SB2026033143 - Ubuntu update for linux-azure-fips

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Improper locking (CVE-ID: CVE-2025-40215)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __xfrm_state_destroy(), __xfrm_state_delete(), xfrm_state_flush(), xfrm_flush_gc() and xfrm_state_fini() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.

2) Buffer overflow (CVE-ID: CVE-2025-21780)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the smu_sys_set_pp_table() function in drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c. A local user can escalate privileges on the system.

3) Use-after-free (CVE-ID: CVE-2024-56640)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smc_listen_out() and smc_listen_work() functions in net/smc/af_smc.c. A local user can escalate privileges on the system.

4) Resource management error (CVE-ID: CVE-2024-49927)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ioapic_mask_entry(), __remove_pin_from_irq(), alloc_isa_irq_from_domain() and mp_irqdomain_alloc() functions in arch/x86/kernel/apic/io_apic.c. A local user can perform a denial of service (DoS) attack.

5) Buffer overflow (CVE-ID: CVE-2022-49267)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error caused by usage of sprintf() function in drivers/mmc/core/bus.c, drivers/mmc/core/sdio.c, drivers/mmc/core/sdio_bus.c, drivers/mmc/core/sd.c, and drivers/mmc/core/mmc.c files. A local user can trigger memory corruption and execute arbitrary code on the target system.

6) NULL pointer dereference (CVE-ID: CVE-2022-49072)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gpiochip_to_irq() and gpiochip_add_irqchip() functions in drivers/gpio/gpiolib.c. A local user can perform a denial of service (DoS) attack.

7) Improper error handling (CVE-ID: CVE-2022-48875)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the drv_ampdu_action() function in net/mac80211/driver-ops.c, within the ieee80211_tx_ba_session_handle_start() function in net/mac80211/agg-tx.c. A local user can perform a denial of service (DoS) attack.

8) Double free (CVE-ID: CVE-2021-47599)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the btrfs_unfreeze() function in fs/btrfs/super.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-8098-8