SB2025030553 - Ubuntu update for linux 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025030553

SB2025030553 - Ubuntu update for linux

Published: March 5, 2025 Updated: March 12, 2025

Security Bulletin ID SB2025030553
Severity
High
Patch available
YES
Number of vulnerabilities 36
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 8% Low 92%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 36 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2022-48994)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the EXPORT_SYMBOL() and snd_seq_expand_var_event() functions in sound/core/seq/seq_memory.c. A local user can perform a denial of service (DoS) attack.


2) Use-after-free (CVE-ID: CVE-2024-43900)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the load_firmware_cb() function in drivers/media/tuners/xc2028.c. A local user can escalate privileges on the system.


3) Improper locking (CVE-ID: CVE-2024-40943)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.


4) Improper locking (CVE-ID: CVE-2024-41063)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.


5) Type Confusion (CVE-ID: CVE-2024-42070)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a type confusion error within the nft_lookup_init() function in net/netfilter/nft_lookup.c, within the nf_tables_fill_setelem() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can pass specially crafted data to the packet filtering to trigger a type confusion error and gain access to sensitive information.


6) Input validation error (CVE-ID: CVE-2024-38567)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.


7) Improper privilege management (CVE-ID: CVE-2024-36964)

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.


8) Resource management error (CVE-ID: CVE-2023-52522)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the neigh_periodic_work() function in net/core/neighbour.c. A local user can  perform a denial of service (DoS) attack.


9) Out-of-bounds read (CVE-ID: CVE-2024-53156)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the htc_connect_service() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.


10) Out-of-bounds write (CVE-ID: CVE-2024-53104)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.


11) Memory leak (CVE-ID: CVE-2024-43854)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.


12) Incorrect calculation (CVE-ID: CVE-2024-42068)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the jit_subprogs() function in kernel/bpf/verifier.c, within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.


13) Out-of-bounds read (CVE-ID: CVE-2023-52818)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/include/pptable.h, drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.


14) Memory leak (CVE-ID: CVE-2024-44931)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gpiochip_get_desc() function in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.


15) Use-after-free (CVE-ID: CVE-2021-47103)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the inet6_sk_rx_dst_set(), tcp_v6_do_rcv() and tcp_v6_early_demux() functions in net/ipv6/tcp_ipv6.c, within the udp_sk_rx_dst_set(), __udp4_lib_rcv() and udp_v4_early_demux() functions in net/ipv4/udp.c, within the tcp_v4_do_rcv(), tcp_v4_early_demux(), tcp_prequeue() and inet_sk_rx_dst_set() functions in net/ipv4/tcp_ipv4.c, within the tcp_rcv_established() function in net/ipv4/tcp_input.c, within the tcp_disconnect() function in net/ipv4/tcp.c, within the inet_sock_destruct() function in net/ipv4/af_inet.c. A local user can send specially crafted packets to the system, trigger a use-after-free error and potentially execute arbitrary code.


16) Out-of-bounds read (CVE-ID: CVE-2023-52799)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl(), dbFindCtl(), dbAllocDmapLev(), dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.


17) Improper locking (CVE-ID: CVE-2024-43893)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.


18) Use-after-free (CVE-ID: CVE-2024-36886)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.


19) Out-of-bounds read (CVE-ID: CVE-2024-49902)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() and dbFindLeaf() functions in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.


20) Race condition (CVE-ID: CVE-2024-36952)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.


21) NULL pointer dereference (CVE-ID: CVE-2024-40911)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cfg80211_get_station() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.


22) Input validation error (CVE-ID: CVE-2023-52488)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sc16is7xx_fifo_read(), sc16is7xx_fifo_write() and sc16is7xx_regmap_precious() functions in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.


23) Out-of-bounds read (CVE-ID: CVE-2024-35896)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.


24) NULL pointer dereference (CVE-ID: CVE-2024-50117)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_atif_call() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c. A local user can perform a denial of service (DoS) attack.


25) Memory leak (CVE-ID: CVE-2024-50171)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm_sysport_xmit() function in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.


26) Improper locking (CVE-ID: CVE-2021-47606)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the netlink_sendmsg() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.


27) Memory leak (CVE-ID: CVE-2024-40910)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ax25_accept() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.


28) Race condition (CVE-ID: CVE-2024-43892)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.


29) Resource management error (CVE-ID: CVE-2024-50148)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnep_init() function in net/bluetooth/bnep/core.c. A local user can perform a denial of service (DoS) attack.


30) Improper locking (CVE-ID: CVE-2024-41064)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.


31) Out-of-bounds read (CVE-ID: CVE-2024-44938)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbDiscardAG() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.


32) Division by zero (CVE-ID: CVE-2024-50233)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the ad9832_calc_freqreg() function in drivers/staging/iio/frequency/ad9832.c. A local user can perform a denial of service (DoS) attack.


33) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-52880)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.


34) Improper locking (CVE-ID: CVE-2024-43863)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vmw_fence_obj_destroy(), vmw_fence_obj_init() and vmw_fence_goal_new_locked() functions in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.


35) Race condition (CVE-ID: CVE-2024-26685)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the nilfs_segctor_prepare_write(), nilfs_abort_logs() and nilfs_segctor_complete_write() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.


36) Improper locking (CVE-ID: CVE-2024-40981)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the batadv_purge_orig_ref() function in net/batman-adv/originator.c. A local user can perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References