SB2025052914 - Ubuntu update for linux-lts-xenial
Published: May 29, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 32 secuirty vulnerabilities.
1) Race condition (CVE-ID: CVE-2022-23041)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a race condition in blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls ring buffers. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.
2) Incorrect calculation (CVE-ID: CVE-2025-21971)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the tc_ctl_tclass() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
3) Resource management error (CVE-ID: CVE-2024-56770)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tfifo_reset(), tfifo_enqueue(), netem_enqueue() and netem_dequeue() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.
4) Out-of-bounds read (CVE-ID: CVE-2024-56650)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the led_tg_check() function in net/netfilter/xt_LED.c. A local user can perform a denial of service (DoS) attack.
5) Use-after-free (CVE-ID: CVE-2024-56642)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cleanup_bearer() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
6) Use-after-free (CVE-ID: CVE-2024-56631)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sg_release() function in drivers/scsi/sg.c. A local user can escalate privileges on the system.
7) Out-of-bounds read (CVE-ID: CVE-2024-56598)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dtReadFirst() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
8) Use-after-free (CVE-ID: CVE-2024-53173)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_open_release() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
9) Double free (CVE-ID: CVE-2024-53140)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the netlink_skb_set_owner_r(), netlink_sock_destruct(), deferred_put_nlk_sk() and netlink_release() functions in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
10) Use of uninitialized resource (CVE-ID: CVE-2024-53066)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
11) Resource management error (CVE-ID: CVE-2024-53063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the DECLARE_RWSEM() and dvb_register_device() functions in drivers/media/dvb-core/dvbdev.c. A local user can perform a denial of service (DoS) attack.
12) Improper error handling (CVE-ID: CVE-2024-50256)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nf_reject6_fill_skb_dst() and nf_send_reset6() functions in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.
13) Use of uninitialized resource (CVE-ID: CVE-2024-50237)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.
14) NULL pointer dereference (CVE-ID: CVE-2024-49944)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_listen_start() function in net/sctp/socket.c. A local user can perform a denial of service (DoS) attack.
15) Buffer overflow (CVE-ID: CVE-2024-46780)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.
16) Memory leak (CVE-ID: CVE-2024-46771)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
17) Out-of-bounds read (CVE-ID: CVE-2024-36934)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.
18) Use-after-free (CVE-ID: CVE-2024-35864)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_valid_lease_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
19) Use-after-free (CVE-ID: CVE-2024-26996)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ncm_set_alt() and ncm_disable() functions in drivers/usb/gadget/function/f_ncm.c. A local user can escalate privileges on the system.
20) Use-after-free (CVE-ID: CVE-2024-26974)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can escalate privileges on the system.
21) Buffer overflow (CVE-ID: CVE-2024-26915)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the vega20_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/vega20_ih.c, within the vega10_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/vega10_ih.c, within the tonga_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/tonga_ih.c, within the si_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/si_ih.c, within the navi10_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/navi10_ih.c, within the iceland_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/iceland_ih.c, within the cz_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/cz_ih.c, within the cik_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/cik_ih.c. A local user can escalate privileges on the system.
22) Use-after-free (CVE-ID: CVE-2024-26689)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __prep_cap() and __send_cap() functions in fs/ceph/caps.c. A local user can escalate privileges on the system.
23) Use-after-free (CVE-ID: CVE-2023-52741)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uncached_fill_pages() and readpages_fill_pages() functions in fs/cifs/file.c. A local user can escalate privileges on the system.
24) Improper locking (CVE-ID: CVE-2021-47587)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tdma_port_write_desc_addr() and bcm_sysport_open() functions in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.
25) Use-after-free (CVE-ID: CVE-2021-47506)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hash_delegation_locked(), unhash_delegation_locked() and nfsd4_cb_recall_prepare() functions in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.
26) Use-after-free (CVE-ID: CVE-2021-47500)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mma8452_trigger_setup() function in drivers/iio/accel/mma8452.c. A local user can escalate privileges on the system.
27) Out-of-bounds read (CVE-ID: CVE-2021-47245)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the synproxy_parse_options() function in net/netfilter/nf_synproxy_core.c. A local user can perform a denial of service (DoS) attack.
28) Out-of-bounds read (CVE-ID: CVE-2021-47219)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the resp_report_tgtpgs() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
29) Out-of-bounds read (CVE-ID: CVE-2021-47191)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the resp_readcap16() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
30) Race condition (CVE-ID: CVE-2021-47163)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the cleanup_bearer() and tipc_udp_disable() functions in net/tipc/udp_media.c, within the tipc_exit_net() function in net/tipc/core.c. A local user can perform a denial of service (DoS) attack.
31) Memory leak (CVE-ID: CVE-2021-47150)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fec_enet_init() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
32) Use-after-free (CVE-ID: CVE-2021-46959)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the devm_spi_alloc_master(), devm_spi_register_master() and spi_unregister_master() functions in drivers/spi/spi.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.