SB2025103048 - Ubuntu update for linux

Security Bulletin ID SB2025103048

Severity

High

Patch available

YES

Number of vulnerabilities 11

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2025-40300)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vcpu_enter_guest() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.

2) Race condition (CVE-ID: CVE-2025-38352)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the run_posix_cpu_timers() function in kernel/time/posix-cpu-timers.c. A local user can escalate privileges on the system.

Note, the vulnerability is being actively exploited in the wild against Android devices.

3) Use-after-free (CVE-ID: CVE-2025-37838)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ssip_reset() function in drivers/hsi/clients/ssi_protocol.c. A local user can escalate privileges on the system.

4) Use-after-free (CVE-ID: CVE-2024-56767)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the at_xdmac_prep_dma_memset() function in drivers/dma/at_xdmac.c. A local user can escalate privileges on the system.

5) Out-of-bounds read (CVE-ID: CVE-2024-53150)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the DESC_LENGTH_CHECK(), validate_clock_source() and validate_clock_selector() functions in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.

6) Race condition within a thread (CVE-ID: CVE-2024-53124)

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to a data race within the tcp_v6_do_rcv() function in net/ipv6/tcp_ipv6.c, within the dccp_v6_do_rcv() function in net/dccp/ipv6.c. A local user can corrupt data.

7) Input validation error (CVE-ID: CVE-2024-50299)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sctp_sf_ootb() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.

8) Improper locking (CVE-ID: CVE-2024-50006)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_ind_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.

9) Memory leak (CVE-ID: CVE-2024-41006)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nr_heartbeat_expiry() function in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.

10) NULL pointer dereference (CVE-ID: CVE-2023-52650)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.

11) NULL pointer dereference (CVE-ID: CVE-2023-52574)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://ubuntu.com/security/notices/USN-7853-1