SB2025121558 - Ubuntu update for linux
Published: December 15, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2025-40018)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __ip_vs_ftp_exit() and ip_vs_ftp_init() functions in net/netfilter/ipvs/ip_vs_ftp.c. A local user can escalate privileges on the system.
2) Input validation error (CVE-ID: CVE-2025-39964)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/crypto/if_alg.h. A local user can perform a denial of service (DoS) attack.
3) Use-after-free (CVE-ID: CVE-2025-38666)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the DEFINE_RWLOCK(), __aarp_expire(), aarp_purge() and aarp_proxy_probe_network() functions in net/appletalk/aarp.c. A local user can escalate privileges on the system.
4) Use-after-free (CVE-ID: CVE-2025-21855)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmvnic_xmit() and netif_stop_subqueue() functions in drivers/net/ethernet/ibm/ibmvnic.c. A local user can escalate privileges on the system.
5) Improper locking (CVE-ID: CVE-2025-21811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_lookup_dirty_data_buffers() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
6) Use-after-free (CVE-ID: CVE-2025-21722)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_clear_dirty_pages() and nilfs_clear_folio_dirty() functions in fs/nilfs2/page.c. A local user can escalate privileges on the system.
7) Use-after-free (CVE-ID: CVE-2025-21715)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dm9000_drv_remove() function in drivers/net/ethernet/davicom/dm9000.c. A local user can escalate privileges on the system.
8) NULL pointer dereference (CVE-ID: CVE-2024-53217)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfsd4_process_cb_update() function in fs/nfsd/nfs4callback.c. A local user can perform a denial of service (DoS) attack.
9) Improper locking (CVE-ID: CVE-2024-53112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_commit_trans() function in fs/ocfs2/resize.c. A local user can perform a denial of service (DoS) attack.
10) Input validation error (CVE-ID: CVE-2024-50179)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.
11) Improper locking (CVE-ID: CVE-2024-50095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the retry_send() and timeout_sends() functions in drivers/infiniband/core/mad.c. A local user can perform a denial of service (DoS) attack.
12) Use-after-free (CVE-ID: CVE-2024-50067)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uprobe_buffer_init(), prepare_uprobe_buffer() and __uprobe_trace_func() functions in kernel/trace/trace_uprobe.c. A local user can escalate privileges on the system.
13) Race condition (CVE-ID: CVE-2024-49935)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the exit_round_robin() function in drivers/acpi/acpi_pad.c. A local user can perform a denial of service (DoS) attack.
14) Double free (CVE-ID: CVE-2022-49026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the e100_xmit_prepare() function in drivers/net/ethernet/intel/e100.c. A local user can perform a denial of service (DoS) attack.
15) Use-after-free (CVE-ID: CVE-2021-47634)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vol_attribute_show() function in drivers/mtd/ubi/vmt.c, within the dev_attribute_show(), ubi_attach_mtd_dev() and uif_close() functions in drivers/mtd/ubi/build.c. A local user can escalate privileges on the system.
16) NULL pointer dereference (CVE-ID: CVE-2021-47385)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the w83792d_detect_subclients() function in drivers/hwmon/w83792d.c. A local user can perform a denial of service (DoS) attack.
17) NULL pointer dereference (CVE-ID: CVE-2021-47269)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_wIndex_to_dep() function in drivers/usb/dwc3/ep0.c. A local user can perform a denial of service (DoS) attack.
18) Improper locking (CVE-ID: CVE-2021-47146)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mld_newpack() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.