LSN-0117-1

Project Discussion Kernel LSN
, ,
1

Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 24.04 LTS
  • Ubuntu 22.04 LTS

Summary

Several security issues were fixed in the kernel.

Software Description

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-ibm - Linux kernel for IBM cloud systems
  • linux-oracle - Linux kernel for Oracle Cloud systems

Details

In the Linux kernel, the following vulnerability has been
resolved: e100: Fix possible use after free in e100_xmit_prepare In
e100_xmit_prepare(), if we can’t map the skb, then return -ENOMEM, so
e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will
resend the skb. (CVE-2022-49026)

In the Linux kernel, the following vulnerability has been
resolved: macsec: fix UAF bug for real_dev Create a new macsec device but
not get reference to real_dev. (CVE-2022-49390)

In the Linux kernel, the following vulnerability has been
resolved: wifi: ath12k: fix firmware crash due to invalid peer nss
Currently, if the access point receives an association request containing
an Extended HE Capabilities Information Element with an invalid MCS-NSS, it
triggers a firmware crash. (CVE-2024-46827)

In the Linux kernel, the following vulnerability has been
resolved: drm/xe/oa: Fix overflow in oa batch buffer By default
xe_bb_create_job() appends a MI_BATCH_BUFFER_END to batch buffer, this is
not a problem if batch buffer is only used once but oa reuses the batch
buffer for the same metric and at each call it appends a
MI_BATCH_BUFFER_END, printing the warning below and then overflowing.
(CVE-2024-50090)

In the Linux kernel, the following vulnerability has been
resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update() @ses
is initialized to NULL. (CVE-2024-53217)

In the Linux kernel, the following vulnerability has been
resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
Explicitly verify the target vCPU is fully online prior to clamping the
index in kvm_get_vcpu(). (CVE-2024-58083)

In the Linux kernel, the following vulnerability has been
resolved: sched: sch_cake: add bounds checks to host bulk flow fairness
counts Even though we fixed a logic error in the commit cited below, syzbot
still managed to trigger an underflow of the per-host bulk flow counters,
leading to an out of bounds memory access. (CVE-2025-21647)

In the Linux kernel, the following vulnerability has been
resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan
g1042620637@gmail.com found that ets_class_from_arg() can index an Out-
Of-Bound class in ets_class_from_arg() when passed clid of 0.
(CVE-2025-21692)

In the Linux kernel, the following vulnerability has been
resolved: usb: cdc-acm: Check control transfer buffer size before access If
the first fragment is shorter than struct usb_cdc_notification, we can’t
calculate an expected_size. (CVE-2025-21704)

In the Linux kernel, the following vulnerability has been
resolved: net: davicom: fix UAF in dm9000_drv_remove dm is netdev private
data and it cannot be used after free_netdev() call. (CVE-2025-21715)

In the Linux kernel, the following vulnerability has been
resolved: exfat: fix random stack corruption after get_block When get_block
is called with a buffer_head allocated on the stack, such as
do_mpage_readpage, stack corruption due to buffer_head UAF may occur in the
following race condition situation. (CVE-2025-22036)

Update instructions

The problem can be corrected by updating your kernel livepatch to the following
versions:

Ubuntu 20.04 LTS

  • aws - 117.4
  • aws - 117.5
  • azure - 117.5
  • gcp - 117.5
  • generic - 117.4
  • generic - 117.5
  • ibm - 117.5
  • lowlatency - 117.4
  • lowlatency - 117.5
  • oracle - 117.5

Ubuntu 18.04 LTS

  • aws - 117.4
  • azure - 117.4
  • gcp - 117.4
  • generic - 117.4
  • lowlatency - 117.4
  • oracle - 117.4

Ubuntu 24.04 LTS

  • aws - 117.4
  • azure - 117.4
  • gcp - 117.4
  • generic - 117.4
  • ibm - 117.4
  • oracle - 117.4

Ubuntu 22.04 LTS

  • aws - 117.5
  • azure - 117.5
  • gcp - 117.5
  • gcp - 117.6
  • generic - 117.5
  • generic - 117.6
  • oracle - 117.5
  • oracle - 117.6

Support Information

Livepatches for supported LTS kernels will receive upgrades for
a period of up to 13 months after the build date of the kernel.

Livepatches for supported HWE kernels which are not based on
an LTS kernel version will receive upgrades for a period of
up to 9 months after the build date of the kernel, or until the end
of support for that kernel’s non-LTS distro release version,
whichever is sooner.

References