SB2025071022 - Ubuntu update for linux-aws-fips
Published: July 10, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2025-38000)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
2) Resource management error (CVE-ID: CVE-2025-37932)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the htb_qlen_notify() function in net/sched/sch_htb.c. A local user can perform a denial of service (DoS) attack.
3) Input validation error (CVE-ID: CVE-2025-37798)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qdisc_bstats_update() function in net/sched/sch_fq_codel.c, within the codel_qdisc_dequeue() function in net/sched/sch_codel.c. A local user can perform a denial of service (DoS) attack.
4) Out-of-bounds read (CVE-ID: CVE-2024-56662)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the acpi_nfit_ctl() function in drivers/acpi/nfit/core.c. A local user can perform a denial of service (DoS) attack.
5) Out-of-bounds write (CVE-ID: CVE-2024-53197)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
The vulnerability allows a local user to compromise the affected system.
The vulnerability exists due to an out-of-bounds write error within the snd_usb_create_quirk(), snd_usb_extigy_boot_quirk(), mbox2_setup_48_24_magic() and snd_usb_mbox2_boot_quirk() functions in sound/usb/quirks.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited against Android devices.
6) Improper error handling (CVE-ID: CVE-2024-50116)
CWE-ID: CWE-388 - Error Handling
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_forget_buffer() and nilfs_clear_dirty_page() functions in fs/nilfs2/page.c. A local user can perform a denial of service (DoS) attack.
7) Input validation error (CVE-ID: CVE-2024-49958)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_reflink_xattr_inline() function in fs/ocfs2/xattr.c, within the __ocfs2_reflink() function in fs/ocfs2/refcounttree.c. A local user can perform a denial of service (DoS) attack.
8) Improper locking (CVE-ID: CVE-2024-46787)
CWE-ID: CWE-667 - Improper Locking
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmdp_get_lockless() function in mm/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
9) Use-after-free (CVE-ID: CVE-2024-41070)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_spapr_tce_attach_iommu_group() function in arch/powerpc/kvm/book3s_64_vio.c. A local user can escalate privileges on the system.
10) Use-after-free (CVE-ID: CVE-2022-49179)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_bfqq_move() function in block/bfq-cgroup.c. A local user can escalate privileges on the system.
11) Use-after-free (CVE-ID: CVE-2022-49176)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bfq_dispatch_request() function in block/bfq-iosched.c. A local user can escalate privileges on the system.
12) Use-after-free (CVE-ID: CVE-2021-47379)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the spin_lock_irq() and blkcg_deactivate_policy() functions in block/blk-cgroup.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.