SB2025082011 - Ubuntu update for linux

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025082011

SB2025082011 - Ubuntu update for linux

Published: August 20, 2025

Security Bulletin ID SB2025082011
Severity
Low
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Race condition (CVE-ID: CVE-2025-38083)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the prio_tune() function in net/sched/sch_prio.c. A local user can escalate privileges on the system.


2) Input validation error (CVE-ID: CVE-2025-37797)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hfsc_change_class() function in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.


3) Use-after-free (CVE-ID: CVE-2024-50073)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.


4) Use-after-free (CVE-ID: CVE-2024-49950)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_connect_req() function in net/bluetooth/l2cap_core.c, within the hci_remote_features_evt() function in net/bluetooth/hci_event.c, within the hci_acldata_packet() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.


5) Buffer overflow (CVE-ID: CVE-2024-38541)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.


6) Use-after-free (CVE-ID: CVE-2023-52975)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() and iscsi_session_teardown() functions in drivers/scsi/libiscsi.c, within the iscsi_sw_tcp_session_destroy() function in drivers/scsi/iscsi_tcp.c. A local user can escalate privileges on the system.


7) Use-after-free (CVE-ID: CVE-2023-52757)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alloc_mid() function in fs/smb/client/transport.c, within the __smb2_handle_cancelled_cmd() function in fs/smb/client/smb2misc.c, within the cifs_compose_mount_options(), __release_mid() and cifs_get_tcon_super() functions in fs/smb/client/cifsproto.h. A local user can escalate privileges on the system.


Remediation

Install update from vendor's website.

References