f432675982cc0d6eb6c40a6c86ac61dbd", "url": "https://git.kernel.org/stable/c/452ad54f432675982cc0d6eb6c40a6c86ac61dbd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cd08d390d15b204cac1d3174f5f149a20c52e61a", "url": "https://git.kernel.org/stable/c/cd08d390d15b204cac1d3174f5f149a20c52e61a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d832ccbc301fbd9e5a1d691bdcf461cdb514595f", "url": "https://git.kernel.org/stable/c/d832ccbc301fbd9e5a1d691bdcf461cdb514595f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ebc9e06b6ea978a20abf9b87d41afc51b2d745ac", "url": "https://git.kernel.org/stable/c/ebc9e06b6ea978a20abf9b87d41afc51b2d745ac" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f03418bb9d542f44df78eec2eff4ac83c0a8ac0d", "url": "https://git.kernel.org/stable/c/f03418bb9d542f44df78eec2eff4ac83c0a8ac0d" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-04T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68287", "cwe": { "id": "CWE-364", "name": "Signal Handler Race Condition" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nusb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths\nThis patch addresses a race condition caused by unsynchronized\nexecution of multiple call paths invoking `dwc3_remove_requests()`,\nleading to premature freeing of USB requests and subsequent crashes.\nThree distinct execution paths interact with `dwc3_remove_requests()`:\nPath 1:\nTriggered via `dwc3_gadget_reset_interrupt()` during USB reset\nhandling. The call stack includes:\n- `dwc3_ep0_reset_state()`\n- `dwc3_ep0_stall_and_restart()`\n- `dwc3_ep0_out_start()`\n- `dwc3_remove_requests()`\n- `dwc3_gadget_del_and_unmap_request()`\nPath 2:\nAlso initiated from `dwc3_gadget_reset_interrupt()`, but through\n`dwc3_stop_active_transfers()`. The call stack includes:\n- `dwc3_stop_active_transfers()`\n- `dwc3_remove_requests()`\n- `dwc3_gadget_del_and_unmap_request()`\nPath 3:\nOccurs independently during `adb root` execution, which triggers\nUSB function unbind and bind operations. The sequence includes:\n- `gserial_disconnect()`\n- `usb_ep_disable()`\n- `dwc3_gadget_ep_disable()`\n- `dwc3_remove_requests()` with `-ESHUTDOWN` status\nPath 3 operates asynchronously and lacks synchronization with Paths\n1 and 2. When Path 3 completes, it disables endpoints and frees 'out'\nrequests. If Paths 1 or 2 are still processing these requests,\naccessing freed memory leads to a crash due to use-after-free conditions.\nTo fix this added check for request completion and skip processing\nif already completed and added the request status for ep0 while queue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68287" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39967", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39967" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1a194e6c8e1ee745e914b0b7f50fa86c89ed13fe", "url": "https://git.kernel.org/stable/c/1a194e6c8e1ee745e914b0b7f50fa86c89ed13fe" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4a4bac869560f943edbe3c2b032062f6673b13d3", "url": "https://git.kernel.org/stable/c/4a4bac869560f943edbe3c2b032062f6673b13d3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/994bdc2d23c79087fbf7dcd9544454e8ebcef877", "url": "https://git.kernel.org/stable/c/994bdc2d23c79087fbf7dcd9544454e8ebcef877" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9c8ec14075c5317edd6b242f1be8167aa1e4e333", "url": "https://git.kernel.org/stable/c/9c8ec14075c5317edd6b242f1be8167aa1e4e333" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a6eb9f423b3db000aaedf83367b8539f6b72dcfc", "url": "https://git.kernel.org/stable/c/a6eb9f423b3db000aaedf83367b8539f6b72dcfc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/adac90bb1aaf45ca66f9db8ac100be16750ace78", "url": "https://git.kernel.org/stable/c/adac90bb1aaf45ca66f9db8ac100be16750ace78" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b8a6e85328aeb9881531dbe89bcd2637a06c3c95", "url": "https://git.kernel.org/stable/c/b8a6e85328aeb9881531dbe89bcd2637a06c3c95" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c0c01f9aa08c8e10e10e8c9ebb5be01a4eff6eb7", "url": "https://git.kernel.org/stable/c/c0c01f9aa08c8e10e10e8c9ebb5be01a4eff6eb7" } ], "release_date": "2025-10-15T08:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68285", "cwe": { "id": "CWE-825", "name": "Expired Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived. Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\nkfree(monc->monmap);\nmonc->monmap = monmap;\nceph_osdmap_destroy(osdc->osdmap);\nosdc->osdmap = newmap;\nunder client->monc.mutex and client->osdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it's possible for\nclient->monc.monmap->epoch and client->osdc.osdmap->epoch arms in\nclient->monc.monmap && client->monc.monmap->epoch &&\nclient->osdc.osdmap && client->osdc.osdmap->epoch;\ncondition to dereference an already freed map. This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\nBUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\nRead of size 4 at addr ffff88811012d810 by task mount.ceph/13305\nCPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n...\nCall Trace:\n\nhave_mon_and_osd_map+0x56/0x70\nceph_open_session+0x182/0x290\nceph_get_tree+0x333/0x680\nvfs_get_tree+0x49/0x180\ndo_new_mount+0x1a3/0x2d0\npath_mount+0x6dd/0x730\ndo_mount+0x99/0xe0\n__do_sys_mount+0x141/0x180\ndo_syscall_64+0x9f/0x100\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAllocated by task 13305:\nceph_osdmap_alloc+0x16/0x130\nceph_osdc_init+0x27a/0x4c0\nceph_create_client+0x153/0x190\ncreate_fs_client+0x50/0x2a0\nceph_get_tree+0xff/0x680\nvfs_get_tree+0x49/0x180\ndo_new_mount+0x1a3/0x2d0\npath_mount+0x6dd/0x730\ndo_mount+0x99/0xe0\n__do_sys_mount+0x141/0x180\ndo_syscall_64+0x9f/0x100\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nFreed by task 9475:\nkfree+0x212/0x290\nhandle_one_map+0x23c/0x3b0\nceph_osdc_handle_map+0x3c9/0x590\nmon_dispatch+0x655/0x6f0\nceph_con_process_message+0xc3/0xe0\nceph_con_v1_try_read+0x614/0x760\nceph_con_workfn+0x2de/0x650\nprocess_one_work+0x486/0x7c0\nprocess_scheduled_works+0x73/0x90\nworker_thread+0x1c8/0x2a0\nkthread+0x2ec/0x300\nret_from_fork+0x24/0x40\nret_from_fork_asm+0x1a/0x30\nRewrite the wait loop to check the above condition directly with\nclient->monc.mutex and client->osdc.lock taken as appropriate. While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client->auth_err under client->monc.mutex to match\nhow it's set in finish_auth().\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68285" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40211", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nACPI: video: Fix use-after-free in acpi_video_switch_brightness()\nThe switch_brightness_work delayed work accesses device->brightness\nand device->backlight, freed by acpi_video_dev_unregister_backlight()\nduring device removal.\nIf the work executes after acpi_video_bus_unregister_backlight()\nfrees these resources, it causes a use-after-free when\nacpi_video_switch_brightness() dereferences device->brightness or\ndevice->backlight.\nFix this by calling cancel_delayed_work_sync() for each device's\nswitch_brightness_work in acpi_video_bus_remove_notify_handler()\nafter removing the notify handler that queues the work. This ensures\nthe work completes before the memory is freed.\n[ rjw: Changelog edit ]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40211" } ], "release_date": "2025-11-21T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-68185", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing\nTheoretically it's an oopsable race, but I don't believe one can manage\nto hit it on real hardware; might become doable on a KVM, but it still\nwon't be easy to attack.\nAnyway, it's easy to deal with - since xdr_encode_hyper() is just a call of\nput_unaligned_be64(), we can put that under ->d_lock and be done with that.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68185" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-39683", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser->buffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release->\nftrace_process_regex->strsep->strpbrk. We can solve this problem by\nlimiting access to parser->buffer when trace_get_user failed.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39683" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3079517a5ba80901fe828a06998da64b9b8749be", "url": "https://git.kernel.org/stable/c/3079517a5ba80901fe828a06998da64b9b8749be" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/418b448e1d7470da9d4d4797f71782595ee69c49", "url": "https://git.kernel.org/stable/c/418b448e1d7470da9d4d4797f71782595ee69c49" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/41b838420457802f21918df66764b6fbf829d330", "url": "https://git.kernel.org/stable/c/41b838420457802f21918df66764b6fbf829d330" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/58ff8064cb4c7eddac4da1a59da039ead586950a", "url": "https://git.kernel.org/stable/c/58ff8064cb4c7eddac4da1a59da039ead586950a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6a909ea83f226803ea0e718f6e88613df9234d58", "url": "https://git.kernel.org/stable/c/6a909ea83f226803ea0e718f6e88613df9234d58" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b842ef39c2ad6156c13afdec25ecc6792a9b67b9", "url": "https://git.kernel.org/stable/c/b842ef39c2ad6156c13afdec25ecc6792a9b67b9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d0c68045b8b0f3737ed7bd6b8c83b7887014adee", "url": "https://git.kernel.org/stable/c/d0c68045b8b0f3737ed7bd6b8c83b7887014adee" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-05T18:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38464", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free in tipc_conn_close().\n\nsyzbot reported a null-ptr-deref in tipc_conn_close() during netns\ndismantle. [0]\n\ntipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls\ntipc_conn_close() for each tipc_conn.\n\nThe problem is that tipc_conn_close() is called after releasing the\nIDR lock.\n\nAt the same time, there might be tipc_conn_recv_work() running and it\ncould call tipc_conn_close() for the same tipc_conn and release its\nlast ->kref.\n\nOnce we release the IDR lock in tipc_topsrv_stop(), there is no\nguarantee that the tipc_conn is alive.\n\nLet's hold the ref before releasing the lock and put the ref after\ntipc_conn_close() in tipc_topsrv_stop().\n\n[0]:\nBUG: KASAN: use-after-free in tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\nRead of size 8 at addr ffff888099305a08 by task kworker/u4:3/435\n\nCPU: 0 PID: 435 Comm: kworker/u4:3 Not tainted 4.19.204-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: netns cleanup_net\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x1fc/0x2ef lib/dump_stack.c:118\n print_address_description.cold+0x54/0x219 mm/kasan/report.c:256\n kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354\n kasan_report mm/kasan/report.c:412 [inline]\n __asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433\n tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\n tipc_topsrv_stop net/tipc/topsrv.c:701 [inline]\n tipc_topsrv_exit_net+0x27b/0x5c0 net/tipc/topsrv.c:722\n ops_exit_list+0xa5/0x150 net/core/net_namespace.c:153\n cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nAllocated by task 23:\n kmem_cache_alloc_trace+0x12f/0x380 mm/slab.c:3625\n kmalloc include/linux/slab.h:515 [inline]\n kzalloc include/linux/slab.h:709 [inline]\n tipc_conn_alloc+0x43/0x4f0 net/tipc/topsrv.c:192\n tipc_topsrv_accept+0x1b5/0x280 net/tipc/topsrv.c:470\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nFreed by task 23:\n __cache_free mm/slab.c:3503 [inline]\n kfree+0xcc/0x210 mm/slab.c:3822\n tipc_conn_kref_release net/tipc/topsrv.c:150 [inline]\n kref_put include/linux/kref.h:70 [inline]\n conn_put+0x2cd/0x3a0 net/tipc/topsrv.c:155\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nThe buggy address belongs to the object at ffff888099305a00\n which belongs to the cache kmalloc-512 of size 512\nThe buggy address is located 8 bytes inside of\n 512-byte region [ffff888099305a00, ffff888099305c00)\nThe buggy address belongs to the page:\npage:ffffea000264c140 count:1 mapcount:0 mapping:ffff88813bff0940 index:0x0\nflags: 0xfff00000000100(slab)\nraw: 00fff00000000100 ffffea00028b6b88 ffffea0002cd2b08 ffff88813bff0940\nraw: 0000000000000000 ffff888099305000 0000000100000006 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888099305900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888099305980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n>ffff888099305a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888099305a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888099305b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38464" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/03dcdd2558e1e55bf843822fe4363dcb48743f2b", "url": "https://git.kernel.org/stable/c/03dcdd2558e1e55bf843822fe4363dcb48743f2b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/15a6f4971e2f157d57e09ea748d1fbc714277aa4", "url": "https://git.kernel.org/stable/c/15a6f4971e2f157d57e09ea748d1fbc714277aa4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1dbf7cd2454a28b1da700085b99346b5445aeabb", "url": "https://git.kernel.org/stable/c/1dbf7cd2454a28b1da700085b99346b5445aeabb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3b89e17b2fd64012682bed158d9eb3d2e96dec42", "url": "https://git.kernel.org/stable/c/3b89e17b2fd64012682bed158d9eb3d2e96dec42" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/50aa2d121bc2cfe2d825f8a331ea75dfaaab6a50", "url": "https://git.kernel.org/stable/c/50aa2d121bc2cfe2d825f8a331ea75dfaaab6a50" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/667eeab4999e981c96b447a4df5f20bdf5c26f13", "url": "https://git.kernel.org/stable/c/667eeab4999e981c96b447a4df5f20bdf5c26f13" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/be4b8392da7978294f2f368799d29dd509fb6c4d", "url": "https://git.kernel.org/stable/c/be4b8392da7978294f2f368799d29dd509fb6c4d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dab8ded2e5ff41012a6ff400b44dbe76ccf3592a", "url": "https://git.kernel.org/stable/c/dab8ded2e5ff41012a6ff400b44dbe76ccf3592a" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-07-25T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39685", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: pcl726: Prevent invalid irq number\n\nThe reproducer passed in an irq number(0x80008000) that was too large,\nwhich triggered the oob.\n\nAdded an interrupt number check to prevent users from passing in an irq\nnumber that was too large.\n\nIf `it->options[1]` is 31, then `1 << it->options[1]` is still invalid\nbecause it shifts a 1-bit into the sign bit (which is UB in C).\nPossible solutions include reducing the upper bound on the\n`it->options[1]` value to 30 or lower, or using `1U << it->options[1]`.\n\nThe old code would just not attempt to request the IRQ if the\n`options[1]` value were invalid. And it would still configure the\ndevice without interrupts even if the call to `request_irq` returned an\nerror. So it would be better to combine this test with the test below.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39685" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0eb4ed2aa261dee228f1668dbfa6d87353e8162d", "url": "https://git.kernel.org/stable/c/0eb4ed2aa261dee228f1668dbfa6d87353e8162d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5a33d07c94ba91306093e823112a7aa9727549f6", "url": "https://git.kernel.org/stable/c/5a33d07c94ba91306093e823112a7aa9727549f6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/96cb948408b3adb69df7e451ba7da9d21f814d00", "url": "https://git.kernel.org/stable/c/96cb948408b3adb69df7e451ba7da9d21f814d00" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a3cfcd0c78c80ca7cd80372dc28f77d01be57bf6", "url": "https://git.kernel.org/stable/c/a3cfcd0c78c80ca7cd80372dc28f77d01be57bf6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bab220b0bb5af652007e278e8e8357f952b0e1ea", "url": "https://git.kernel.org/stable/c/bab220b0bb5af652007e278e8e8357f952b0e1ea" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d8992c9a01f81128f36acb7c5755530e21fcd059", "url": "https://git.kernel.org/stable/c/d8992c9a01f81128f36acb7c5755530e21fcd059" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-05T18:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40259", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nscsi: sg: Do not sleep in atomic context\nsg_finish_rem_req() calls blk_rq_unmap_user(). The latter function may\nsleep. Hence, call sg_finish_rem_req() with interrupts enabled instead\nof disabled.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40259" } ], "release_date": "2025-12-04T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38103", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()\n\nUpdate struct hid_descriptor to better reflect the mandatory and\noptional parts of the HID Descriptor as per USB HID 1.11 specification.\nNote: the kernel currently does not parse any optional HID class\ndescriptors, only the mandatory report descriptor.\n\nUpdate all references to member element desc[0] to rpt_desc.\n\nAdd test to verify bLength and bNumDescriptors values are valid.\n\nReplace the for loop with direct access to the mandatory HID class\ndescriptor member for the report descriptor. This eliminates the\npossibility of getting an out-of-bounds fault.\n\nAdd a warning message if the HID descriptor contains any unsupported\noptional HID class descriptors.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38103" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1df80d748f984290c895e843401824215dcfbfb0", "url": "https://git.kernel.org/stable/c/1df80d748f984290c895e843401824215dcfbfb0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/41827a2dbdd7880df9881506dee13bc88d4230bb", "url": "https://git.kernel.org/stable/c/41827a2dbdd7880df9881506dee13bc88d4230bb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/485e1b741eb838cbe1d6b0e81e5ab62ae6c095cf", "url": "https://git.kernel.org/stable/c/485e1b741eb838cbe1d6b0e81e5ab62ae6c095cf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4fa7831cf0ac71a0a345369d1a6084f2b096e55e", "url": "https://git.kernel.org/stable/c/4fa7831cf0ac71a0a345369d1a6084f2b096e55e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/74388368927e9c52a69524af5bbd6c55eb4690de", "url": "https://git.kernel.org/stable/c/74388368927e9c52a69524af5bbd6c55eb4690de" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7a6d6b68db128da2078ccd9a751dfa3f75c9cf5b", "url": "https://git.kernel.org/stable/c/7a6d6b68db128da2078ccd9a751dfa3f75c9cf5b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a8f842534807985d3a676006d140541b87044345", "url": "https://git.kernel.org/stable/c/a8f842534807985d3a676006d140541b87044345" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fe7f7ac8e0c708446ff017453add769ffc15deed", "url": "https://git.kernel.org/stable/c/fe7f7ac8e0c708446ff017453add769ffc15deed" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-07-03T09:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68194", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmedia: imon: make send_packet() more robust\nsyzbot is reporting that imon has three problems which result in\nhung tasks due to forever holding device lock [1].\nFirst problem is that when usb_rx_callback_intf0() once got -EPROTO error\nafter ictx->dev_present_intf0 became true, usb_rx_callback_intf0()\nresubmits urb after printk(), and resubmitted urb causes\nusb_rx_callback_intf0() to again get -EPROTO error. This results in\nprintk() flooding (RCU stalls).\nAlan Stern commented [2] that\nIn theory it's okay to resubmit _if_ the driver has a robust\nerror-recovery scheme (such as giving up after some fixed limit on the\nnumber of errors or after some fixed time has elapsed, perhaps with a\ntime delay to prevent a flood of errors). Most drivers don't bother to\ndo this; they simply give up right away. This makes them more\nvulnerable to short-term noise interference during USB transfers, but in\nreality such interference is quite rare. There's nothing really wrong\nwith giving up right away.\nbut imon has a poor error-recovery scheme which just retries forever;\nthis behavior should be fixed.\nSince I'm not sure whether it is safe for imon users to give up upon any\nerror code, this patch takes care of only union of error codes chosen from\nmodules in drivers/media/rc/ directory which handle -EPROTO error (i.e.\nir_toy, mceusb and igorplugusb).\nSecond problem is that when usb_rx_callback_intf0() once got -EPROTO error\nbefore ictx->dev_present_intf0 becomes true, usb_rx_callback_intf0() always\nresubmits urb due to commit 8791d63af0cf (\"[media] imon: don't wedge\nhardware after early callbacks\"). Move the ictx->dev_present_intf0 test\nintroduced by commit 6f6b90c9231a (\"[media] imon: don't parse scancodes\nuntil intf configured\") to immediately before imon_incoming_packet(), or\nthe first problem explained above happens without printk() flooding (i.e.\nhung task).\nThird problem is that when usb_rx_callback_intf0() is not called for some\nreason (e.g. flaky hardware; the reproducer for this problem sometimes\nprevents usb_rx_callback_intf0() from being called),\nwait_for_completion_interruptible() in send_packet() never returns (i.e.\nhung task). As a workaround for such situation, change send_packet() to\nwait for completion with timeout of 10 seconds.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68194" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40309", "cwe": { "id": "CWE-825", "name": "Expired Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: SCO: Fix UAF on sco_conn_free\nBUG: KASAN: slab-use-after-free in sco_conn_free net/bluetooth/sco.c:87 [inline]\nBUG: KASAN: slab-use-after-free in kref_put include/linux/kref.h:65 [inline]\nBUG: KASAN: slab-use-after-free in sco_conn_put+0xdd/0x410\nnet/bluetooth/sco.c:107\nWrite of size 8 at addr ffff88811cb96b50 by task kworker/u17:4/352\nCPU: 1 UID: 0 PID: 352 Comm: kworker/u17:4 Not tainted\n6.17.0-rc5-g717368f83676 #4 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci13 hci_cmd_sync_work\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x10b/0x170 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:378 [inline]\nprint_report+0x191/0x550 mm/kasan/report.c:482\nkasan_report+0xc4/0x100 mm/kasan/report.c:595\nsco_conn_free net/bluetooth/sco.c:87 [inline]\nkref_put include/linux/kref.h:65 [inline]\nsco_conn_put+0xdd/0x410 net/bluetooth/sco.c:107\nsco_connect_cfm+0xb4/0xae0 net/bluetooth/sco.c:1441\nhci_connect_cfm include/net/bluetooth/hci_core.h:2082 [inline]\nhci_conn_failed+0x20a/0x2e0 net/bluetooth/hci_conn.c:1313\nhci_conn_unlink+0x55f/0x810 net/bluetooth/hci_conn.c:1121\nhci_conn_del+0xb6/0x1110 net/bluetooth/hci_conn.c:1147\nhci_abort_conn_sync+0x8c5/0xbb0 net/bluetooth/hci_sync.c:5689\nhci_cmd_sync_work+0x281/0x380 net/bluetooth/hci_sync.c:332\nprocess_one_work kernel/workqueue.c:3236 [inline]\nprocess_scheduled_works+0x77e/0x1040 kernel/workqueue.c:3319\nworker_thread+0xbee/0x1200 kernel/workqueue.c:3400\nkthread+0x3c7/0x870 kernel/kthread.c:463\nret_from_fork+0x13a/0x1e0 arch/x86/kernel/process.c:148\nret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n\nAllocated by task 31370:\nkasan_save_stack mm/kasan/common.c:47 [inline]\nkasan_save_track+0x30/0x70 mm/kasan/common.c:68\npoison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n__kasan_kmalloc+0x82/0x90 mm/kasan/common.c:405\nkasan_kmalloc include/linux/kasan.h:260 [inline]\n__do_kmalloc_node mm/slub.c:4382 [inline]\n__kmalloc_noprof+0x22f/0x390 mm/slub.c:4394\nkmalloc_noprof include/linux/slab.h:909 [inline]\nsk_prot_alloc+0xae/0x220 net/core/sock.c:2239\nsk_alloc+0x34/0x5a0 net/core/sock.c:2295\nbt_sock_alloc+0x3c/0x330 net/bluetooth/af_bluetooth.c:151\nsco_sock_alloc net/bluetooth/sco.c:562 [inline]\nsco_sock_create+0xc0/0x350 net/bluetooth/sco.c:593\nbt_sock_create+0x161/0x3b0 net/bluetooth/af_bluetooth.c:135\n__sock_create+0x3ad/0x780 net/socket.c:1589\nsock_create net/socket.c:1647 [inline]\n__sys_socket_create net/socket.c:1684 [inline]\n__sys_socket+0xd5/0x330 net/socket.c:1731\n__do_sys_socket net/socket.c:1745 [inline]\n__se_sys_socket net/socket.c:1743 [inline]\n__x64_sys_socket+0x7a/0x90 net/socket.c:1743\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xc7/0x240 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nFreed by task 31374:\nkasan_save_stack mm/kasan/common.c:47 [inline]\nkasan_save_track+0x30/0x70 mm/kasan/common.c:68\nkasan_save_free_info+0x40/0x50 mm/kasan/generic.c:576\npoison_slab_object mm/kasan/common.c:243 [inline]\n__kasan_slab_free+0x3d/0x50 mm/kasan/common.c:275\nkasan_slab_free include/linux/kasan.h:233 [inline]\nslab_free_hook mm/slub.c:2428 [inline]\nslab_free mm/slub.c:4701 [inline]\nkfree+0x199/0x3b0 mm/slub.c:4900\nsk_prot_free net/core/sock.c:2278 [inline]\n__sk_destruct+0x4aa/0x630 net/core/sock.c:2373\nsco_sock_release+0x2ad/0x300 net/bluetooth/sco.c:1333\n__sock_release net/socket.c:649 [inline]\nsock_close+0xb8/0x230 net/socket.c:1439\n__fput+0x3d1/0x9e0 fs/file_table.c:468\ntask_work_run+0x206/0x2a0 kernel/task_work.c:227\nget_signal+0x1201/0x1410 kernel/signal.c:2807\narch_do_signal_or_restart+0x34/0x740 arch/x86/kernel/signal.c:337\nexit_to_user_mode_loop+0x68/0xc0 kernel/entry/common.c:40\nexit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]\ns\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40309" } ], "release_date": "2025-12-08T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40055", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix double free in user_cluster_connect()\n\nuser_cluster_disconnect() frees \"conn->cc_private\" which is \"lc\" but then\nthe error handling frees \"lc\" a second time. Set \"lc\" to NULL on this\npath to avoid a double free.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40055" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/283333079d96c84baa91f0c62b5e0cbec246b7a2", "url": "https://git.kernel.org/stable/c/283333079d96c84baa91f0c62b5e0cbec246b7a2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/694d5b401036a614f8080085a9de6f86ff0742dc", "url": "https://git.kernel.org/stable/c/694d5b401036a614f8080085a9de6f86ff0742dc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7e76fe9dfadbc00364d7523d5a109e9d3e4a7db2", "url": "https://git.kernel.org/stable/c/7e76fe9dfadbc00364d7523d5a109e9d3e4a7db2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/827c8efa0d1afe817b90f3618afff552e88348d2", "url": "https://git.kernel.org/stable/c/827c8efa0d1afe817b90f3618afff552e88348d2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/892f41e12c8689130d552a9eb2b77bafd26484ab", "url": "https://git.kernel.org/stable/c/892f41e12c8689130d552a9eb2b77bafd26484ab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f45f089337d924db24397f55697cda0e6960516", "url": "https://git.kernel.org/stable/c/8f45f089337d924db24397f55697cda0e6960516" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bfe011297ddd2d0cd64752978baaa0c04cd20573", "url": "https://git.kernel.org/stable/c/bfe011297ddd2d0cd64752978baaa0c04cd20573" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f992bc72f681c32a682d474a29c2135a64d4f4e5", "url": "https://git.kernel.org/stable/c/f992bc72f681c32a682d474a29c2135a64d4f4e5" } ], "release_date": "2025-10-28T12:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-22978", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: avoid kernel-infoleak from struct iw_point\n\nstruct iw_point has a 32bit hole on 64bit arches.\n\nstruct iw_point {\n void __user *pointer; /* Pointer to the data (in user space) */\n __u16 length; /* number of fields or size in bytes */\n __u16 flags; /* Optional params */\n};\n\nMake sure to zero the structure to avoid disclosing 32bits of kernel data\nto user space.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-22978" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/024f71a57d563fbe162e528c8bf2d27e9cac7c7b", "url": "https://git.kernel.org/stable/c/024f71a57d563fbe162e528c8bf2d27e9cac7c7b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/21cbf883d073abbfe09e3924466aa5e0449e7261", "url": "https://git.kernel.org/stable/c/21cbf883d073abbfe09e3924466aa5e0449e7261" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/442ceac0393185e9982323f6682a52a53e8462b1", "url": "https://git.kernel.org/stable/c/442ceac0393185e9982323f6682a52a53e8462b1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a3827e310b5a73535646ef4a552d53b3c8bf74f6", "url": "https://git.kernel.org/stable/c/a3827e310b5a73535646ef4a552d53b3c8bf74f6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d21ec867d84c9f3a9845d7d8c90c9ce35dbe48f8", "url": "https://git.kernel.org/stable/c/d21ec867d84c9f3a9845d7d8c90c9ce35dbe48f8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d943b5f592767b107ba8c12a902f17431350378c", "url": "https://git.kernel.org/stable/c/d943b5f592767b107ba8c12a902f17431350378c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e3c35177103ead4658b8a62f41e3080d45885464", "url": "https://git.kernel.org/stable/c/e3c35177103ead4658b8a62f41e3080d45885464" } ], "release_date": "2026-01-23T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-39839", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix OOB read/write in network-coding decode\n\nbatadv_nc_skb_decode_packet() trusts coded_len and checks only against\nskb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing\npayload headroom, and the source skb length is not verified, allowing an\nout-of-bounds read and a small out-of-bounds write.\n\nValidate that coded_len fits within the payload area of both destination\nand source sk_buffs before XORing.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39839" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1e36c6c8dc8023b4bbe9a16e819f9998b9b6a183", "url": "https://git.kernel.org/stable/c/1e36c6c8dc8023b4bbe9a16e819f9998b9b6a183" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/20080709457bc1e920eb002483d7d981d9b2ac1c", "url": "https://git.kernel.org/stable/c/20080709457bc1e920eb002483d7d981d9b2ac1c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/30fc47248f02b8a14a61df469e1da4704be1a19f", "url": "https://git.kernel.org/stable/c/30fc47248f02b8a14a61df469e1da4704be1a19f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5d334bce9fad58cf328d8fa14ea1fff855819863", "url": "https://git.kernel.org/stable/c/5d334bce9fad58cf328d8fa14ea1fff855819863" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a67c6397fcb7e842d3c595243049940970541c48", "url": "https://git.kernel.org/stable/c/a67c6397fcb7e842d3c595243049940970541c48" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bb37252c9af1cb250f34735ee98f80b46be3cef1", "url": "https://git.kernel.org/stable/c/bb37252c9af1cb250f34735ee98f80b46be3cef1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d77b6ff0ce35a6d0b0b7b9581bc3f76d041d4087", "url": "https://git.kernel.org/stable/c/d77b6ff0ce35a6d0b0b7b9581bc3f76d041d4087" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dce6c2aa70e94c04c523b375dfcc664d7a0a560a", "url": "https://git.kernel.org/stable/c/dce6c2aa70e94c04c523b375dfcc664d7a0a560a" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-19T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-23074", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Enforce that teql can only be used as root qdisc\n\nDesign intent of teql is that it is only supposed to be used as root qdisc.\nWe need to check for that constraint.\n\nAlthough not important, I will describe the scenario that unearthed this\nissue for the curious.\n\nGangMin Kim managed to concot a scenario as follows:\n\nROOT qdisc 1:0 (QFQ)\n ├── class 1:1 (weight=15, lmax=16384) netem with delay 6.4s\n └── class 1:2 (weight=1, lmax=1514) teql\n\nGangMin sends a packet which is enqueued to 1:1 (netem).\nAny invocation of dequeue by QFQ from this class will not return a packet\nuntil after 6.4s. In the meantime, a second packet is sent and it lands on\n1:2. teql's enqueue will return success and this will activate class 1:2.\nMain issue is that teql only updates the parent visible qlen (sch->q.qlen)\nat dequeue. Since QFQ will only call dequeue if peek succeeds (and teql's\npeek always returns NULL), dequeue will never be called and thus the qlen\nwill remain as 0. With that in mind, when GangMin updates 1:2's lmax value,\nthe qfq_change_class calls qfq_deact_rm_from_agg. Since the child qdisc's\nqlen was not incremented, qfq fails to deactivate the class, but still\nfrees its pointers from the aggregate. So when the first packet is\nrescheduled after 6.4 seconds (netem's delay), a dangling pointer is\naccessed causing GangMin's causing a UAF.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-23074" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0686bedfed34155520f3f735cbf3210cb9044380", "url": "https://git.kernel.org/stable/c/0686bedfed34155520f3f735cbf3210cb9044380" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/16ed73c1282d376b956bff23e5139add061767ba", "url": "https://git.kernel.org/stable/c/16ed73c1282d376b956bff23e5139add061767ba" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4c7e8aa71c9232cba84c289b4b56cba80b280841", "url": "https://git.kernel.org/stable/c/4c7e8aa71c9232cba84c289b4b56cba80b280841" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/50da4b9d07a7a463e2cfb738f3ad4cff6b2c9c3b", "url": "https://git.kernel.org/stable/c/50da4b9d07a7a463e2cfb738f3ad4cff6b2c9c3b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/73d970ff0eddd874a84c953387c7f4464b705fc6", "url": "https://git.kernel.org/stable/c/73d970ff0eddd874a84c953387c7f4464b705fc6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ae810e6a8ac4fe25042e6825d2a401207a2e41fb", "url": "https://git.kernel.org/stable/c/ae810e6a8ac4fe25042e6825d2a401207a2e41fb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dad49a67c2d817bfec98e6e45121b351e3a0202c", "url": "https://git.kernel.org/stable/c/dad49a67c2d817bfec98e6e45121b351e3a0202c" } ], "release_date": "2026-02-04T17:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-23234", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid UAF in f2fs_write_end_io()\n\nAs syzbot reported an use-after-free issue in f2fs_write_end_io().\n\nIt is caused by below race condition:\n\nloop device\t\t\t\tumount\n- worker_thread\n - loop_process_work\n - do_req_filebacked\n - lo_rw_aio\n - lo_rw_aio_complete\n - blk_mq_end_request\n - blk_update_request\n - f2fs_write_end_io\n - dec_page_count\n - folio_end_writeback\n\t\t\t\t\t- kill_f2fs_super\n\t\t\t\t\t - kill_block_super\n\t\t\t\t\t - f2fs_put_super\n\t\t\t\t\t : free(sbi)\n : get_pages(, F2FS_WB_CP_DATA)\n accessed sbi which is freed\n\nIn kill_f2fs_super(), we will drop all page caches of f2fs inodes before\ncall free(sbi), it guarantee that all folios should end its writeback, so\nit should be safe to access sbi before last folio_end_writeback().\n\nLet's relocate ckpt thread wakeup flow before folio_end_writeback() to\nresolve this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-23234" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0fb58aff0dafd6837cc91f4154f3ed6e020358fa", "url": "https://git.kernel.org/stable/c/0fb58aff0dafd6837cc91f4154f3ed6e020358fa" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2f67ff1e15a8a4d0e4ffc6564ab20d03d7398fe9", "url": "https://git.kernel.org/stable/c/2f67ff1e15a8a4d0e4ffc6564ab20d03d7398fe9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/505e1c0530db6152cab3feef8e3e4da3d3e358c9", "url": "https://git.kernel.org/stable/c/505e1c0530db6152cab3feef8e3e4da3d3e358c9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/995030be4ce6338c6ff814583c14166446a64008", "url": "https://git.kernel.org/stable/c/995030be4ce6338c6ff814583c14166446a64008" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a42f99be8a16b32a0bb91bb6dda212a6ad61be5d", "url": "https://git.kernel.org/stable/c/a42f99be8a16b32a0bb91bb6dda212a6ad61be5d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/acc2c97fc0005846e5cf11b5ba3189fef130c9b3", "url": "https://git.kernel.org/stable/c/acc2c97fc0005846e5cf11b5ba3189fef130c9b3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ce2739e482bce8d2c014d76c4531c877f382aa54", "url": "https://git.kernel.org/stable/c/ce2739e482bce8d2c014d76c4531c877f382aa54" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cf4a9e1bc8129eb63fda5f8bdcd8d87f0bd76f42", "url": "https://git.kernel.org/stable/c/cf4a9e1bc8129eb63fda5f8bdcd8d87f0bd76f42" } ], "release_date": "2026-03-04T15:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38157", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Abort software beacon handling if disabled\n\nA malicious USB device can send a WMI_SWBA_EVENTID event from an\nath9k_htc-managed device before beaconing has been enabled. This causes\na device-by-zero error in the driver, leading to either a crash or an\nout of bounds read.\n\nPrevent this by aborting the handling in ath9k_htc_swba() if beacons are\nnot enabled.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38157" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0281c19074976ec48f0078d50530b406ddae75bc", "url": "https://git.kernel.org/stable/c/0281c19074976ec48f0078d50530b406ddae75bc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/40471b23147c86ea3ed97faee79937c618250bd0", "url": "https://git.kernel.org/stable/c/40471b23147c86ea3ed97faee79937c618250bd0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5482ef9875eaa43f0435e14570e1193823de857e", "url": "https://git.kernel.org/stable/c/5482ef9875eaa43f0435e14570e1193823de857e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5a85c21f812e02cb00ca07007d88acdd42d08c46", "url": "https://git.kernel.org/stable/c/5a85c21f812e02cb00ca07007d88acdd42d08c46" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7ee3fb6258da8c890a51b514f60d7570dc703605", "url": "https://git.kernel.org/stable/c/7ee3fb6258da8c890a51b514f60d7570dc703605" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ac4e317a95a1092b5da5b9918b7118759342641c", "url": "https://git.kernel.org/stable/c/ac4e317a95a1092b5da5b9918b7118759342641c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e5ce9df1d68094d37360dbd9b09289d42fa21e54", "url": "https://git.kernel.org/stable/c/e5ce9df1d68094d37360dbd9b09289d42fa21e54" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ee5ee646385f5846dcbc881389f3c44a197c402a", "url": "https://git.kernel.org/stable/c/ee5ee646385f5846dcbc881389f3c44a197c402a" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-07-03T09:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-22990", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: replace overzealous BUG_ON in osdmap_apply_incremental()\n\nIf the osdmap is (maliciously) corrupted such that the incremental\nosdmap epoch is different from what is expected, there is no need to\nBUG. Instead, just declare the incremental osdmap to be invalid.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-22990" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4b106fbb1c7b841cd402abd83eb2447164c799ea", "url": "https://git.kernel.org/stable/c/4b106fbb1c7b841cd402abd83eb2447164c799ea" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6348d70af847b79805374fe628d3809a63fd7df3", "url": "https://git.kernel.org/stable/c/6348d70af847b79805374fe628d3809a63fd7df3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6afd2a4213524bc742b709599a3663aeaf77193c", "url": "https://git.kernel.org/stable/c/6afd2a4213524bc742b709599a3663aeaf77193c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6c6cec3db3b418c4fdf815731bc39e46dff75e1b", "url": "https://git.kernel.org/stable/c/6c6cec3db3b418c4fdf815731bc39e46dff75e1b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9aa0b0c14cefece078286d78b97d4c09685e372d", "url": "https://git.kernel.org/stable/c/9aa0b0c14cefece078286d78b97d4c09685e372d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d3613770e2677683e65d062da5e31f48c409abe9", "url": "https://git.kernel.org/stable/c/d3613770e2677683e65d062da5e31f48c409abe9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e00c3f71b5cf75681dbd74ee3f982a99cb690c2b", "url": "https://git.kernel.org/stable/c/e00c3f71b5cf75681dbd74ee3f982a99cb690c2b" } ], "release_date": "2026-01-23T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-38708", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: add missing kref_get in handle_write_conflicts\n\nWith `two-primaries` enabled, DRBD tries to detect \"concurrent\" writes\nand handle write conflicts, so that even if you write to the same sector\nsimultaneously on both nodes, they end up with the identical data once\nthe writes are completed.\n\nIn handling \"superseeded\" writes, we forgot a kref_get,\nresulting in a premature drbd_destroy_device and use after free,\nand further to kernel crashes with symptoms.\n\nRelevance: No one should use DRBD as a random data generator, and apparently\nall users of \"two-primaries\" handle concurrent writes correctly on layer up.\nThat is cluster file systems use some distributed lock manager,\nand live migration in virtualization environments stops writes on one node\nbefore starting writes on the other node.\n\nWhich means that other than for \"test cases\",\nthis code path is never taken in real life.\n\nFYI, in DRBD 9, things are handled differently nowadays. We still detect\n\"write conflicts\", but no longer try to be smart about them.\nWe decided to disconnect hard instead: upper layers must not submit concurrent\nwrites. If they do, that's their fault.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38708" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/00c9c9628b49e368d140cfa61d7df9b8922ec2a8", "url": "https://git.kernel.org/stable/c/00c9c9628b49e368d140cfa61d7df9b8922ec2a8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0336bfe9c237476bd7c45605a36ca79c2bca62e5", "url": "https://git.kernel.org/stable/c/0336bfe9c237476bd7c45605a36ca79c2bca62e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3a896498f6f577e57bf26aaa93b48c22b6d20c20", "url": "https://git.kernel.org/stable/c/3a896498f6f577e57bf26aaa93b48c22b6d20c20" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/46e3763dcae0ffcf8fcfaff4fc10a90a92ffdd89", "url": "https://git.kernel.org/stable/c/46e3763dcae0ffcf8fcfaff4fc10a90a92ffdd89" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/57418de35420cedab035aa1da8a26c0499b7f575", "url": "https://git.kernel.org/stable/c/57418de35420cedab035aa1da8a26c0499b7f575" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7d483ad300fc0a06f69b019dda8f74970714baf8", "url": "https://git.kernel.org/stable/c/7d483ad300fc0a06f69b019dda8f74970714baf8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/810cd546a29bfac90ed1328ea01d693d4bd11cb1", "url": "https://git.kernel.org/stable/c/810cd546a29bfac90ed1328ea01d693d4bd11cb1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/84ef8dd3238330d1795745ece83b19f0295751bf", "url": "https://git.kernel.org/stable/c/84ef8dd3238330d1795745ece83b19f0295751bf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9f53b2433ad248cd3342cc345f56f5c7904bd8c4", "url": "https://git.kernel.org/stable/c/9f53b2433ad248cd3342cc345f56f5c7904bd8c4" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-04T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39824", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: asus: fix UAF via HID_CLAIMED_INPUT validation\n\nAfter hid_hw_start() is called hidinput_connect() will eventually be\ncalled to set up the device with the input layer since the\nHID_CONNECT_DEFAULT connect mask is used. During hidinput_connect()\nall input and output reports are processed and corresponding hid_inputs\nare allocated and configured via hidinput_configure_usages(). This\nprocess involves slot tagging report fields and configuring usages\nby setting relevant bits in the capability bitmaps. However it is possible\nthat the capability bitmaps are not set at all leading to the subsequent\nhidinput_has_been_populated() check to fail leading to the freeing of the\nhid_input and the underlying input device.\n\nThis becomes problematic because a malicious HID device like a\nASUS ROG N-Key keyboard can trigger the above scenario via a\nspecially crafted descriptor which then leads to a user-after-free\nwhen the name of the freed input device is written to later on after\nhid_hw_start(). Below, report 93 intentionally utilises the\nHID_UP_UNDEFINED Usage Page which is skipped during usage\nconfiguration, leading to the frees.\n\n0x05, 0x0D, // Usage Page (Digitizer)\n0x09, 0x05, // Usage (Touch Pad)\n0xA1, 0x01, // Collection (Application)\n0x85, 0x0D, // Report ID (13)\n0x06, 0x00, 0xFF, // Usage Page (Vendor Defined 0xFF00)\n0x09, 0xC5, // Usage (0xC5)\n0x15, 0x00, // Logical Minimum (0)\n0x26, 0xFF, 0x00, // Logical Maximum (255)\n0x75, 0x08, // Report Size (8)\n0x95, 0x04, // Report Count (4)\n0xB1, 0x02, // Feature (Data,Var,Abs)\n0x85, 0x5D, // Report ID (93)\n0x06, 0x00, 0x00, // Usage Page (Undefined)\n0x09, 0x01, // Usage (0x01)\n0x15, 0x00, // Logical Minimum (0)\n0x26, 0xFF, 0x00, // Logical Maximum (255)\n0x75, 0x08, // Report Size (8)\n0x95, 0x1B, // Report Count (27)\n0x81, 0x02, // Input (Data,Var,Abs)\n0xC0, // End Collection\n\nBelow is the KASAN splat after triggering the UAF:\n\n[ 21.672709] ==================================================================\n[ 21.673700] BUG: KASAN: slab-use-after-free in asus_probe+0xeeb/0xf80\n[ 21.673700] Write of size 8 at addr ffff88810a0ac000 by task kworker/1:2/54\n[ 21.673700]\n[ 21.673700] CPU: 1 UID: 0 PID: 54 Comm: kworker/1:2 Not tainted 6.16.0-rc4-g9773391cf4dd-dirty #36 PREEMPT(voluntary)\n[ 21.673700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n[ 21.673700] Call Trace:\n[ 21.673700] \n[ 21.673700] dump_stack_lvl+0x5f/0x80\n[ 21.673700] print_report+0xd1/0x660\n[ 21.673700] kasan_report+0xe5/0x120\n[ 21.673700] __asan_report_store8_noabort+0x1b/0x30\n[ 21.673700] asus_probe+0xeeb/0xf80\n[ 21.673700] hid_device_probe+0x2ee/0x700\n[ 21.673700] really_probe+0x1c6/0x6b0\n[ 21.673700] __driver_probe_device+0x24f/0x310\n[ 21.673700] driver_probe_device+0x4e/0x220\n[...]\n[ 21.673700]\n[ 21.673700] Allocated by task 54:\n[ 21.673700] kasan_save_stack+0x3d/0x60\n[ 21.673700] kasan_save_track+0x18/0x40\n[ 21.673700] kasan_save_alloc_info+0x3b/0x50\n[ 21.673700] __kasan_kmalloc+0x9c/0xa0\n[ 21.673700] __kmalloc_cache_noprof+0x139/0x340\n[ 21.673700] input_allocate_device+0x44/0x370\n[ 21.673700] hidinput_connect+0xcb6/0x2630\n[ 21.673700] hid_connect+0xf74/0x1d60\n[ 21.673700] hid_hw_start+0x8c/0x110\n[ 21.673700] asus_probe+0x5a3/0xf80\n[ 21.673700] hid_device_probe+0x2ee/0x700\n[ 21.673700] really_probe+0x1c6/0x6b0\n[ 21.673700] __driver_probe_device+0x24f/0x310\n[ 21.673700] driver_probe_device+0x4e/0x220\n[...]\n[ 21.673700]\n[ 21.673700] Freed by task 54:\n[ 21.673700] kasan_save_stack+0x3d/0x60\n[ 21.673700] kasan_save_track+0x18/0x40\n[ 21.673700] kasan_save_free_info+0x3f/0x60\n[ 21.673700] __kasan_slab_free+0x3c/0x50\n[ 21.673700] kfre\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39824" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5f3c0839b173f7f33415eb098331879e547d1d2d", "url": "https://git.kernel.org/stable/c/5f3c0839b173f7f33415eb098331879e547d1d2d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7170122e2ae4ab378c9cdf7cc54dea8b0abbbca5", "url": "https://git.kernel.org/stable/c/7170122e2ae4ab378c9cdf7cc54dea8b0abbbca5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/72a4ec018c9e9bc52f4f80eb3afb5d6a6b752275", "url": "https://git.kernel.org/stable/c/72a4ec018c9e9bc52f4f80eb3afb5d6a6b752275" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9a9e4a8317437bf944fa017c66e1e23a0368b5c7", "url": "https://git.kernel.org/stable/c/9a9e4a8317437bf944fa017c66e1e23a0368b5c7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a8ca8fe7f516d27ece3afb995c3bd4d07dcbe62c", "url": "https://git.kernel.org/stable/c/a8ca8fe7f516d27ece3afb995c3bd4d07dcbe62c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c0d77e3441a92d0b4958193c9ac1c3f81c6f1d1c", "url": "https://git.kernel.org/stable/c/c0d77e3441a92d0b4958193c9ac1c3f81c6f1d1c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d3af6ca9a8c34bbd8cff32b469b84c9021c9e7e4", "url": "https://git.kernel.org/stable/c/d3af6ca9a8c34bbd8cff32b469b84c9021c9e7e4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/eaae728e7335b5dbad70966e2bd520a731fdf7b2", "url": "https://git.kernel.org/stable/c/eaae728e7335b5dbad70966e2bd520a731fdf7b2" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-16T13:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39913", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.\n\nsyzbot reported the splat below. [0]\n\nThe repro does the following:\n\n 1. Load a sk_msg prog that calls bpf_msg_cork_bytes(msg, cork_bytes)\n 2. Attach the prog to a SOCKMAP\n 3. Add a socket to the SOCKMAP\n 4. Activate fault injection\n 5. Send data less than cork_bytes\n\nAt 5., the data is carried over to the next sendmsg() as it is\nsmaller than the cork_bytes specified by bpf_msg_cork_bytes().\n\nThen, tcp_bpf_send_verdict() tries to allocate psock->cork to hold\nthe data, but this fails silently due to fault injection + __GFP_NOWARN.\n\nIf the allocation fails, we need to revert the sk->sk_forward_alloc\nchange done by sk_msg_alloc().\n\nLet's call sk_msg_free() when tcp_bpf_send_verdict fails to allocate\npsock->cork.\n\nThe \"*copied\" also needs to be updated such that a proper error can\nbe returned to the caller, sendmsg. It fails to allocate psock->cork.\nNothing has been corked so far, so this patch simply sets \"*copied\"\nto 0.\n\n[0]:\nWARNING: net/ipv4/af_inet.c:156 at inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156, CPU#1: syz-executor/5983\nModules linked in:\nCPU: 1 UID: 0 PID: 5983 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156\nCode: 0f 0b 90 e9 62 fe ff ff e8 7a db b5 f7 90 0f 0b 90 e9 95 fe ff ff e8 6c db b5 f7 90 0f 0b 90 e9 bb fe ff ff e8 5e db b5 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc\nRSP: 0018:ffffc90000a08b48 EFLAGS: 00010246\nRAX: ffffffff8a09d0b2 RBX: dffffc0000000000 RCX: ffff888024a23c80\nRDX: 0000000000000100 RSI: 0000000000000fff RDI: 0000000000000000\nRBP: 0000000000000fff R08: ffff88807e07c627 R09: 1ffff1100fc0f8c4\nR10: dffffc0000000000 R11: ffffed100fc0f8c5 R12: ffff88807e07c380\nR13: dffffc0000000000 R14: ffff88807e07c60c R15: 1ffff1100fc0f872\nFS: 00005555604c4500(0000) GS:ffff888125af1000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005555604df5c8 CR3: 0000000032b06000 CR4: 00000000003526f0\nCall Trace:\n \n __sk_destruct+0x86/0x660 net/core/sock.c:2339\n rcu_do_batch kernel/rcu/tree.c:2605 [inline]\n rcu_core+0xca8/0x1770 kernel/rcu/tree.c:2861\n handle_softirqs+0x286/0x870 kernel/softirq.c:579\n __do_softirq kernel/softirq.c:613 [inline]\n invoke_softirq kernel/softirq.c:453 [inline]\n __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:696\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052\n ", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39913" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/05366527f44cf4b884f3d9462ae8009be9665856", "url": "https://git.kernel.org/stable/c/05366527f44cf4b884f3d9462ae8009be9665856" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/08f58d10f5abf11d297cc910754922498c921f91", "url": "https://git.kernel.org/stable/c/08f58d10f5abf11d297cc910754922498c921f91" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/539920180c55f5e13a2488a2339f94e6b8cb69e0", "url": "https://git.kernel.org/stable/c/539920180c55f5e13a2488a2339f94e6b8cb69e0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/66bcb04a441fbf15d66834b7e3eefb313dd750c8", "url": "https://git.kernel.org/stable/c/66bcb04a441fbf15d66834b7e3eefb313dd750c8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7429b8b9bfbc276fd304fbaebc405f46b421fedf", "url": "https://git.kernel.org/stable/c/7429b8b9bfbc276fd304fbaebc405f46b421fedf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9c2a6456bdf9794474460d885c359b6c4522d6e3", "url": "https://git.kernel.org/stable/c/9c2a6456bdf9794474460d885c359b6c4522d6e3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a3967baad4d533dc254c31e0d221e51c8d223d58", "url": "https://git.kernel.org/stable/c/a3967baad4d533dc254c31e0d221e51c8d223d58" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/de89e58368f8f07df005ecc1c86ad94898a999f2", "url": "https://git.kernel.org/stable/c/de89e58368f8f07df005ecc1c86ad94898a999f2" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-10-01T08:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68220", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error\n\nMake knav_dma_open_channel consistently return NULL on error instead\nof ERR_PTR. Currently the header include/linux/soc/ti/knav_dma.h\nreturns NULL when the driver is disabled, but the driver\nimplementation does not even return NULL or ERR_PTR on failure,\ncausing inconsistency in the users. This results in a crash in\nnetcp_free_navigator_resources as followed (trimmed):\n\nUnhandled fault: alignment exception (0x221) at 0xfffffff2\n[fffffff2] *pgd=80000800207003, *pmd=82ffda003, *pte=00000000\nInternal error: : 221 [#1] SMP ARM\nModules linked in:\nCPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc7 #1 NONE\nHardware name: Keystone\nPC is at knav_dma_close_channel+0x30/0x19c\nLR is at netcp_free_navigator_resources+0x2c/0x28c\n\n[... TRIM...]\n\nCall trace:\n knav_dma_close_channel from netcp_free_navigator_resources+0x2c/0x28c\n netcp_free_navigator_resources from netcp_ndo_open+0x430/0x46c\n netcp_ndo_open from __dev_open+0x114/0x29c\n __dev_open from __dev_change_flags+0x190/0x208\n __dev_change_flags from netif_change_flags+0x1c/0x58\n netif_change_flags from dev_change_flags+0x38/0xa0\n dev_change_flags from ip_auto_config+0x2c4/0x11f0\n ip_auto_config from do_one_initcall+0x58/0x200\n do_one_initcall from kernel_init_freeable+0x1cc/0x238\n kernel_init_freeable from kernel_init+0x1c/0x12c\n kernel_init from ret_from_fork+0x14/0x38\n[... TRIM...]\n\nStandardize the error handling by making the function return NULL on\nall error conditions. The API is used in just the netcp_core.c so the\nimpact is limited.\n\nNote, this change, in effect reverts commit 5b6cb43b4d62 (\"net:\nethernet: ti: netcp_core: return error while dma channel open issue\"),\nbut provides a less error prone implementation.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68220" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2572c358ee434ce4b994472cceeb4043cbff5bc5", "url": "https://git.kernel.org/stable/c/2572c358ee434ce4b994472cceeb4043cbff5bc5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3afeb909c3e2e0eb19b1e20506196e5f2d9c2259", "url": "https://git.kernel.org/stable/c/3afeb909c3e2e0eb19b1e20506196e5f2d9c2259" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8427218ecbd7f8559c37972e66cb0fa06e82353b", "url": "https://git.kernel.org/stable/c/8427218ecbd7f8559c37972e66cb0fa06e82353b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/90a88306eb874fe4bbdd860e6c9787f5bbc588b5", "url": "https://git.kernel.org/stable/c/90a88306eb874fe4bbdd860e6c9787f5bbc588b5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/952637c5b9be64539cd0e13ef88db71a1df46373", "url": "https://git.kernel.org/stable/c/952637c5b9be64539cd0e13ef88db71a1df46373" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/af6b10a13fc0aee37df4a8292414cc055c263fa3", "url": "https://git.kernel.org/stable/c/af6b10a13fc0aee37df4a8292414cc055c263fa3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f9608637ecc165d7d6341df105aee44691461fb9", "url": "https://git.kernel.org/stable/c/f9608637ecc165d7d6341df105aee44691461fb9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fbb53727ca789a8d27052aab4b77ca9e2a0fae2b", "url": "https://git.kernel.org/stable/c/fbb53727ca789a8d27052aab4b77ca9e2a0fae2b" } ], "release_date": "2025-12-16T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39945", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item 'delete_task' has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp->dev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays — such as inserting calls to ssleep()\nwithin the cnic_delete_task() function — to increase the likelihood\nof triggering the bug.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39945" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0405055930264ea8fd26f4131466fa7652e5e47d", "url": "https://git.kernel.org/stable/c/0405055930264ea8fd26f4131466fa7652e5e47d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0627e1481676669cae2df0d85b5ff13e7d24c390", "url": "https://git.kernel.org/stable/c/0627e1481676669cae2df0d85b5ff13e7d24c390" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6e33a7eed587062ca8161ad1f4584882a860d697", "url": "https://git.kernel.org/stable/c/6e33a7eed587062ca8161ad1f4584882a860d697" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7b6a5b0a6b392263c3767fc945b311ea04b34bbd", "url": "https://git.kernel.org/stable/c/7b6a5b0a6b392263c3767fc945b311ea04b34bbd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8eeb2091e72d75df8ceaa2172638d61b4cf8929a", "url": "https://git.kernel.org/stable/c/8eeb2091e72d75df8ceaa2172638d61b4cf8929a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cfa7d9b1e3a8604afc84e9e51d789c29574fb216", "url": "https://git.kernel.org/stable/c/cfa7d9b1e3a8604afc84e9e51d789c29574fb216" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e1fcd4a9c09feac0902a65615e866dbf22616125", "url": "https://git.kernel.org/stable/c/e1fcd4a9c09feac0902a65615e866dbf22616125" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fde6e73189f40ebcf0633aed2b68e731c25f3aa3", "url": "https://git.kernel.org/stable/c/fde6e73189f40ebcf0633aed2b68e731c25f3aa3" } ], "release_date": "2025-10-04T08:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40263", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: cros_ec_keyb - fix an invalid memory access\n\nIf cros_ec_keyb_register_matrix() isn't called (due to\n`buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev->idev` remains\nNULL. An invalid memory access is observed in cros_ec_keyb_process()\nwhen receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work()\nin such case.\n\n Unable to handle kernel read from unreadable memory at virtual address 0000000000000028\n ...\n x3 : 0000000000000000 x2 : 0000000000000000\n x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n input_event\n cros_ec_keyb_work\n blocking_notifier_call_chain\n ec_irq_thread\n\nIt's still unknown about why the kernel receives such malformed event,\nin any cases, the kernel shouldn't access `ckdev->idev` and friends if\nthe driver doesn't intend to initialize them.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40263" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2d251c15c27e2dd16d6318425d2f7260cbd47d39", "url": "https://git.kernel.org/stable/c/2d251c15c27e2dd16d6318425d2f7260cbd47d39" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6d81068685154535af06163eb585d6d9663ec7ec", "url": "https://git.kernel.org/stable/c/6d81068685154535af06163eb585d6d9663ec7ec" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9cf59f4724a9ee06ebb06c76b8678ac322e850b7", "url": "https://git.kernel.org/stable/c/9cf59f4724a9ee06ebb06c76b8678ac322e850b7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d74864291cb8bd784d44d1d02e87109cf88666bb", "url": "https://git.kernel.org/stable/c/d74864291cb8bd784d44d1d02e87109cf88666bb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e08969c4d65ac31297fcb4d31d4808c789152f68", "url": "https://git.kernel.org/stable/c/e08969c4d65ac31297fcb4d31d4808c789152f68" } ], "release_date": "2025-12-04T16:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39828", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().\n\nsyzbot reported the splat below. [0]\n\nWhen atmtcp_v_open() or atmtcp_v_close() is called via connect()\nor close(), atmtcp_send_control() is called to send an in-kernel\nspecial message.\n\nThe message has ATMTCP_HDR_MAGIC in atmtcp_control.hdr.length.\nAlso, a pointer of struct atm_vcc is set to atmtcp_control.vcc.\n\nThe notable thing is struct atmtcp_control is uAPI but has a\nspace for an in-kernel pointer.\n\n struct atmtcp_control {\n \tstruct atmtcp_hdr hdr;\t/* must be first */\n ...\n \tatm_kptr_t vcc;\t\t/* both directions */\n ...\n } __ATM_API_ALIGN;\n\n typedef struct { unsigned char _[8]; } __ATM_API_ALIGN atm_kptr_t;\n\nThe special message is processed in atmtcp_recv_control() called\nfrom atmtcp_c_send().\n\natmtcp_c_send() is vcc->dev->ops->send() and called from 2 paths:\n\n 1. .ndo_start_xmit() (vcc->send() == atm_send_aal0())\n 2. vcc_sendmsg()\n\nThe problem is sendmsg() does not validate the message length and\nuserspace can abuse atmtcp_recv_control() to overwrite any kptr\nby atmtcp_control.\n\nLet's add a new ->pre_send() hook to validate messages from sendmsg().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc00200000ab: 0000 [#1] SMP KASAN PTI\nKASAN: probably user-memory-access in range [0x0000000100000558-0x000000010000055f]\nCPU: 0 UID: 0 PID: 5865 Comm: syz-executor331 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:atmtcp_recv_control drivers/atm/atmtcp.c:93 [inline]\nRIP: 0010:atmtcp_c_send+0x1da/0x950 drivers/atm/atmtcp.c:297\nCode: 4d 8d 75 1a 4c 89 f0 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 15 06 00 00 41 0f b7 1e 4d 8d b7 60 05 00 00 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 13 06 00 00 66 41 89 1e 4d 8d 75 1c 4c\nRSP: 0018:ffffc90003f5f810 EFLAGS: 00010203\nRAX: 00000000200000ab RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88802a510000 RSI: 00000000ffffffff RDI: ffff888030a6068c\nRBP: ffff88802699fb40 R08: ffff888030a606eb R09: 1ffff1100614c0dd\nR10: dffffc0000000000 R11: ffffffff8718fc40 R12: dffffc0000000000\nR13: ffff888030a60680 R14: 000000010000055f R15: 00000000ffffffff\nFS: 00007f8d7e9236c0(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000045ad50 CR3: 0000000075bde000 CR4: 00000000003526f0\nCall Trace:\n \n vcc_sendmsg+0xa10/0xc60 net/atm/common.c:645\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n ____sys_sendmsg+0x505/0x830 net/socket.c:2614\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n __sys_sendmsg net/socket.c:2700 [inline]\n __do_sys_sendmsg net/socket.c:2705 [inline]\n __se_sys_sendmsg net/socket.c:2703 [inline]\n __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f8d7e96a4a9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f8d7e923198 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f8d7e9f4308 RCX: 00007f8d7e96a4a9\nRDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005\nRBP: 00007f8d7e9f4300 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f8d7e9c10ac\nR13: 00007f8d7e9231a0 R14: 0000200000000200 R15: 0000200000000250\n \nModules linked in:", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39828" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0a6a6d4fb333f7afe22e59ffed18511a7a98efc8", "url": "https://git.kernel.org/stable/c/0a6a6d4fb333f7afe22e59ffed18511a7a98efc8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/33f9e6dc66b32202b95fc861e6b3ea4b0c185b0b", "url": "https://git.kernel.org/stable/c/33f9e6dc66b32202b95fc861e6b3ea4b0c185b0b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3ab9f5ad9baefe6d3d4c37053cdfca2761001dfe", "url": "https://git.kernel.org/stable/c/3ab9f5ad9baefe6d3d4c37053cdfca2761001dfe" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3c80c230d6e3e6f63d43f4c3f0bb344e3e8b119b", "url": "https://git.kernel.org/stable/c/3c80c230d6e3e6f63d43f4c3f0bb344e3e8b119b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/51872b26429077be611b0a1816e0e722278015c3", "url": "https://git.kernel.org/stable/c/51872b26429077be611b0a1816e0e722278015c3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/62f368472b0aa4b5d91d9b983152855c6b6d8925", "url": "https://git.kernel.org/stable/c/62f368472b0aa4b5d91d9b983152855c6b6d8925" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b502f16bad8f0a4cfbd023452766f21bfda39dde", "url": "https://git.kernel.org/stable/c/b502f16bad8f0a4cfbd023452766f21bfda39dde" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ec79003c5f9d2c7f9576fc69b8dbda80305cbe3a", "url": "https://git.kernel.org/stable/c/ec79003c5f9d2c7f9576fc69b8dbda80305cbe3a" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-16T13:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39738", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not allow relocation of partially dropped subvolumes\n\n[BUG]\nThere is an internal report that balance triggered transaction abort,\nwith the following call trace:\n\n item 85 key (594509824 169 0) itemoff 12599 itemsize 33\n extent refs 1 gen 197740 flags 2\n ref#0: tree block backref root 7\n item 86 key (594558976 169 0) itemoff 12566 itemsize 33\n extent refs 1 gen 197522 flags 2\n ref#0: tree block backref root 7\n ...\n BTRFS error (device loop0): extent item not found for insert, bytenr 594526208 num_bytes 16384 parent 449921024 root_objectid 934 owner 1 offset 0\n BTRFS error (device loop0): failed to run delayed ref for logical 594526208 num_bytes 16384 type 182 action 1 ref_mod 1: -117\n ------------[ cut here ]------------\n BTRFS: Transaction aborted (error -117)\n WARNING: CPU: 1 PID: 6963 at ../fs/btrfs/extent-tree.c:2168 btrfs_run_delayed_refs+0xfa/0x110 [btrfs]\n\nAnd btrfs check doesn't report anything wrong related to the extent\ntree.\n\n[CAUSE]\nThe cause is a little complex, firstly the extent tree indeed doesn't\nhave the backref for 594526208.\n\nThe extent tree only have the following two backrefs around that bytenr\non-disk:\n\n item 65 key (594509824 METADATA_ITEM 0) itemoff 13880 itemsize 33\n refs 1 gen 197740 flags TREE_BLOCK\n tree block skinny level 0\n (176 0x7) tree block backref root CSUM_TREE\n item 66 key (594558976 METADATA_ITEM 0) itemoff 13847 itemsize 33\n refs 1 gen 197522 flags TREE_BLOCK\n tree block skinny level 0\n (176 0x7) tree block backref root CSUM_TREE\n\nBut the such missing backref item is not an corruption on disk, as the\noffending delayed ref belongs to subvolume 934, and that subvolume is\nbeing dropped:\n\n item 0 key (934 ROOT_ITEM 198229) itemoff 15844 itemsize 439\n generation 198229 root_dirid 256 bytenr 10741039104 byte_limit 0 bytes_used 345571328\n last_snapshot 198229 flags 0x1000000000001(RDONLY) refs 0\n drop_progress key (206324 EXTENT_DATA 2711650304) drop_level 2\n level 2 generation_v2 198229\n\nAnd that offending tree block 594526208 is inside the dropped range of\nthat subvolume. That explains why there is no backref item for that\nbytenr and why btrfs check is not reporting anything wrong.\n\nBut this also shows another problem, as btrfs will do all the orphan\nsubvolume cleanup at a read-write mount.\n\nSo half-dropped subvolume should not exist after an RW mount, and\nbalance itself is also exclusive to subvolume cleanup, meaning we\nshouldn't hit a subvolume half-dropped during relocation.\n\nThe root cause is, there is no orphan item for this subvolume.\nIn fact there are 5 subvolumes from around 2021 that have the same\nproblem.\n\nIt looks like the original report has some older kernels running, and\ncaused those zombie subvolumes.\n\nThankfully upstream commit 8d488a8c7ba2 (\"btrfs: fix subvolume/snapshot\ndeletion not triggered on mount\") has long fixed the bug.\n\n[ENHANCEMENT]\nFor repairing such old fs, btrfs-progs will be enhanced.\n\nConsidering how delayed the problem will show up (at run delayed ref\ntime) and at that time we have to abort transaction already, it is too\nlate.\n\nInstead here we reject any half-dropped subvolume for reloc tree at the\nearliest time, preventing confusion and extra time wasted on debugging\nsimilar bugs.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39738" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/125e94a4b76b7b75d194f85bedd628097d2121f0", "url": "https://git.kernel.org/stable/c/125e94a4b76b7b75d194f85bedd628097d2121f0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/39a93e1c9dbf7e11632efeb20fcf0fc1dcf64d51", "url": "https://git.kernel.org/stable/c/39a93e1c9dbf7e11632efeb20fcf0fc1dcf64d51" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4289b494ac553e74e86fed1c66b2bf9530bc1082", "url": "https://git.kernel.org/stable/c/4289b494ac553e74e86fed1c66b2bf9530bc1082" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4e403bd8e127d40dc7c05f06ee969c1ba1537ec5", "url": "https://git.kernel.org/stable/c/4e403bd8e127d40dc7c05f06ee969c1ba1537ec5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f83d4c81bda3b7d1813268ab77408f7a0ce691ff", "url": "https://git.kernel.org/stable/c/f83d4c81bda3b7d1813268ab77408f7a0ce691ff" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fa086b1398cf7e5f7dee7241bd5f2855cb5df8dc", "url": "https://git.kernel.org/stable/c/fa086b1398cf7e5f7dee7241bd5f2855cb5df8dc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fcb1f77b8ed8795608ca7a1f6505e2b07236c1f3", "url": "https://git.kernel.org/stable/c/fcb1f77b8ed8795608ca7a1f6505e2b07236c1f3" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-11T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68325", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_cake: Fix incorrect qlen reduction in cake_drop\n\nIn cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen\nand backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes\nthat the parent qdisc will enqueue the current packet. However, this\nassumption breaks when cake_enqueue() returns NET_XMIT_CN: the parent\nqdisc stops enqueuing current packet, leaving the tree qlen/backlog\naccounting inconsistent. This mismatch can lead to a NULL dereference\n(e.g., when the parent Qdisc is qfq_qdisc).\n\nThis patch computes the qlen/backlog delta in a more robust way by\nobserving the difference before and after the series of cake_drop()\ncalls, and then compensates the qdisc tree accounting if cake_enqueue()\nreturns NET_XMIT_CN.\n\nTo ensure correct compensation when ACK thinning is enabled, a new\nvariable is introduced to keep qlen unchanged.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68325" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0b6216f9b3d1c33c76f74511026e5de5385ee520", "url": "https://git.kernel.org/stable/c/0b6216f9b3d1c33c76f74511026e5de5385ee520" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/38abf6e931b169ea88d7529b49096f53a5dcf8fe", "url": "https://git.kernel.org/stable/c/38abf6e931b169ea88d7529b49096f53a5dcf8fe" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3ed6c458530a547ed0c9ea0b02b19bab620be88b", "url": "https://git.kernel.org/stable/c/3ed6c458530a547ed0c9ea0b02b19bab620be88b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/529c284cc2815c8350860e9a31722050fe7117cb", "url": "https://git.kernel.org/stable/c/529c284cc2815c8350860e9a31722050fe7117cb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9fefc78f7f02d71810776fdeb119a05a946a27cc", "url": "https://git.kernel.org/stable/c/9fefc78f7f02d71810776fdeb119a05a946a27cc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a3f4e3de41a3f115db35276c6b186ccbc913934a", "url": "https://git.kernel.org/stable/c/a3f4e3de41a3f115db35276c6b186ccbc913934a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d01f0e072dadb02fe10f436b940dd957aff0d7d4", "url": "https://git.kernel.org/stable/c/d01f0e072dadb02fe10f436b940dd957aff0d7d4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fcb91be52eb6e92e00b533ebd7c77fecada537e1", "url": "https://git.kernel.org/stable/c/fcb91be52eb6e92e00b533ebd7c77fecada537e1" } ], "release_date": "2025-12-18T15:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38230", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: validate AG parameters in dbMount() to prevent crashes\n\nValidate db_agheight, db_agwidth, and db_agstart in dbMount to catch\ncorrupted metadata early and avoid undefined behavior in dbAllocAG.\nLimits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE:\n\n- agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift\n (L2LPERCTL - 2*agheight) >= 0.\n- agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight))\n ensures agperlev >= 1.\n - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5).\n - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG;\n 2^(10 - 2*agheight) prevents division to 0.\n- agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within\n stree (size 1365).\n - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8).\n\nUBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9\nshift exponent -335544310 is negative\nCPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468\n dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400\n dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613\n jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105\n jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38230" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0c40fa81f850556e9aa0185fede9ef1112db7b39", "url": "https://git.kernel.org/stable/c/0c40fa81f850556e9aa0185fede9ef1112db7b39" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/37bfb464ddca87f203071b5bd562cd91ddc0b40a", "url": "https://git.kernel.org/stable/c/37bfb464ddca87f203071b5bd562cd91ddc0b40a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8b69608c6b6779a7ab07ce4467a56df90152cfb9", "url": "https://git.kernel.org/stable/c/8b69608c6b6779a7ab07ce4467a56df90152cfb9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9242ff6245527a3ebb693ddd175493b38ddca72f", "url": "https://git.kernel.org/stable/c/9242ff6245527a3ebb693ddd175493b38ddca72f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/95ae5ee6069d9a5945772625f289422ef659221a", "url": "https://git.kernel.org/stable/c/95ae5ee6069d9a5945772625f289422ef659221a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a4259e72363e1ea204a97292001a9fc36c7e52fd", "url": "https://git.kernel.org/stable/c/a4259e72363e1ea204a97292001a9fc36c7e52fd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b62a1e59d8716bbd2e73660743fe06acc97ed7d1", "url": "https://git.kernel.org/stable/c/b62a1e59d8716bbd2e73660743fe06acc97ed7d1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c3705c82b7406a15ef38a610d03bf6baa43d6e0c", "url": "https://git.kernel.org/stable/c/c3705c82b7406a15ef38a610d03bf6baa43d6e0c" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-07-04T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68229", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nscsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()\nIf the allocation of tl_hba->sh fails in tcm_loop_driver_probe() and we\nattempt to dereference it in tcm_loop_tpg_address_show() we will get a\nsegfault, see below for an example. So, check tl_hba->sh before\ndereferencing it.\nUnable to allocate struct scsi_host\nBUG: kernel NULL pointer dereference, address: 0000000000000194\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 1 PID: 8356 Comm: tokio-runtime-w Not tainted 6.6.104.2-4.azl3 #1\nHardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 09/28/2024\nRIP: 0010:tcm_loop_tpg_address_show+0x2e/0x50 [tcm_loop]\n...\nCall Trace:\n\nconfigfs_read_iter+0x12d/0x1d0 [configfs]\nvfs_read+0x1b5/0x300\nksys_read+0x6f/0xf0\n...", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68229" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40315", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Fix epfile null pointer access after ep enable.\n\nA race condition occurs when ffs_func_eps_enable() runs concurrently\nwith ffs_data_reset(). The ffs_data_clear() called in ffs_data_reset()\nsets ffs->epfiles to NULL before resetting ffs->eps_count to 0, leading\nto a NULL pointer dereference when accessing epfile->ep in\nffs_func_eps_enable() after successful usb_ep_enable().\n\nThe ffs->epfiles pointer is set to NULL in both ffs_data_clear() and\nffs_data_close() functions, and its modification is protected by the\nspinlock ffs->eps_lock. And the whole ffs_func_eps_enable() function\nis also protected by ffs->eps_lock.\n\nThus, add NULL pointer handling for ffs->epfiles in the\nffs_func_eps_enable() function to fix issues", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40315" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1c0dbd240be3f87cac321b14e17979b7e9cb6a8f", "url": "https://git.kernel.org/stable/c/1c0dbd240be3f87cac321b14e17979b7e9cb6a8f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/30880e9df27332403dd638a82c27921134b3630b", "url": "https://git.kernel.org/stable/c/30880e9df27332403dd638a82c27921134b3630b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9ec40fba7357df2d36f4c2e2f3b9b1a4fba0a272", "url": "https://git.kernel.org/stable/c/9ec40fba7357df2d36f4c2e2f3b9b1a4fba0a272" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b00d2572c16e8e59e979960d3383c2ae9cebd195", "url": "https://git.kernel.org/stable/c/b00d2572c16e8e59e979960d3383c2ae9cebd195" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c53e90563bc148e4e0ad09fe130ba2246d426ea6", "url": "https://git.kernel.org/stable/c/c53e90563bc148e4e0ad09fe130ba2246d426ea6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cfd6f1a7b42f62523c96d9703ef32b0dbc495ba4", "url": "https://git.kernel.org/stable/c/cfd6f1a7b42f62523c96d9703ef32b0dbc495ba4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d62b808d5c68a931ad0849a00a5e3be3dd7e0019", "url": "https://git.kernel.org/stable/c/d62b808d5c68a931ad0849a00a5e3be3dd7e0019" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fc1141a530dfc91f0ee19b7f422a2d24829584bc", "url": "https://git.kernel.org/stable/c/fc1141a530dfc91f0ee19b7f422a2d24829584bc" } ], "release_date": "2025-12-08T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38403", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/vmci: Clear the vmci transport packet properly when initializing it\n\nIn vmci_transport_packet_init memset the vmci_transport_packet before\npopulating the fields to avoid any uninitialised data being left in the\nstructure.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38403" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0a01021317375b8d1895152f544421ce49299eb1", "url": "https://git.kernel.org/stable/c/0a01021317375b8d1895152f544421ce49299eb1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/19c2cc01ff9a8031398a802676ffb0f4692dd95d", "url": "https://git.kernel.org/stable/c/19c2cc01ff9a8031398a802676ffb0f4692dd95d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1c1bcb0e78230f533b4103e8cf271d17c3f469f0", "url": "https://git.kernel.org/stable/c/1c1bcb0e78230f533b4103e8cf271d17c3f469f0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/223e2288f4b8c262a864e2c03964ffac91744cd5", "url": "https://git.kernel.org/stable/c/223e2288f4b8c262a864e2c03964ffac91744cd5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2d44723a091bc853272e1a51a488a3d22b80be5e", "url": "https://git.kernel.org/stable/c/2d44723a091bc853272e1a51a488a3d22b80be5e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/75705b44e0b9aaa74f4c163d93d388bcba9e386a", "url": "https://git.kernel.org/stable/c/75705b44e0b9aaa74f4c163d93d388bcba9e386a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/94d0c326cb3ee6b0f8bd00e209550b93fcc5c839", "url": "https://git.kernel.org/stable/c/94d0c326cb3ee6b0f8bd00e209550b93fcc5c839" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e9a673153d578fd439919a24e99851b2f87ecbce", "url": "https://git.kernel.org/stable/c/e9a673153d578fd439919a24e99851b2f87ecbce" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-07-25T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40283", "cwe": { "id": "CWE-825", "name": "Expired Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF\nThere is a KASAN: slab-use-after-free read in btusb_disconnect().\nCalling \"usb_driver_release_interface(&btusb_driver, data->intf)\" will\nfree the btusb data associated with the interface. The same data is\nthen used later in the function, hence the UAF.\nFix by moving the accesses to btusb data to before the data is free'd.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40283" } ], "release_date": "2025-12-06T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-38652", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid out-of-boundary access in devs.path\n\n- touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123\n- truncate -s $((1024*1024*1024)) \\\n /mnt/f2fs/012345678901234567890123456789012345678901234567890123\n- touch /mnt/f2fs/file\n- truncate -s $((1024*1024*1024)) /mnt/f2fs/file\n- mkfs.f2fs /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \\\n -c /mnt/f2fs/file\n- mount /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \\\n /mnt/f2fs/loop\n\n[16937.192225] F2FS-fs (loop0): Mount Device [ 0]: /mnt/f2fs/012345678901234567890123456789012345678901234567890123\\xff\\x01, 511, 0 - 3ffff\n[16937.192268] F2FS-fs (loop0): Failed to find devices\n\nIf device path length equals to MAX_PATH_LEN, sbi->devs.path[] may\nnot end up w/ null character due to path array is fully filled, So\naccidently, fields locate after path[] may be treated as part of\ndevice path, result in parsing wrong device path.\n\nstruct f2fs_dev_info {\n...\n\tchar path[MAX_PATH_LEN];\n...\n};\n\nLet's add one byte space for sbi->devs.path[] to store null\ncharacter of device path string.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38652" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1b1efa5f0e878745e94a98022e8edc675a87d78e", "url": "https://git.kernel.org/stable/c/1b1efa5f0e878745e94a98022e8edc675a87d78e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1cf1ff15f262e8baf12201b270b6a79f9d119b2d", "url": "https://git.kernel.org/stable/c/1cf1ff15f262e8baf12201b270b6a79f9d119b2d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/345fc8d1838f3f8be7c8ed08d86a13dedef67136", "url": "https://git.kernel.org/stable/c/345fc8d1838f3f8be7c8ed08d86a13dedef67136" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3466721f06edff834f99d9f49f23eabc6b2cb78e", "url": "https://git.kernel.org/stable/c/3466721f06edff834f99d9f49f23eabc6b2cb78e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5661998536af52848cc4d52a377e90368196edea", "url": "https://git.kernel.org/stable/c/5661998536af52848cc4d52a377e90368196edea" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/666b7cf6ac9aa074b8319a2b68cba7f2c30023f0", "url": "https://git.kernel.org/stable/c/666b7cf6ac9aa074b8319a2b68cba7f2c30023f0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/70849d33130a2cf1d6010069ed200669c8651fbd", "url": "https://git.kernel.org/stable/c/70849d33130a2cf1d6010069ed200669c8651fbd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/755427093e4294ac111c3f9e40d53f681a0fbdaa", "url": "https://git.kernel.org/stable/c/755427093e4294ac111c3f9e40d53f681a0fbdaa" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dc0172c74bd9edaee7bea2ebb35f3dbd37a8ae80", "url": "https://git.kernel.org/stable/c/dc0172c74bd9edaee7bea2ebb35f3dbd37a8ae80" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-08-22T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68192", "cwe": { "id": "CWE-824", "name": "Access of Uninitialized Pointer" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup\nRaw IP packets have no MAC header, leaving skb->mac_header uninitialized.\nThis can trigger kernel panics on ARM64 when xfrm or other subsystems\naccess the offset due to strict alignment checks.\nInitialize the MAC header to prevent such crashes.\nThis can trigger kernel panics on ARM when running IPsec over the\nqmimux0 interface.\nExample trace:\nInternal error: Oops: 000000009600004f [#1] SMP\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.34-gbe78e49cb433 #1\nHardware name: LS1028A RDB Board (DT)\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : xfrm_input+0xde8/0x1318\nlr : xfrm_input+0x61c/0x1318\nsp : ffff800080003b20\nCall trace:\nxfrm_input+0xde8/0x1318\nxfrm6_rcv+0x38/0x44\nxfrm6_esp_rcv+0x48/0xa8\nip6_protocol_deliver_rcu+0x94/0x4b0\nip6_input_finish+0x44/0x70\nip6_input+0x44/0xc0\nipv6_rcv+0x6c/0x114\n__netif_receive_skb_one_core+0x5c/0x8c\n__netif_receive_skb+0x18/0x60\nprocess_backlog+0x78/0x17c\n__napi_poll+0x38/0x180\nnet_rx_action+0x168/0x2f0", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68192" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40254", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type ('Type Confusion')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: openvswitch: remove never-working support for setting nsh fields\nThe validation of the set(nsh(...)) action is completely wrong.\nIt runs through the nsh_key_put_from_nlattr() function that is the\nsame function that validates NSH keys for the flow match and the\npush_nsh() action. However, the set(nsh(...)) has a very different\nmemory layout. Nested attributes in there are doubled in size in\ncase of the masked set(). That makes proper validation impossible.\nThere is also confusion in the code between the 'masked' flag, that\nsays that the nested attributes are doubled in size containing both\nthe value and the mask, and the 'is_mask' that says that the value\nwe're parsing is the mask. This is causing kernel crash on trying to\nwrite into mask part of the match with SW_FLOW_KEY_PUT() during\nvalidation, while validate_nsh() doesn't allocate any memory for it:\nBUG: kernel NULL pointer dereference, address: 0000000000000018\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 1c2383067 P4D 1c2383067 PUD 20b703067 PMD 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 8 UID: 0 Kdump: loaded Not tainted 6.17.0-rc4+ #107 PREEMPT(voluntary)\nRIP: 0010:nsh_key_put_from_nlattr+0x19d/0x610 [openvswitch]\nCall Trace:\n\nvalidate_nsh+0x60/0x90 [openvswitch]\nvalidate_set.constprop.0+0x270/0x3c0 [openvswitch]\n__ovs_nla_copy_actions+0x477/0x860 [openvswitch]\novs_nla_copy_actions+0x8d/0x100 [openvswitch]\novs_packet_cmd_execute+0x1cc/0x310 [openvswitch]\ngenl_family_rcv_msg_doit+0xdb/0x130\ngenl_family_rcv_msg+0x14b/0x220\ngenl_rcv_msg+0x47/0xa0\nnetlink_rcv_skb+0x53/0x100\ngenl_rcv+0x24/0x40\nnetlink_unicast+0x280/0x3b0\nnetlink_sendmsg+0x1f7/0x430\n____sys_sendmsg+0x36b/0x3a0\n___sys_sendmsg+0x87/0xd0\n__sys_sendmsg+0x6d/0xd0\ndo_syscall_64+0x7b/0x2c0\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nThe third issue with this process is that while trying to convert\nthe non-masked set into masked one, validate_set() copies and doubles\nthe size of the OVS_KEY_ATTR_NSH as if it didn't have any nested\nattributes. It should be copying each nested attribute and doubling\nthem in size independently. And the process must be properly reversed\nduring the conversion back from masked to a non-masked variant during\nthe flow dump.\nIn the end, the only two outcomes of trying to use this action are\neither validation failure or a kernel crash. And if somehow someone\nmanages to install a flow with such an action, it will most definitely\nnot do what it is supposed to, since all the keys and the masks are\nmixed up.\nFixing all the issues is a complex task as it requires re-writing\nmost of the validation code.\nGiven that and the fact that this functionality never worked since\nintroduction, let's just remove it altogether. It's better to\nre-introduce it later with a proper implementation instead of trying\nto fix it in stable releases.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40254" } ], "release_date": "2025-12-04T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-39783", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Fix configfs group list head handling\n\nDoing a list_del() on the epf_group field of struct pci_epf_driver in\npci_epf_remove_cfs() is not correct as this field is a list head, not\na list entry. This list_del() call triggers a KASAN warning when an\nendpoint function driver which has a configfs attribute group is torn\ndown:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in pci_epf_remove_cfs+0x17c/0x198\nWrite of size 8 at addr ffff00010f4a0d80 by task rmmod/319\n\nCPU: 3 UID: 0 PID: 319 Comm: rmmod Not tainted 6.16.0-rc2 #1 NONE\nHardware name: Radxa ROCK 5B (DT)\nCall trace:\nshow_stack+0x2c/0x84 (C)\ndump_stack_lvl+0x70/0x98\nprint_report+0x17c/0x538\nkasan_report+0xb8/0x190\n__asan_report_store8_noabort+0x20/0x2c\npci_epf_remove_cfs+0x17c/0x198\npci_epf_unregister_driver+0x18/0x30\nnvmet_pci_epf_cleanup_module+0x24/0x30 [nvmet_pci_epf]\n__arm64_sys_delete_module+0x264/0x424\ninvoke_syscall+0x70/0x260\nel0_svc_common.constprop.0+0xac/0x230\ndo_el0_svc+0x40/0x58\nel0_svc+0x48/0xdc\nel0t_64_sync_handler+0x10c/0x138\nel0t_64_sync+0x198/0x19c\n...\n\nRemove this incorrect list_del() call from pci_epf_remove_cfs().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39783" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0758862386f114d9ab1e23181461bd1e2e9ec4c6", "url": "https://git.kernel.org/stable/c/0758862386f114d9ab1e23181461bd1e2e9ec4c6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/409af8b9f7b4f23cd0464e71c6cd6fe13c076ae2", "url": "https://git.kernel.org/stable/c/409af8b9f7b4f23cd0464e71c6cd6fe13c076ae2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6cf65505523224cab1449d726d2ce8180c2941ee", "url": "https://git.kernel.org/stable/c/6cf65505523224cab1449d726d2ce8180c2941ee" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/80ea6e6904fb2ba4ccb5d909579988466ec65358", "url": "https://git.kernel.org/stable/c/80ea6e6904fb2ba4ccb5d909579988466ec65358" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a302bd89db35d8b7e279de4d2b41c16c7f191069", "url": "https://git.kernel.org/stable/c/a302bd89db35d8b7e279de4d2b41c16c7f191069" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d5aecddc3452371d9da82cdbb0c715812524b54b", "url": "https://git.kernel.org/stable/c/d5aecddc3452371d9da82cdbb0c715812524b54b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d79123d79a8154b4318529b7b2ff7e15806f480b", "url": "https://git.kernel.org/stable/c/d79123d79a8154b4318529b7b2ff7e15806f480b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dc4ffbd571716ff3b171418fb03abe80e720a7b1", "url": "https://git.kernel.org/stable/c/dc4ffbd571716ff3b171418fb03abe80e720a7b1" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-11T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39691", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/buffer: fix use-after-free when call bh_read() helper\n\nThere's issue as follows:\nBUG: KASAN: stack-out-of-bounds in end_buffer_read_sync+0xe3/0x110\nRead of size 8 at addr ffffc9000168f7f8 by task swapper/3/0\nCPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.16.0-862.14.0.6.x86_64\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n \n dump_stack_lvl+0x55/0x70\n print_address_description.constprop.0+0x2c/0x390\n print_report+0xb4/0x270\n kasan_report+0xb8/0xf0\n end_buffer_read_sync+0xe3/0x110\n end_bio_bh_io_sync+0x56/0x80\n blk_update_request+0x30a/0x720\n scsi_end_request+0x51/0x2b0\n scsi_io_completion+0xe3/0x480\n ? scsi_device_unbusy+0x11e/0x160\n blk_complete_reqs+0x7b/0x90\n handle_softirqs+0xef/0x370\n irq_exit_rcu+0xa5/0xd0\n sysvec_apic_timer_interrupt+0x6e/0x90\n \n\n Above issue happens when do ntfs3 filesystem mount, issue may happens\n as follows:\n mount IRQ\nntfs_fill_super\n read_cache_page\n do_read_cache_folio\n filemap_read_folio\n mpage_read_folio\n\t do_mpage_readpage\n\t ntfs_get_block_vbo\n\t bh_read\n\t submit_bh\n\t wait_on_buffer(bh);\n\t blk_complete_reqs\n\t\t\t\t scsi_io_completion\n\t\t\t\t scsi_end_request\n\t\t\t\t blk_update_request\n\t\t\t\t end_bio_bh_io_sync\n\t\t\t\t\t end_buffer_read_sync\n\t\t\t\t\t __end_buffer_read_notouch\n\t\t\t\t\t unlock_buffer\n\n wait_on_buffer(bh);--> return will return to caller\n\n\t\t\t\t\t put_bh\n\t\t\t\t\t --> trigger stack-out-of-bounds\nIn the mpage_read_folio() function, the stack variable 'map_bh' is\npassed to ntfs_get_block_vbo(). Once unlock_buffer() unlocks and\nwait_on_buffer() returns to continue processing, the stack variable\nis likely to be reclaimed. Consequently, during the end_buffer_read_sync()\nprocess, calling put_bh() may result in stack overrun.\n\nIf the bh is not allocated on the stack, it belongs to a folio. Freeing\na buffer head which belongs to a folio is done by drop_buffers() which\nwill fail to free buffers which are still locked. So it is safe to call\nput_bh() before __end_buffer_read_notouch().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39691" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/03b40bf5d0389ca23ae6857ee25789f0e0b47ce8", "url": "https://git.kernel.org/stable/c/03b40bf5d0389ca23ae6857ee25789f0e0b47ce8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/042cf48ecf67f72c8b3846c7fac678f472712ff3", "url": "https://git.kernel.org/stable/c/042cf48ecf67f72c8b3846c7fac678f472712ff3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3169edb8945c295cf89120fc6b2c35cfe3ad4c9e", "url": "https://git.kernel.org/stable/c/3169edb8945c295cf89120fc6b2c35cfe3ad4c9e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/70a09115da586bf662c3bae9c0c4a1b99251fad9", "url": "https://git.kernel.org/stable/c/70a09115da586bf662c3bae9c0c4a1b99251fad9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7375f22495e7cd1c5b3b5af9dcc4f6dffe34ce49", "url": "https://git.kernel.org/stable/c/7375f22495e7cd1c5b3b5af9dcc4f6dffe34ce49" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/90b5193edb323fefbee0e4e5bc39ed89dcc37719", "url": "https://git.kernel.org/stable/c/90b5193edb323fefbee0e4e5bc39ed89dcc37719" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c58c6b532b7b69537cfd9ef701c7e37cdcf79dc4", "url": "https://git.kernel.org/stable/c/c58c6b532b7b69537cfd9ef701c7e37cdcf79dc4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c5aa6ba1127307ab5dc3773eaf40d73a3423841f", "url": "https://git.kernel.org/stable/c/c5aa6ba1127307ab5dc3773eaf40d73a3423841f" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-05T18:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-22977", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sock: fix hardened usercopy panic in sock_recv_errqueue\n\nskbuff_fclone_cache was created without defining a usercopy region,\n[1] unlike skbuff_head_cache which properly whitelists the cb[] field.\n[2] This causes a usercopy BUG() when CONFIG_HARDENED_USERCOPY is\nenabled and the kernel attempts to copy sk_buff.cb data to userspace\nvia sock_recv_errqueue() -> put_cmsg().\n\nThe crash occurs when: 1. TCP allocates an skb using alloc_skb_fclone()\n (from skbuff_fclone_cache) [1]\n2. The skb is cloned via skb_clone() using the pre-allocated fclone\n[3] 3. The cloned skb is queued to sk_error_queue for timestamp\nreporting 4. Userspace reads the error queue via recvmsg(MSG_ERRQUEUE)\n5. sock_recv_errqueue() calls put_cmsg() to copy serr->ee from skb->cb\n[4] 6. __check_heap_object() fails because skbuff_fclone_cache has no\n usercopy whitelist [5]\n\nWhen cloned skbs allocated from skbuff_fclone_cache are used in the\nsocket error queue, accessing the sock_exterr_skb structure in skb->cb\nvia put_cmsg() triggers a usercopy hardening violation:\n\n[ 5.379589] usercopy: Kernel memory exposure attempt detected from SLUB object 'skbuff_fclone_cache' (offset 296, size 16)!\n[ 5.382796] kernel BUG at mm/usercopy.c:102!\n[ 5.383923] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\n[ 5.384903] CPU: 1 UID: 0 PID: 138 Comm: poc_put_cmsg Not tainted 6.12.57 #7\n[ 5.384903] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 5.384903] RIP: 0010:usercopy_abort+0x6c/0x80\n[ 5.384903] Code: 1a 86 51 48 c7 c2 40 15 1a 86 41 52 48 c7 c7 c0 15 1a 86 48 0f 45 d6 48 c7 c6 80 15 1a 86 48 89 c1 49 0f 45 f3 e8 84 27 88 ff <0f> 0b 490\n[ 5.384903] RSP: 0018:ffffc900006f77a8 EFLAGS: 00010246\n[ 5.384903] RAX: 000000000000006f RBX: ffff88800f0ad2a8 RCX: 1ffffffff0f72e74\n[ 5.384903] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff87b973a0\n[ 5.384903] RBP: 0000000000000010 R08: 0000000000000000 R09: fffffbfff0f72e74\n[ 5.384903] R10: 0000000000000003 R11: 79706f6372657375 R12: 0000000000000001\n[ 5.384903] R13: ffff88800f0ad2b8 R14: ffffea00003c2b40 R15: ffffea00003c2b00\n[ 5.384903] FS: 0000000011bc4380(0000) GS:ffff8880bf100000(0000) knlGS:0000000000000000\n[ 5.384903] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 5.384903] CR2: 000056aa3b8e5fe4 CR3: 000000000ea26004 CR4: 0000000000770ef0\n[ 5.384903] PKRU: 55555554\n[ 5.384903] Call Trace:\n[ 5.384903] \n[ 5.384903] __check_heap_object+0x9a/0xd0\n[ 5.384903] __check_object_size+0x46c/0x690\n[ 5.384903] put_cmsg+0x129/0x5e0\n[ 5.384903] sock_recv_errqueue+0x22f/0x380\n[ 5.384903] tls_sw_recvmsg+0x7ed/0x1960\n[ 5.384903] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 5.384903] ? schedule+0x6d/0x270\n[ 5.384903] ? srso_alias_return_thunk+0x5/0xfbef5\n[ 5.384903] ? mutex_unlock+0x81/0xd0\n[ 5.384903] ? __pfx_mutex_unlock+0x10/0x10\n[ 5.384903] ? __pfx_tls_sw_recvmsg+0x10/0x10\n[ 5.384903] ? _raw_spin_lock_irqsave+0x8f/0xf0\n[ 5.384903] ? _raw_read_unlock_irqrestore+0x20/0x40\n[ 5.384903] ? srso_alias_return_thunk+0x5/0xfbef5\n\nThe crash offset 296 corresponds to skb2->cb within skbuff_fclones:\n - sizeof(struct sk_buff) = 232 - offsetof(struct sk_buff, cb) = 40 -\n offset of skb2.cb in fclones = 232 + 40 = 272 - crash offset 296 =\n 272 + 24 (inside sock_exterr_skb.ee)\n\nThis patch uses a local stack variable as a bounce buffer to avoid the hardened usercopy check failure.\n\n[1] https://elixir.bootlin.com/linux/v6.12.62/source/net/ipv4/tcp.c#L885\n[2] https://elixir.bootlin.com/linux/v6.12.62/source/net/core/skbuff.c#L5104\n[3] https://elixir.bootlin.com/linux/v6.12.62/source/net/core/skbuff.c#L5566\n[4] https://elixir.bootlin.com/linux/v6.12.62/source/net/core/skbuff.c#L5491\n[5] https://elixir.bootlin.com/linux/v6.12.62/source/mm/slub.c#L5719", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-22977" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/005671c60fcf1dbdb8bddf12a62568fd5e4ec391", "url": "https://git.kernel.org/stable/c/005671c60fcf1dbdb8bddf12a62568fd5e4ec391" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2a71a1a8d0ed718b1c7a9ac61f07e5755c47ae20", "url": "https://git.kernel.org/stable/c/2a71a1a8d0ed718b1c7a9ac61f07e5755c47ae20" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/582a5e922a9652fcbb7d0165c95d5b20aa37575d", "url": "https://git.kernel.org/stable/c/582a5e922a9652fcbb7d0165c95d5b20aa37575d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/88dd6be7ebb3153b662c2cebcb06e032a92857f5", "url": "https://git.kernel.org/stable/c/88dd6be7ebb3153b662c2cebcb06e032a92857f5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8c6901aa29626e35045130bac09b75f791acca85", "url": "https://git.kernel.org/stable/c/8c6901aa29626e35045130bac09b75f791acca85" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c655d2167bf014d4c61b4faeca59b60ff9b9f6b1", "url": "https://git.kernel.org/stable/c/c655d2167bf014d4c61b4faeca59b60ff9b9f6b1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e00b169eaac5f7cdbf710c354c8fa76d02009115", "url": "https://git.kernel.org/stable/c/e00b169eaac5f7cdbf710c354c8fa76d02009115" } ], "release_date": "2026-01-21T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-38211", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\n\nThe commit 59c68ac31e15 (\"iw_cm: free cm_id resources on the last\nderef\") simplified cm_id resource management by freeing cm_id once all\nreferences to the cm_id were removed. The references are removed either\nupon completion of iw_cm event handlers or when the application destroys\nthe cm_id. This commit introduced the use-after-free condition where\ncm_id_private object could still be in use by event handler works during\nthe destruction of cm_id. The commit aee2424246f9 (\"RDMA/iwcm: Fix a\nuse-after-free related to destroying CM IDs\") addressed this use-after-\nfree by flushing all pending works at the cm_id destruction.\n\nHowever, still another use-after-free possibility remained. It happens\nwith the work objects allocated for each cm_id_priv within\nalloc_work_entries() during cm_id creation, and subsequently freed in\ndealloc_work_entries() once all references to the cm_id are removed.\nIf the cm_id's last reference is decremented in the event handler work,\nthe work object for the work itself gets removed, and causes the use-\nafter-free BUG below:\n\n BUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250\n Read of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091\n\n CPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n Workqueue: 0x0 (iw_cm_wq)\n Call Trace:\n \n dump_stack_lvl+0x6a/0x90\n print_report+0x174/0x554\n ? __virt_addr_valid+0x208/0x430\n ? __pwq_activate_work+0x1ff/0x250\n kasan_report+0xae/0x170\n ? __pwq_activate_work+0x1ff/0x250\n __pwq_activate_work+0x1ff/0x250\n pwq_dec_nr_in_flight+0x8c5/0xfb0\n process_one_work+0xc11/0x1460\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x16c/0x240\n worker_thread+0x5ef/0xfd0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x3b0/0x770\n ? __pfx_kthread+0x10/0x10\n ? rcu_is_watching+0x11/0xb0\n ? _raw_spin_unlock_irq+0x24/0x50\n ? rcu_is_watching+0x11/0xb0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n\n Allocated by task 147416:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n alloc_work_entries+0xa9/0x260 [iw_cm]\n iw_cm_connect+0x23/0x4a0 [iw_cm]\n rdma_connect_locked+0xbfd/0x1920 [rdma_cm]\n nvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma]\n cma_cm_event_handler+0xae/0x320 [rdma_cm]\n cma_work_handler+0x106/0x1b0 [rdma_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 147091:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kfree+0x13a/0x4b0\n dealloc_work_entries+0x125/0x1f0 [iw_cm]\n iwcm_deref_id+0x6f/0xa0 [iw_cm]\n cm_work_handler+0x136/0x1ba0 [iw_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x2c/0x50\n kasan_record_aux_stack+0xa3/0xb0\n __queue_work+0x2ff/0x1390\n queue_work_on+0x67/0xc0\n cm_event_handler+0x46a/0x820 [iw_cm]\n siw_cm_upcall+0x330/0x650 [siw]\n siw_cm_work_handler+0x6b9/0x2b20 [siw]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThis BUG is reproducible by repeating the blktests test case nvme/061\nfor the rdma transport and the siw driver.\n\nTo avoid the use-after-free of cm_id_private work objects, ensure that\nthe last reference to the cm_id is decremented not in the event handler\nworks, but in the cm_id destruction context. For that purpose, mo\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38211" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/013dcdf6f03bcedbaf1669e3db71c34a197715b2", "url": "https://git.kernel.org/stable/c/013dcdf6f03bcedbaf1669e3db71c34a197715b2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/23a707bbcbea468eedb398832eeb7e8e0ceafd21", "url": "https://git.kernel.org/stable/c/23a707bbcbea468eedb398832eeb7e8e0ceafd21" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3b4a50d733acad6831f6bd9288a76a80f70650ac", "url": "https://git.kernel.org/stable/c/3b4a50d733acad6831f6bd9288a76a80f70650ac" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6883b680e703c6b2efddb4e7a8d891ce1803d06b", "url": "https://git.kernel.org/stable/c/6883b680e703c6b2efddb4e7a8d891ce1803d06b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/764c9f69beabef8bdc651a7746c59f7a340d104f", "url": "https://git.kernel.org/stable/c/764c9f69beabef8bdc651a7746c59f7a340d104f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/78381dc8a6b61c9bb9987d37b4d671b99767c4a1", "url": "https://git.kernel.org/stable/c/78381dc8a6b61c9bb9987d37b4d671b99767c4a1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bf7eff5e3a36c54bbe8aff7fd6dd7c07490b81c5", "url": "https://git.kernel.org/stable/c/bf7eff5e3a36c54bbe8aff7fd6dd7c07490b81c5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fd960b5ddf4faf00da43babdd3acda68842e1f6a", "url": "https://git.kernel.org/stable/c/fd960b5ddf4faf00da43babdd3acda68842e1f6a" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-07-04T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40248", "cwe": { "id": "CWE-364", "name": "Signal Handler Race Condition" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nvsock: Ignore signal/timeout on connect() if already established\nDuring connect(), acting on a signal/timeout by disconnecting an already\nestablished socket leads to several issues:\n1. connect() invoking vsock_transport_cancel_pkt() ->\nvirtio_transport_purge_skbs() may race with sendmsg() invoking\nvirtio_transport_get_credit(). This results in a permanently elevated\n`vvs->bytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling.\n2. connect() resetting a connected socket's state may race with socket\nbeing placed in a sockmap. A disconnected socket remaining in a sockmap\nbreaks sockmap's assumptions. And gives rise to WARNs.\n3. connect() transitioning SS_CONNECTED -> SS_UNCONNECTED allows for a\ntransport change/drop after TCP_ESTABLISHED. Which poses a problem for\nany simultaneous sendmsg() or connect() and may result in a\nuse-after-free/null-ptr-deref.\nDo not disconnect socket on signal/timeout. Keep the logic for unconnected\nsockets: they don't linger, can't be placed in a sockmap, are rejected by\nsendmsg().\n[1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/\n[2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/\n[3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40248" } ], "release_date": "2025-12-04T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38666", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: appletalk: Fix use-after-free in AARP proxy probe\n\nThe AARP proxy‐probe routine (aarp_proxy_probe_network) sends a probe,\nreleases the aarp_lock, sleeps, then re-acquires the lock. During that\nwindow an expire timer thread (__aarp_expire_timer) can remove and\nkfree() the same entry, leading to a use-after-free.\n\nrace condition:\n\n cpu 0 | cpu 1\n atalk_sendmsg() | atif_proxy_probe_device()\n aarp_send_ddp() | aarp_proxy_probe_network()\n mod_timer() | lock(aarp_lock) // LOCK!!\n timeout around 200ms | alloc(aarp_entry)\n and then call | proxies[hash] = aarp_entry\n aarp_expire_timeout() | aarp_send_probe()\n | unlock(aarp_lock) // UNLOCK!!\n lock(aarp_lock) // LOCK!! | msleep(100);\n __aarp_expire_timer(&proxies[ct]) |\n free(aarp_entry) |\n unlock(aarp_lock) // UNLOCK!! |\n | lock(aarp_lock) // LOCK!!\n | UAF aarp_entry !!\n\n==================================================================\nBUG: KASAN: slab-use-after-free in aarp_proxy_probe_network+0x560/0x630 net/appletalk/aarp.c:493\nRead of size 4 at addr ffff8880123aa360 by task repro/13278\n\nCPU: 3 UID: 0 PID: 13278 Comm: repro Not tainted 6.15.2 #3 PREEMPT(full)\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc1/0x630 mm/kasan/report.c:521\n kasan_report+0xca/0x100 mm/kasan/report.c:634\n aarp_proxy_probe_network+0x560/0x630 net/appletalk/aarp.c:493\n atif_proxy_probe_device net/appletalk/ddp.c:332 [inline]\n atif_ioctl+0xb58/0x16c0 net/appletalk/ddp.c:857\n atalk_ioctl+0x198/0x2f0 net/appletalk/ddp.c:1818\n sock_do_ioctl+0xdc/0x260 net/socket.c:1190\n sock_ioctl+0x239/0x6a0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:906 [inline]\n __se_sys_ioctl fs/ioctl.c:892 [inline]\n __x64_sys_ioctl+0x194/0x200 fs/ioctl.c:892\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x250 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \n\nAllocated:\n aarp_alloc net/appletalk/aarp.c:382 [inline]\n aarp_proxy_probe_network+0xd8/0x630 net/appletalk/aarp.c:468\n atif_proxy_probe_device net/appletalk/ddp.c:332 [inline]\n atif_ioctl+0xb58/0x16c0 net/appletalk/ddp.c:857\n atalk_ioctl+0x198/0x2f0 net/appletalk/ddp.c:1818\n\nFreed:\n kfree+0x148/0x4d0 mm/slub.c:4841\n __aarp_expire net/appletalk/aarp.c:90 [inline]\n __aarp_expire_timer net/appletalk/aarp.c:261 [inline]\n aarp_expire_timeout+0x480/0x6e0 net/appletalk/aarp.c:317\n\nThe buggy address belongs to the object at ffff8880123aa300\n which belongs to the cache kmalloc-192 of size 192\nThe buggy address is located 96 bytes inside of\n freed 192-byte region [ffff8880123aa300, ffff8880123aa3c0)\n\nMemory state around the buggy address:\n ffff8880123aa200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff8880123aa280: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc\n>ffff8880123aa300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8880123aa380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc\n ffff8880123aa400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n==================================================================", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38666" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/186942d19c0222617ef61f50e1dba91e269a5963", "url": "https://git.kernel.org/stable/c/186942d19c0222617ef61f50e1dba91e269a5963" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2a6209e4649d45fd85d4193abc481911858ffc6f", "url": "https://git.kernel.org/stable/c/2a6209e4649d45fd85d4193abc481911858ffc6f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5f02ea0f63dd38c41539ea290fcc1693c73aa8e5", "url": "https://git.kernel.org/stable/c/5f02ea0f63dd38c41539ea290fcc1693c73aa8e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6c4a92d07b0850342d3becf2e608f805e972467c", "url": "https://git.kernel.org/stable/c/6c4a92d07b0850342d3becf2e608f805e972467c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/82d19a70ced28b17a38ebf1b6978c6c7db894979", "url": "https://git.kernel.org/stable/c/82d19a70ced28b17a38ebf1b6978c6c7db894979" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b35694ffabb2af308a1f725d70f60fd8a47d1f3e", "url": "https://git.kernel.org/stable/c/b35694ffabb2af308a1f725d70f60fd8a47d1f3e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e4f1564c5b699eb89b3040688fd6b4e57922f1f6", "url": "https://git.kernel.org/stable/c/e4f1564c5b699eb89b3040688fd6b4e57922f1f6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f90b6bb203f3f38bf2b3d976113d51571df9a482", "url": "https://git.kernel.org/stable/c/f90b6bb203f3f38bf2b3d976113d51571df9a482" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-08-22T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38680", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()\n\nThe buffer length check before calling uvc_parse_format() only ensured\nthat the buffer has at least 3 bytes (buflen > 2), buf the function\naccesses buffer[3], requiring at least 4 bytes.\n\nThis can lead to an out-of-bounds read if the buffer has exactly 3 bytes.\n\nFix it by checking that the buffer has at least 4 bytes in\nuvc_parse_format().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38680" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1e269581b3aa5962fdc52757ab40da286168c087", "url": "https://git.kernel.org/stable/c/1e269581b3aa5962fdc52757ab40da286168c087" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/424980d33b3f816485513e538610168b03fab9f1", "url": "https://git.kernel.org/stable/c/424980d33b3f816485513e538610168b03fab9f1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6d4a7c0b296162354b6fc759a1475b9d57ddfaa6", "url": "https://git.kernel.org/stable/c/6d4a7c0b296162354b6fc759a1475b9d57ddfaa6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/782b6a718651eda3478b1824b37a8b3185d2740c", "url": "https://git.kernel.org/stable/c/782b6a718651eda3478b1824b37a8b3185d2740c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8343f3fe0b755925f83d60b05e92bf4396879758", "url": "https://git.kernel.org/stable/c/8343f3fe0b755925f83d60b05e92bf4396879758" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9ad554217c9b945031c73df4e8176a475e2dea57", "url": "https://git.kernel.org/stable/c/9ad554217c9b945031c73df4e8176a475e2dea57" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a97e062e4ff3dab84a2f1eb811e9eddc6699e2a9", "url": "https://git.kernel.org/stable/c/a97e062e4ff3dab84a2f1eb811e9eddc6699e2a9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cac702a439050df65272c49184aef7975fe3eff2", "url": "https://git.kernel.org/stable/c/cac702a439050df65272c49184aef7975fe3eff2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ffdd82182953df643aa63d999b6f1653d0c93778", "url": "https://git.kernel.org/stable/c/ffdd82182953df643aa63d999b6f1653d0c93778" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-04T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-23061", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak\n\nFix similar memory leak as in commit 7352e1d5932a (\"can: gs_usb:\ngs_usb_receive_bulk_callback(): fix URB memory leak\").\n\nIn kvaser_usb_set_{,data_}bittiming() -> kvaser_usb_setup_rx_urbs(), the\nURBs for USB-in transfers are allocated, added to the dev->rx_submitted\nanchor and submitted. In the complete callback\nkvaser_usb_read_bulk_callback(), the URBs are processed and resubmitted. In\nkvaser_usb_remove_interfaces() the URBs are freed by calling\nusb_kill_anchored_urbs(&dev->rx_submitted).\n\nHowever, this does not take into account that the USB framework unanchors\nthe URB before the complete function is called. This means that once an\nin-URB has been completed, it is no longer anchored and is ultimately not\nreleased in usb_kill_anchored_urbs().\n\nFix the memory leak by anchoring the URB in the\nkvaser_usb_read_bulk_callback() to the dev->rx_submitted anchor.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-23061" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/248e8e1a125fa875158df521b30f2cc7e27eeeaa", "url": "https://git.kernel.org/stable/c/248e8e1a125fa875158df521b30f2cc7e27eeeaa" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3b1a593eab941c3f32417896cc7df564191f2482", "url": "https://git.kernel.org/stable/c/3b1a593eab941c3f32417896cc7df564191f2482" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/40a3334ffda479c63e416e61ff086485e24401f7", "url": "https://git.kernel.org/stable/c/40a3334ffda479c63e416e61ff086485e24401f7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7c308f7530bffafa994e0aa8dc651a312f4b9ff4", "url": "https://git.kernel.org/stable/c/7c308f7530bffafa994e0aa8dc651a312f4b9ff4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/94a7fc42e21c7d9d1c49778cd1db52de5df52a01", "url": "https://git.kernel.org/stable/c/94a7fc42e21c7d9d1c49778cd1db52de5df52a01" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c1b39fa24c140bc616f51fef4175c1743e2bb132", "url": "https://git.kernel.org/stable/c/c1b39fa24c140bc616f51fef4175c1743e2bb132" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d9d824582f2ec76459ffab449e9b05c7bc49645c", "url": "https://git.kernel.org/stable/c/d9d824582f2ec76459ffab449e9b05c7bc49645c" } ], "release_date": "2026-02-04T17:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40277", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ndrm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE\nThis data originates from userspace and is used in buffer offset\ncalculations which could potentially overflow causing an out-of-bounds\naccess.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40277" } ], "release_date": "2025-12-06T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-46830", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS\n\nGrab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly\nleave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX\nreads guest memory.\n\nNote, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN\nvia sync_regs(), which already holds SRCU. I.e. trying to precisely use\nkvm_vcpu_srcu_read_lock() around the problematic SMM code would cause\nproblems. Acquiring SRCU isn't all that expensive, so for simplicity,\ngrab it unconditionally for KVM_SET_VCPU_EVENTS.\n\n =============================\n WARNING: suspicious RCU usage\n 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted\n -----------------------------\n include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage!\n\n other info that might help us debug this:\n\n rcu_scheduler_active = 2, debug_locks = 1\n 1 lock held by repro/1071:\n #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n\n stack backtrace:\n CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n \n dump_stack_lvl+0x7f/0x90\n lockdep_rcu_suspicious+0x13f/0x1a0\n kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm]\n kvm_vcpu_read_guest+0x3e/0x90 [kvm]\n nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel]\n load_vmcs12_host_state+0x432/0xb40 [kvm_intel]\n vmx_leave_nested+0x30/0x40 [kvm_intel]\n kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm]\n kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm]\n ? mark_held_locks+0x49/0x70\n ? kvm_vcpu_ioctl+0x7d/0x970 [kvm]\n ? kvm_vcpu_ioctl+0x497/0x970 [kvm]\n kvm_vcpu_ioctl+0x497/0x970 [kvm]\n ? lock_acquire+0xba/0x2d0\n ? find_held_lock+0x2b/0x80\n ? do_user_addr_fault+0x40c/0x6f0\n ? lock_release+0xb7/0x270\n __x64_sys_ioctl+0x82/0xb0\n do_syscall_64+0x6c/0x170\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7ff11eb1b539\n ", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-46830" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1", "url": "https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2ee88da1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5f35099fa3d59caf10bda88b033538e90086684e", "url": "https://git.kernel.org/stable/c/5f35099fa3d59caf10bda88b033538e90086684e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e", "url": "https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9", "url": "https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228", "url": "https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html" } ], "release_date": "2024-09-27T13:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38715", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix slab-out-of-bounds in hfs_bnode_read()\n\nThis patch introduces is_bnode_offset_valid() method that checks\nthe requested offset value. Also, it introduces\ncheck_and_correct_requested_length() method that checks and\ncorrect the requested length (if it is necessary). These methods\nare used in hfs_bnode_read(), hfs_bnode_write(), hfs_bnode_clear(),\nhfs_bnode_copy(), and hfs_bnode_move() with the goal to prevent\nthe access out of allocated memory and triggering the crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38715" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/384a66b89f9540a9a8cb0f48807697dfabaece4c", "url": "https://git.kernel.org/stable/c/384a66b89f9540a9a8cb0f48807697dfabaece4c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/67ecc81f6492275c9c54280532f558483c99c90e", "url": "https://git.kernel.org/stable/c/67ecc81f6492275c9c54280532f558483c99c90e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a1a60e79502279f996e55052f50cc14919020475", "url": "https://git.kernel.org/stable/c/a1a60e79502279f996e55052f50cc14919020475" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a431930c9bac518bf99d6b1da526a7f37ddee8d8", "url": "https://git.kernel.org/stable/c/a431930c9bac518bf99d6b1da526a7f37ddee8d8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e7d2dc2421e821e4045775e6dc226378328de6f6", "url": "https://git.kernel.org/stable/c/e7d2dc2421e821e4045775e6dc226378328de6f6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/eec522fd0d28106b14a59ab2d658605febe4a3bb", "url": "https://git.kernel.org/stable/c/eec522fd0d28106b14a59ab2d658605febe4a3bb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/efc095b35b23297e419c2ab4fc1ed1a8f0781a29", "url": "https://git.kernel.org/stable/c/efc095b35b23297e419c2ab4fc1ed1a8f0781a29" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fc7f732984ec91f30be3e574e0644066d07f2b78", "url": "https://git.kernel.org/stable/c/fc7f732984ec91f30be3e574e0644066d07f2b78" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fe2891a9c43ab87d1a210d61e6438ca6936e2f62", "url": "https://git.kernel.org/stable/c/fe2891a9c43ab87d1a210d61e6438ca6936e2f62" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-04T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38677", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid out-of-boundary access in dnode page\n\nAs Jiaming Zhang reported:\n\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x17e/0x800 mm/kasan/report.c:480\n kasan_report+0x147/0x180 mm/kasan/report.c:593\n data_blkaddr fs/f2fs/f2fs.h:3053 [inline]\n f2fs_data_blkaddr fs/f2fs/f2fs.h:3058 [inline]\n f2fs_get_dnode_of_data+0x1a09/0x1c40 fs/f2fs/node.c:855\n f2fs_reserve_block+0x53/0x310 fs/f2fs/data.c:1195\n prepare_write_begin fs/f2fs/data.c:3395 [inline]\n f2fs_write_begin+0xf39/0x2190 fs/f2fs/data.c:3594\n generic_perform_write+0x2c7/0x910 mm/filemap.c:4112\n f2fs_buffered_write_iter fs/f2fs/file.c:4988 [inline]\n f2fs_file_write_iter+0x1ec8/0x2410 fs/f2fs/file.c:5216\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x546/0xa90 fs/read_write.c:686\n ksys_write+0x149/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf3/0x3d0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe root cause is in the corrupted image, there is a dnode has the same\nnode id w/ its inode, so during f2fs_get_dnode_of_data(), it tries to\naccess block address in dnode at offset 934, however it parses the dnode\nas inode node, so that get_dnode_addr() returns 360, then it tries to\naccess page address from 360 + 934 * 4 = 4096 w/ 4 bytes.\n\nTo fix this issue, let's add sanity check for node id of all direct nodes\nduring f2fs_get_dnode_of_data().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38677" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6b7784ea07e6aa044f74b39d6b5af5e28746fc81", "url": "https://git.kernel.org/stable/c/6b7784ea07e6aa044f74b39d6b5af5e28746fc81" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/77de19b6867f2740cdcb6c9c7e50d522b47847a4", "url": "https://git.kernel.org/stable/c/77de19b6867f2740cdcb6c9c7e50d522b47847a4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/888aa660144bcb6ec07839da756ee46bfcf7fc53", "url": "https://git.kernel.org/stable/c/888aa660144bcb6ec07839da756ee46bfcf7fc53" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/901f62efd6e855f93d8b1175540f29f4dc45ba55", "url": "https://git.kernel.org/stable/c/901f62efd6e855f93d8b1175540f29f4dc45ba55" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/92ef491b506a0f4dd971a3a76f86f2d8f5370180", "url": "https://git.kernel.org/stable/c/92ef491b506a0f4dd971a3a76f86f2d8f5370180" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a650654365c57407413e9b1f6ff4d539bf2e99ca", "url": "https://git.kernel.org/stable/c/a650654365c57407413e9b1f6ff4d539bf2e99ca" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ee4d13f5407cbdf1216cc258f45492075713889a", "url": "https://git.kernel.org/stable/c/ee4d13f5407cbdf1216cc258f45492075713889a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f1d5093d9fe9f3c74c123741c88666cc853b79c5", "url": "https://git.kernel.org/stable/c/f1d5093d9fe9f3c74c123741c88666cc853b79c5" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-08-30T10:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-37928", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-bufio: don't schedule in atomic context\n\nA BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and\ntry_verify_in_tasklet are enabled.\n[ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421\n[ 129.444723][ T934] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 934, name: kworker/1:4\n[ 129.444740][ T934] preempt_count: 201, expected: 0\n[ 129.444756][ T934] RCU nest depth: 0, expected: 0\n[ 129.444781][ T934] Preemption disabled at:\n[ 129.444789][ T934] [] shrink_work+0x21c/0x248\n[ 129.445167][ T934] kernel BUG at kernel/sched/walt/walt_debug.c:16!\n[ 129.445183][ T934] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n[ 129.445204][ T934] Skip md ftrace buffer dump for: 0x1609e0\n[ 129.447348][ T934] CPU: 1 PID: 934 Comm: kworker/1:4 Tainted: G W OE 6.6.56-android15-8-o-g6f82312b30b9-debug #1 1400000003000000474e5500b3187743670464e8\n[ 129.447362][ T934] Hardware name: Qualcomm Technologies, Inc. Parrot QRD, Alpha-M (DT)\n[ 129.447373][ T934] Workqueue: dm_bufio_cache shrink_work\n[ 129.447394][ T934] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 129.447406][ T934] pc : android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug]\n[ 129.447435][ T934] lr : __traceiter_android_rvh_schedule_bug+0x44/0x6c\n[ 129.447451][ T934] sp : ffffffc0843dbc90\n[ 129.447459][ T934] x29: ffffffc0843dbc90 x28: ffffffffffffffff x27: 0000000000000c8b\n[ 129.447479][ T934] x26: 0000000000000040 x25: ffffff804b3d6260 x24: ffffffd816232b68\n[ 129.447497][ T934] x23: ffffff805171c5b4 x22: 0000000000000000 x21: ffffffd816231900\n[ 129.447517][ T934] x20: ffffff80306ba898 x19: 0000000000000000 x18: ffffffc084159030\n[ 129.447535][ T934] x17: 00000000d2b5dd1f x16: 00000000d2b5dd1f x15: ffffffd816720358\n[ 129.447554][ T934] x14: 0000000000000004 x13: ffffff89ef978000 x12: 0000000000000003\n[ 129.447572][ T934] x11: ffffffd817a823c4 x10: 0000000000000202 x9 : 7e779c5735de9400\n[ 129.447591][ T934] x8 : ffffffd81560d004 x7 : 205b5d3938373434 x6 : ffffffd8167397c8\n[ 129.447610][ T934] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffffffc0843db9e0\n[ 129.447629][ T934] x2 : 0000000000002f15 x1 : 0000000000000000 x0 : 0000000000000000\n[ 129.447647][ T934] Call trace:\n[ 129.447655][ T934] android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug 1400000003000000474e550080cce8a8a78606b6]\n[ 129.447681][ T934] __might_resched+0x190/0x1a8\n[ 129.447694][ T934] shrink_work+0x180/0x248\n[ 129.447706][ T934] process_one_work+0x260/0x624\n[ 129.447718][ T934] worker_thread+0x28c/0x454\n[ 129.447729][ T934] kthread+0x118/0x158\n[ 129.447742][ T934] ret_from_fork+0x10/0x20\n[ 129.447761][ T934] Code: ???????? ???????? ???????? d2b5dd1f (d4210000)\n[ 129.447772][ T934] ---[ end trace 0000000000000000 ]---\n\ndm_bufio_lock will call spin_lock_bh when try_verify_in_tasklet\nis enabled, and __scan will be called in atomic context.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37928" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/69a37b3ba85088fc6b903b8e1db7f0a1d4d0b52d", "url": "https://git.kernel.org/stable/c/69a37b3ba85088fc6b903b8e1db7f0a1d4d0b52d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a3d8f0a7f5e8b193db509c7191fefeed3533fc44", "url": "https://git.kernel.org/stable/c/a3d8f0a7f5e8b193db509c7191fefeed3533fc44" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a99f5bf4f7197009859dbce14c12f8e2ce5a5a69", "url": "https://git.kernel.org/stable/c/a99f5bf4f7197009859dbce14c12f8e2ce5a5a69" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c8c83052283bcf2fdd467a33d1d2bd5ba36e935a", "url": "https://git.kernel.org/stable/c/c8c83052283bcf2fdd467a33d1d2bd5ba36e935a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f45108257280e0a1cc951ce254853721b40c0812", "url": "https://git.kernel.org/stable/c/f45108257280e0a1cc951ce254853721b40c0812" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html" } ], "release_date": "2025-05-20T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-22991", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: make free_choose_arg_map() resilient to partial allocation\n\nfree_choose_arg_map() may dereference a NULL pointer if its caller fails\nafter a partial allocation.\n\nFor example, in decode_choose_args(), if allocation of arg_map->args\nfails, execution jumps to the fail label and free_choose_arg_map() is\ncalled. Since arg_map->size is updated to a non-zero value before memory\nallocation, free_choose_arg_map() will iterate over arg_map->args and\ndereference a NULL pointer.\n\nTo prevent this potential NULL pointer dereference and make\nfree_choose_arg_map() more resilient, add checks for pointers before\niterating.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-22991" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8081faaf089db5280c3be820948469f7c58ef8dd", "url": "https://git.kernel.org/stable/c/8081faaf089db5280c3be820948469f7c58ef8dd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/851241d3f78a5505224dc21c03d8692f530256b4", "url": "https://git.kernel.org/stable/c/851241d3f78a5505224dc21c03d8692f530256b4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9b3730dabcf3764bfe3ff07caf55e641a0b45234", "url": "https://git.kernel.org/stable/c/9b3730dabcf3764bfe3ff07caf55e641a0b45234" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c4c2152a858c0ce4d2bff6ca8c1d5b0ef9f2cbdf", "url": "https://git.kernel.org/stable/c/c4c2152a858c0ce4d2bff6ca8c1d5b0ef9f2cbdf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e3fe30e57649c551757a02e1cad073c47e1e075e", "url": "https://git.kernel.org/stable/c/e3fe30e57649c551757a02e1cad073c47e1e075e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ec1850f663da64842614c86b20fe734be070c2ba", "url": "https://git.kernel.org/stable/c/ec1850f663da64842614c86b20fe734be070c2ba" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f21c3fdb96833aac2f533506899fe38c19cf49d5", "url": "https://git.kernel.org/stable/c/f21c3fdb96833aac2f533506899fe38c19cf49d5" } ], "release_date": "2026-01-23T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40282", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: 6lowpan: reset link-local header on ipv6 recv path\n\nBluetooth 6lowpan.c netdev has header_ops, so it must set link-local\nheader for RX skb, otherwise things crash, eg. with AF_PACKET SOCK_RAW\n\nAdd missing skb_reset_mac_header() for uncompressed ipv6 RX path.\n\nFor the compressed one, it is done in lowpan_header_decompress().\n\nLog: (BlueZ 6lowpan-tester Client Recv Raw - Success)\n------\nkernel BUG at net/core/skbuff.c:212!\nCall Trace:\n\n...\npacket_rcv (net/packet/af_packet.c:2152)\n...\n\n__local_bh_enable_ip (kernel/softirq.c:407)\nnetif_rx (net/core/dev.c:5648)\nchan_recv_cb (net/bluetooth/6lowpan.c:294 net/bluetooth/6lowpan.c:359)\n------", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40282" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/11cd7e068381666f842ad41d1cc58eecd0c75237", "url": "https://git.kernel.org/stable/c/11cd7e068381666f842ad41d1cc58eecd0c75237" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3b78f50918276ab28fb22eac9aa49401ac436a3b", "url": "https://git.kernel.org/stable/c/3b78f50918276ab28fb22eac9aa49401ac436a3b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4ebb90c3c309e6375dc3e841af92e2a039843e62", "url": "https://git.kernel.org/stable/c/4ebb90c3c309e6375dc3e841af92e2a039843e62" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/70d84e7c3a44b81020a3c3d650a64c63593405bd", "url": "https://git.kernel.org/stable/c/70d84e7c3a44b81020a3c3d650a64c63593405bd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/973e0271754c77db3e1b6b69adf2de85a79a4c8b", "url": "https://git.kernel.org/stable/c/973e0271754c77db3e1b6b69adf2de85a79a4c8b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c24ac6cfe4f9a47180a65592c47e7a310d2f9d93", "url": "https://git.kernel.org/stable/c/c24ac6cfe4f9a47180a65592c47e7a310d2f9d93" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d566e9a2bfc848941b091ffd5f4e12c4e889d818", "url": "https://git.kernel.org/stable/c/d566e9a2bfc848941b091ffd5f4e12c4e889d818" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ea46a1d217bc82e01cf3d0424e50ebfe251e34bf", "url": "https://git.kernel.org/stable/c/ea46a1d217bc82e01cf3d0424e50ebfe251e34bf" } ], "release_date": "2025-12-06T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-23060", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec\n\nauthencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than\nthe minimum expected length, crypto_authenc_esn_decrypt() can advance past\nthe end of the destination scatterlist and trigger a NULL pointer dereference\nin scatterwalk_map_and_copy(), leading to a kernel panic (DoS).\n\nAdd a minimum AAD length check to fail fast on invalid inputs.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-23060" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/161bdc90fce25bd9890adc67fa1c8563a7acbf40", "url": "https://git.kernel.org/stable/c/161bdc90fce25bd9890adc67fa1c8563a7acbf40" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2397e9264676be7794f8f7f1e9763d90bd3c7335", "url": "https://git.kernel.org/stable/c/2397e9264676be7794f8f7f1e9763d90bd3c7335" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/767e8349f7e929b7dd95c08f0b4cb353459b365e", "url": "https://git.kernel.org/stable/c/767e8349f7e929b7dd95c08f0b4cb353459b365e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9532ff0d0e90ff78a214299f594ab9bac81defe4", "url": "https://git.kernel.org/stable/c/9532ff0d0e90ff78a214299f594ab9bac81defe4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b0a9609283a5c852addb513dafa655c61eebc1ef", "url": "https://git.kernel.org/stable/c/b0a9609283a5c852addb513dafa655c61eebc1ef" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/df22c9a65e9a9daa368a72fed596af9d7d5876bb", "url": "https://git.kernel.org/stable/c/df22c9a65e9a9daa368a72fed596af9d7d5876bb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fee86edf5803f1d1f19e3b4f2dacac241bddfa48", "url": "https://git.kernel.org/stable/c/fee86edf5803f1d1f19e3b4f2dacac241bddfa48" } ], "release_date": "2026-02-04T17:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-38714", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()\n\nThe hfsplus_bnode_read() method can trigger the issue:\n\n[ 174.852007][ T9784] ==================================================================\n[ 174.852709][ T9784] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x2f4/0x360\n[ 174.853412][ T9784] Read of size 8 at addr ffff88810b5fc6c0 by task repro/9784\n[ 174.854059][ T9784]\n[ 174.854272][ T9784] CPU: 1 UID: 0 PID: 9784 Comm: repro Not tainted 6.16.0-rc3 #7 PREEMPT(full)\n[ 174.854281][ T9784] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 174.854286][ T9784] Call Trace:\n[ 174.854289][ T9784] \n[ 174.854292][ T9784] dump_stack_lvl+0x10e/0x1f0\n[ 174.854305][ T9784] print_report+0xd0/0x660\n[ 174.854315][ T9784] ? __virt_addr_valid+0x81/0x610\n[ 174.854323][ T9784] ? __phys_addr+0xe8/0x180\n[ 174.854330][ T9784] ? hfsplus_bnode_read+0x2f4/0x360\n[ 174.854337][ T9784] kasan_report+0xc6/0x100\n[ 174.854346][ T9784] ? hfsplus_bnode_read+0x2f4/0x360\n[ 174.854354][ T9784] hfsplus_bnode_read+0x2f4/0x360\n[ 174.854362][ T9784] hfsplus_bnode_dump+0x2ec/0x380\n[ 174.854370][ T9784] ? __pfx_hfsplus_bnode_dump+0x10/0x10\n[ 174.854377][ T9784] ? hfsplus_bnode_write_u16+0x83/0xb0\n[ 174.854385][ T9784] ? srcu_gp_start+0xd0/0x310\n[ 174.854393][ T9784] ? __mark_inode_dirty+0x29e/0xe40\n[ 174.854402][ T9784] hfsplus_brec_remove+0x3d2/0x4e0\n[ 174.854411][ T9784] __hfsplus_delete_attr+0x290/0x3a0\n[ 174.854419][ T9784] ? __pfx_hfs_find_1st_rec_by_cnid+0x10/0x10\n[ 174.854427][ T9784] ? __pfx___hfsplus_delete_attr+0x10/0x10\n[ 174.854436][ T9784] ? __asan_memset+0x23/0x50\n[ 174.854450][ T9784] hfsplus_delete_all_attrs+0x262/0x320\n[ 174.854459][ T9784] ? __pfx_hfsplus_delete_all_attrs+0x10/0x10\n[ 174.854469][ T9784] ? rcu_is_watching+0x12/0xc0\n[ 174.854476][ T9784] ? __mark_inode_dirty+0x29e/0xe40\n[ 174.854483][ T9784] hfsplus_delete_cat+0x845/0xde0\n[ 174.854493][ T9784] ? __pfx_hfsplus_delete_cat+0x10/0x10\n[ 174.854507][ T9784] hfsplus_unlink+0x1ca/0x7c0\n[ 174.854516][ T9784] ? __pfx_hfsplus_unlink+0x10/0x10\n[ 174.854525][ T9784] ? down_write+0x148/0x200\n[ 174.854532][ T9784] ? __pfx_down_write+0x10/0x10\n[ 174.854540][ T9784] vfs_unlink+0x2fe/0x9b0\n[ 174.854549][ T9784] do_unlinkat+0x490/0x670\n[ 174.854557][ T9784] ? __pfx_do_unlinkat+0x10/0x10\n[ 174.854565][ T9784] ? __might_fault+0xbc/0x130\n[ 174.854576][ T9784] ? getname_flags.part.0+0x1c5/0x550\n[ 174.854584][ T9784] __x64_sys_unlink+0xc5/0x110\n[ 174.854592][ T9784] do_syscall_64+0xc9/0x480\n[ 174.854600][ T9784] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 174.854608][ T9784] RIP: 0033:0x7f6fdf4c3167\n[ 174.854614][ T9784] Code: f0 ff ff 73 01 c3 48 8b 0d 26 0d 0e 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 08\n[ 174.854622][ T9784] RSP: 002b:00007ffcb948bca8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057\n[ 174.854630][ T9784] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6fdf4c3167\n[ 174.854636][ T9784] RDX: 00007ffcb948bcc0 RSI: 00007ffcb948bcc0 RDI: 00007ffcb948bd50\n[ 174.854641][ T9784] RBP: 00007ffcb948cd90 R08: 0000000000000001 R09: 00007ffcb948bb40\n[ 174.854645][ T9784] R10: 00007f6fdf564fc0 R11: 0000000000000206 R12: 0000561e1bc9c2d0\n[ 174.854650][ T9784] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 174.854658][ T9784] \n[ 174.854661][ T9784]\n[ 174.879281][ T9784] Allocated by task 9784:\n[ 174.879664][ T9784] kasan_save_stack+0x20/0x40\n[ 174.880082][ T9784] kasan_save_track+0x14/0x30\n[ 174.880500][ T9784] __kasan_kmalloc+0xaa/0xb0\n[ 174.880908][ T9784] __kmalloc_noprof+0x205/0x550\n[ 174.881337][ T9784] __hfs_bnode_create+0x107/0x890\n[ 174.881779][ T9784] hfsplus_bnode_find+0x2d0/0xd10\n[ 174.882222][ T9784] hfsplus_brec_find+0x2b0/0x520\n[ 174.882659][ T9784] hfsplus_delete_all_attrs+0x23b/0x3\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38714" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/032f7ed6717a4cd3714f9801be39fdfc7f1c7644", "url": "https://git.kernel.org/stable/c/032f7ed6717a4cd3714f9801be39fdfc7f1c7644" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/291b7f2538920aa229500dbdd6c5f0927a51bc8b", "url": "https://git.kernel.org/stable/c/291b7f2538920aa229500dbdd6c5f0927a51bc8b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/475d770c19929082aab43337e6c077d0e2043df3", "url": "https://git.kernel.org/stable/c/475d770c19929082aab43337e6c077d0e2043df3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5ab59229bef6063edf3a6fc2e3e3fd7cd2181b29", "url": "https://git.kernel.org/stable/c/5ab59229bef6063edf3a6fc2e3e3fd7cd2181b29" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7fa4cef8ea13b37811287ef60674c5fd1dd02ee6", "url": "https://git.kernel.org/stable/c/7fa4cef8ea13b37811287ef60674c5fd1dd02ee6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8583d067ae22b7f32ce5277ca5543ac8bf86a3e5", "url": "https://git.kernel.org/stable/c/8583d067ae22b7f32ce5277ca5543ac8bf86a3e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a2abd574d2fe22b8464cf6df5abb6f24d809eac0", "url": "https://git.kernel.org/stable/c/a2abd574d2fe22b8464cf6df5abb6f24d809eac0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c80aa2aaaa5e69d5219c6af8ef7e754114bd08d2", "url": "https://git.kernel.org/stable/c/c80aa2aaaa5e69d5219c6af8ef7e754114bd08d2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ffee8a7bed0fbfe29da239a922b59c5db897c613", "url": "https://git.kernel.org/stable/c/ffee8a7bed0fbfe29da239a922b59c5db897c613" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-04T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40308", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: bcsp: receive data only if registered\nCurrently, bcsp_recv() can be called even when the BCSP protocol has not\nbeen registered. This leads to a NULL pointer dereference, as shown in\nthe following stack trace:\nKASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]\nRIP: 0010:bcsp_recv+0x13d/0x1740 drivers/bluetooth/hci_bcsp.c:590\nCall Trace:\n\nhci_uart_tty_receive+0x194/0x220 drivers/bluetooth/hci_ldisc.c:627\ntiocsti+0x23c/0x2c0 drivers/tty/tty_io.c:2290\ntty_ioctl+0x626/0xde0 drivers/tty/tty_io.c:2706\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:907 [inline]\n__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nTo prevent this, ensure that the HCI_UART_REGISTERED flag is set before\nprocessing received data. If the protocol is not registered, return\n-EUNATCH.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40308" } ], "release_date": "2025-12-08T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-38024", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug\n\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xcf/0x610 mm/kasan/report.c:489\n kasan_report+0xb5/0xe0 mm/kasan/report.c:602\n rxe_queue_cleanup+0xd0/0xe0 drivers/infiniband/sw/rxe/rxe_queue.c:195\n rxe_cq_cleanup+0x3f/0x50 drivers/infiniband/sw/rxe/rxe_cq.c:132\n __rxe_cleanup+0x168/0x300 drivers/infiniband/sw/rxe/rxe_pool.c:232\n rxe_create_cq+0x22e/0x3a0 drivers/infiniband/sw/rxe/rxe_verbs.c:1109\n create_cq+0x658/0xb90 drivers/infiniband/core/uverbs_cmd.c:1052\n ib_uverbs_create_cq+0xc7/0x120 drivers/infiniband/core/uverbs_cmd.c:1095\n ib_uverbs_write+0x969/0xc90 drivers/infiniband/core/uverbs_main.c:679\n vfs_write fs/read_write.c:677 [inline]\n vfs_write+0x26a/0xcc0 fs/read_write.c:659\n ksys_write+0x1b8/0x200 fs/read_write.c:731\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nIn the function rxe_create_cq, when rxe_cq_from_init fails, the function\nrxe_cleanup will be called to handle the allocated resources. In fact,\nsome memory resources have already been freed in the function\nrxe_cq_from_init. Thus, this problem will occur.\n\nThe solution is to let rxe_cleanup do all the work.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38024" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/16c45ced0b3839d3eee72a86bb172bef6cf58980", "url": "https://git.kernel.org/stable/c/16c45ced0b3839d3eee72a86bb172bef6cf58980" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/336edd6b0f5b7fbffc3e065285610624f59e88df", "url": "https://git.kernel.org/stable/c/336edd6b0f5b7fbffc3e065285610624f59e88df" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3a3b73e135e3bd18423d0baa72571319c7feb759", "url": "https://git.kernel.org/stable/c/3a3b73e135e3bd18423d0baa72571319c7feb759" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/52daccfc3fa68ee1902d52124921453d7a335591", "url": "https://git.kernel.org/stable/c/52daccfc3fa68ee1902d52124921453d7a335591" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7c7c80c32e00665234e373ab03fe82f5c5c2c230", "url": "https://git.kernel.org/stable/c/7c7c80c32e00665234e373ab03fe82f5c5c2c230" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ee4c5a2a38596d548566560c0c022ab797e6f71a", "url": "https://git.kernel.org/stable/c/ee4c5a2a38596d548566560c0c022ab797e6f71a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f81b33582f9339d2dc17c69b92040d3650bb4bae", "url": "https://git.kernel.org/stable/c/f81b33582f9339d2dc17c69b92040d3650bb4bae" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f8f470e3a757425a8f98fb9a5991e3cf62fc7134", "url": "https://git.kernel.org/stable/c/f8f470e3a757425a8f98fb9a5991e3cf62fc7134" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html", "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" } ], "release_date": "2025-06-18T10:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38004", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: add locking for bcm_op runtime updates\n\nThe CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via\nhrtimer. The content and also the length of the sequence can be changed\nresp reduced at runtime where the 'currframe' counter is then set to zero.\n\nAlthough this appeared to be a safe operation the updates of 'currframe'\ncan be triggered from user space and hrtimer context in bcm_can_tx().\nAnderson Nascimento created a proof of concept that triggered a KASAN\nslab-out-of-bounds read access which can be prevented with a spin_lock_bh.\n\nAt the rework of bcm_can_tx() the 'count' variable has been moved into\nthe protected section as this variable can be modified from both contexts\ntoo.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38004" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2a437b86ac5a9893c902f30ef66815bf13587bf6", "url": "https://git.kernel.org/stable/c/2a437b86ac5a9893c902f30ef66815bf13587bf6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7595de7bc56e0e52b74e56c90f7e247bf626d628", "url": "https://git.kernel.org/stable/c/7595de7bc56e0e52b74e56c90f7e247bf626d628" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/76c84c3728178b2d38d5604e399dfe8b0752645e", "url": "https://git.kernel.org/stable/c/76c84c3728178b2d38d5604e399dfe8b0752645e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f1c022541bf5a923c8d6fa483112c15250f30a4", "url": "https://git.kernel.org/stable/c/8f1c022541bf5a923c8d6fa483112c15250f30a4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c2aba69d0c36a496ab4f2e81e9c2b271f2693fd7", "url": "https://git.kernel.org/stable/c/c2aba69d0c36a496ab4f2e81e9c2b271f2693fd7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c4e8a172501e677ebd8ea9d9161d97dc4df56fbd", "url": "https://git.kernel.org/stable/c/c4e8a172501e677ebd8ea9d9161d97dc4df56fbd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cc55dd28c20a6611e30596019b3b2f636819a4c0", "url": "https://git.kernel.org/stable/c/cc55dd28c20a6611e30596019b3b2f636819a4c0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fbd8fdc2b218e979cfe422b139b8f74c12419d1f", "url": "https://git.kernel.org/stable/c/fbd8fdc2b218e979cfe422b139b8f74c12419d1f" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-06-08T11:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-71154", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: rtl8150: fix memory leak on usb_submit_urb() failure\n\nIn async_set_registers(), when usb_submit_urb() fails, the allocated\n async_req structure and URB are not freed, causing a memory leak.\n\n The completion callback async_set_reg_cb() is responsible for freeing\n these allocations, but it is only called after the URB is successfully\n submitted and completes (successfully or with error). If submission\n fails, the callback never runs and the memory is leaked.\n\n Fix this by freeing both the URB and the request structure in the error\n path when usb_submit_urb() fails.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-71154" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/12cab1191d9890097171156d06bfa8d31f1e39c8", "url": "https://git.kernel.org/stable/c/12cab1191d9890097171156d06bfa8d31f1e39c8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/151403e903840c9cf06754097b6732c14f26c532", "url": "https://git.kernel.org/stable/c/151403e903840c9cf06754097b6732c14f26c532" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2f966186b99550e3c665dbfb87b8314e30acea02", "url": "https://git.kernel.org/stable/c/2f966186b99550e3c665dbfb87b8314e30acea02" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4bd4ea3eb326608ffc296db12c105f92dc2f2190", "url": "https://git.kernel.org/stable/c/4bd4ea3eb326608ffc296db12c105f92dc2f2190" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6492ad6439ff1a479fc94dc6052df3628faed8b6", "url": "https://git.kernel.org/stable/c/6492ad6439ff1a479fc94dc6052df3628faed8b6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a4e2442d3c48355a84463342f397134f149936d7", "url": "https://git.kernel.org/stable/c/a4e2442d3c48355a84463342f397134f149936d7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/db2244c580540306d60ce783ed340190720cd429", "url": "https://git.kernel.org/stable/c/db2244c580540306d60ce783ed340190720cd429" } ], "release_date": "2026-01-23T15:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-71089", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: disable SVA when CONFIG_X86 is set\n\nPatch series \"Fix stale IOTLB entries for kernel address space\", v7.\n\nThis proposes a fix for a security vulnerability related to IOMMU Shared\nVirtual Addressing (SVA). In an SVA context, an IOMMU can cache kernel\npage table entries. When a kernel page table page is freed and\nreallocated for another purpose, the IOMMU might still hold stale,\nincorrect entries. This can be exploited to cause a use-after-free or\nwrite-after-free condition, potentially leading to privilege escalation or\ndata corruption.\n\nThis solution introduces a deferred freeing mechanism for kernel page\ntable pages, which provides a safe window to notify the IOMMU to\ninvalidate its caches before the page is reused.\n\n\nThis patch (of 8):\n\nIn the IOMMU Shared Virtual Addressing (SVA) context, the IOMMU hardware\nshares and walks the CPU's page tables. The x86 architecture maps the\nkernel's virtual address space into the upper portion of every process's\npage table. Consequently, in an SVA context, the IOMMU hardware can walk\nand cache kernel page table entries.\n\nThe Linux kernel currently lacks a notification mechanism for kernel page\ntable changes, specifically when page table pages are freed and reused. \nThe IOMMU driver is only notified of changes to user virtual address\nmappings. This can cause the IOMMU's internal caches to retain stale\nentries for kernel VA.\n\nUse-After-Free (UAF) and Write-After-Free (WAF) conditions arise when\nkernel page table pages are freed and later reallocated. The IOMMU could\nmisinterpret the new data as valid page table entries. The IOMMU might\nthen walk into attacker-controlled memory, leading to arbitrary physical\nmemory DMA access or privilege escalation. This is also a\nWrite-After-Free issue, as the IOMMU will potentially continue to write\nAccessed and Dirty bits to the freed memory while attempting to walk the\nstale page tables.\n\nCurrently, SVA contexts are unprivileged and cannot access kernel\nmappings. However, the IOMMU will still walk kernel-only page tables all\nthe way down to the leaf entries, where it realizes the mapping is for the\nkernel and errors out. This means the IOMMU still caches these\nintermediate page table entries, making the described vulnerability a real\nconcern.\n\nDisable SVA on x86 architecture until the IOMMU can receive notification\nto flush the paging cache before freeing the CPU kernel page table pages.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-71089" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/240cd7f2812cc25496b12063d11c823618f364e9", "url": "https://git.kernel.org/stable/c/240cd7f2812cc25496b12063d11c823618f364e9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/72f98ef9a4be30d2a60136dd6faee376f780d06c", "url": "https://git.kernel.org/stable/c/72f98ef9a4be30d2a60136dd6faee376f780d06c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7cad37e358970af1bb49030ff01f06a69fa7d985", "url": "https://git.kernel.org/stable/c/7cad37e358970af1bb49030ff01f06a69fa7d985" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b34289505180a83607fcfdce14b5a290d0528476", "url": "https://git.kernel.org/stable/c/b34289505180a83607fcfdce14b5a290d0528476" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c2c3f1a3fd74ef16cf115f0c558616a13a8471b4", "url": "https://git.kernel.org/stable/c/c2c3f1a3fd74ef16cf115f0c558616a13a8471b4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c341dee80b5df49a936182341b36395c831c2661", "url": "https://git.kernel.org/stable/c/c341dee80b5df49a936182341b36395c831c2661" } ], "release_date": "2026-01-13T16:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40149", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().\n\nget_netdev_for_sock() is called during setsockopt(),\nso not under RCU.\n\nUsing sk_dst_get(sk)->dev could trigger UAF.\n\nLet's use __sk_dst_get() and dst_dev_rcu().\n\nNote that the only ->ndo_sk_get_lower_dev() user is\nbond_sk_get_lower_dev(), which uses RCU.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40149" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/13159c7125636371543a82cb7bbae00ab36730cc", "url": "https://git.kernel.org/stable/c/13159c7125636371543a82cb7bbae00ab36730cc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2b1bef126bbb8d0da51491357559126d567c1dee", "url": "https://git.kernel.org/stable/c/2b1bef126bbb8d0da51491357559126d567c1dee" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c65f27b9c3be2269918e1cbad6d8884741f835c5", "url": "https://git.kernel.org/stable/c/c65f27b9c3be2269918e1cbad6d8884741f835c5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e37ca0092ddace60833790b4ad7a390408fb1be9", "url": "https://git.kernel.org/stable/c/e37ca0092ddace60833790b4ad7a390408fb1be9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f09cd209359a23f88d4f3fa3d2379d057027e53c", "url": "https://git.kernel.org/stable/c/f09cd209359a23f88d4f3fa3d2379d057027e53c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/feb474ddbf26b51f462ae2e60a12013bdcfc5407", "url": "https://git.kernel.org/stable/c/feb474ddbf26b51f462ae2e60a12013bdcfc5407" } ], "release_date": "2025-11-12T11:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68340", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: Move team device type change at the end of team_port_add\n\nAttempting to add a port device that is already up will expectedly fail,\nbut not before modifying the team device header_ops.\n\nIn the case of the syzbot reproducer the gre0 device is\nalready in state UP when it attempts to add it as a\nport device of team0, this fails but before that\nheader_ops->create of team0 is changed from eth_header to ipgre_header\nin the call to team_dev_type_check_change.\n\nLater when we end up in ipgre_header() struct ip_tunnel* points to nonsense\nas the private data of the device still holds a struct team.\n\nExample sequence of iproute2 commands to reproduce the hang/BUG():\nip link add dev team0 type team\nip link add dev gre0 type gre\nip link set dev gre0 up\nip link set dev gre0 master team0\nip link set dev team0 up\nping -I team0 1.1.1.1\n\nMove team_dev_type_check_change down where all other checks have passed\nas it changes the dev type with no way to restore it in case\none of the checks that follow it fail.\n\nAlso make sure to preserve the origial mtu assignment:\n - If port_dev is not the same type as dev, dev takes mtu from port_dev\n - If port_dev is the same type as dev, port_dev takes mtu from dev\n\nThis is done by adding a conditional before the call to dev_set_mtu\nto prevent it from assigning port_dev->mtu = dev->mtu and instead\nletting team_dev_type_check_change assign dev->mtu = port_dev->mtu.\nThe conditional is needed because the patch moves the call to\nteam_dev_type_check_change past dev_set_mtu.\n\nTesting:\n - team device driver in-tree selftests\n - Add/remove various devices as slaves of team device\n - syzbot", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68340" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0ae9cfc454ea5ead5f3ddbdfe2e70270d8e2c8ef", "url": "https://git.kernel.org/stable/c/0ae9cfc454ea5ead5f3ddbdfe2e70270d8e2c8ef" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4040b5e8963982a00aa821300cb746efc9f2947e", "url": "https://git.kernel.org/stable/c/4040b5e8963982a00aa821300cb746efc9f2947e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a74ab1b532ecc5f9106621a8f75b4c3d04466b35", "url": "https://git.kernel.org/stable/c/a74ab1b532ecc5f9106621a8f75b4c3d04466b35" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c8b15b0d2eec3b5c7f585e5a53dfc8d36c818283", "url": "https://git.kernel.org/stable/c/c8b15b0d2eec3b5c7f585e5a53dfc8d36c818283" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e26235840fd961e4ebe5568f11a2a078cf726663", "url": "https://git.kernel.org/stable/c/e26235840fd961e4ebe5568f11a2a078cf726663" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e3eed4f038214494af62c7d2d64749e5108ce6ca", "url": "https://git.kernel.org/stable/c/e3eed4f038214494af62c7d2d64749e5108ce6ca" } ], "release_date": "2025-12-23T14:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-68349", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nNFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid\nFixes a crash when layout is null during this call stack:\nwrite_inode\n-> nfs4_write_inode\n-> pnfs_layoutcommit_inode\npnfs_set_layoutcommit relies on the lseg refcount to keep the layout\naround. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt\nto reference a null layout.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68349" } ], "release_date": "2025-12-24T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39766", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit\n\nThe following setup can trigger a WARNING in htb_activate due to\nthe condition: !cl->leaf.q->q.qlen\n\ntc qdisc del dev lo root\ntc qdisc add dev lo root handle 1: htb default 1\ntc class add dev lo parent 1: classid 1:1 \\\n htb rate 64bit\ntc qdisc add dev lo parent 1:1 handle f: \\\n cake memlimit 1b\nping -I lo -f -c1 -s64 -W0.001 127.0.0.1\n\nThis is because the low memlimit leads to a low buffer_limit, which\ncauses packet dropping. However, cake_enqueue still returns\nNET_XMIT_SUCCESS, causing htb_enqueue to call htb_activate with an\nempty child qdisc. We should return NET_XMIT_CN when packets are\ndropped from the same tin and flow.\n\nI do not believe return value of NET_XMIT_CN is necessary for packet\ndrops in the case of ack filtering, as that is meant to optimize\nperformance, not to signal congestion.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39766" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0dacfc5372e314d1219f03e64dde3ab495a5a25e", "url": "https://git.kernel.org/stable/c/0dacfc5372e314d1219f03e64dde3ab495a5a25e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/15de71d06a400f7fdc15bf377a2552b0ec437cf5", "url": "https://git.kernel.org/stable/c/15de71d06a400f7fdc15bf377a2552b0ec437cf5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/62d591dde4defb1333d202410609c4ddeae060b3", "url": "https://git.kernel.org/stable/c/62d591dde4defb1333d202410609c4ddeae060b3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/710866fc0a64eafcb8bacd91bcb1329eb7e5035f", "url": "https://git.kernel.org/stable/c/710866fc0a64eafcb8bacd91bcb1329eb7e5035f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7689ab22de36f8db19095f6bdf11f28cfde92f5c", "url": "https://git.kernel.org/stable/c/7689ab22de36f8db19095f6bdf11f28cfde92f5c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/aa12ee1c1bd260943fd6ab556d8635811c332eeb", "url": "https://git.kernel.org/stable/c/aa12ee1c1bd260943fd6ab556d8635811c332eeb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/de04ddd2980b48caa8d7e24a7db2742917a8b280", "url": "https://git.kernel.org/stable/c/de04ddd2980b48caa8d7e24a7db2742917a8b280" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ff57186b2cc39766672c4c0332323933e5faaa88", "url": "https://git.kernel.org/stable/c/ff57186b2cc39766672c4c0332323933e5faaa88" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-11T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38212", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: fix to protect IPCS lookups using RCU\n\nsyzbot reported that it discovered a use-after-free vulnerability, [0]\n\n[0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/\n\nidr_for_each() is protected by rwsem, but this is not enough. If it is\nnot protected by RCU read-critical region, when idr_for_each() calls\nradix_tree_node_free() through call_rcu() to free the radix_tree_node\nstructure, the node will be freed immediately, and when reading the next\nnode in radix_tree_for_each_slot(), the already freed memory may be read.\n\nTherefore, we need to add code to make sure that idr_for_each() is\nprotected within the RCU read-critical region when we call it in\nshm_destroy_orphaned().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38212" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5180561afff8e0f029073c8c8117c95c6512d1f9", "url": "https://git.kernel.org/stable/c/5180561afff8e0f029073c8c8117c95c6512d1f9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5f1e1573bf103303944fd7225559de5d8297539c", "url": "https://git.kernel.org/stable/c/5f1e1573bf103303944fd7225559de5d8297539c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/68c173ea138b66d7dd1fd980c9bc578a18e11884", "url": "https://git.kernel.org/stable/c/68c173ea138b66d7dd1fd980c9bc578a18e11884" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/74bc813d11c30e28fc5261dc877cca662ccfac68", "url": "https://git.kernel.org/stable/c/74bc813d11c30e28fc5261dc877cca662ccfac68" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/78297d53d3878d43c1d627d20cd09f611fa4b91d", "url": "https://git.kernel.org/stable/c/78297d53d3878d43c1d627d20cd09f611fa4b91d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b0b6bf90ce2699a574b3683e22c44d0dcdd7a057", "url": "https://git.kernel.org/stable/c/b0b6bf90ce2699a574b3683e22c44d0dcdd7a057" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b968ba8bfd9f90914957bbbd815413bf6a98eca7", "url": "https://git.kernel.org/stable/c/b968ba8bfd9f90914957bbbd815413bf6a98eca7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d66adabe91803ef34a8b90613c81267b5ded1472", "url": "https://git.kernel.org/stable/c/d66adabe91803ef34a8b90613c81267b5ded1472" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-07-04T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40240", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nsctp: avoid NULL dereference when chunk data buffer is missing\nchunk->skb pointer is dereferenced in the if-block where it's supposed\nto be NULL only.\nchunk->skb can only be NULL if chunk->head_skb is not. Check for frag_list\ninstead and do it just before replacing chunk->skb. We're sure that\notherwise chunk->skb is non-NULL because of outer if() condition.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40240" } ], "release_date": "2025-12-04T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-03T14:00:10.013497Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807", "product_ids": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1775224807" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-buildinfo-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-cloud-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-doc-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.all", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-headers-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-image-unsigned-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-libc-dev-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-modules-extra-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-source-5.4.0-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-generic-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-5.4.0-226-tuxcare.els8-lowlatency-0:5.4.0-226.246.amd64", "Ubuntu-20:linux-tools-common-0:5.4.0-226.246.all", "Ubuntu-20:linux-tools-host-0:5.4.0-226.246.all" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }