[LSN-0114-1] Linux kernel vulnerability
[USN-7698-1] OpenLDAP vulnerabilities
[USN-7699-1] Linux kernel vulnerabilities
[LSN-0114-1] Linux kernel vulnerability
Linux kernel vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 14.04 LTS
Summary
Several security issues were fixed in the kernel.
Software Description
- linux - Linux kernel
- linux-aws - Linux kernel for Amazon Web Services (AWS) systems
- linux-azure - Linux kernel for Microsoft Azure Cloud systems
- linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke - Linux kernel for Google Container Engine (GKE) systems
- linux-ibm - Linux kernel for IBM cloud systems
- linux-oracle - Linux kernel for Oracle Cloud systems
Details
In the Linux kernel, the following vulnerability has been resolved: bfq:
fix use-after-free in bfq_dispatch_request KASAN reports a
use-after-free report when doing normal scsi-mq test. (CVE-2022-49176)
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: don’t move oom_bfqq Our test report a UAF.
(CVE-2022-49179)
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() When
l2cap_recv_frame() is invoked to receive data, and the cid is
L2CAP_CID_A2MP, if the channel does not exist, it will create a channel.
However, after a channel is created, the hold operation of the channel
is not performed. (CVE-2022-49909)
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener
svc_sock is freed, and before invoking svc_tcp_accept() for the
established child sock, there is a window that the newsock retaining a
freed listener svc_sock in sk_user_data which cloning from parent.
(CVE-2023-52885)
In the Linux kernel, the following vulnerability has been resolved:
ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin
mentioned in Link, in ext4_ext_insert_extent(), if the path is
reallocated in ext4_ext_create_new_leaf(), we’ll use the stale path and
cause UAF. (CVE-2024-49883)
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
devices A bogus device can provide a bNumConfigurations value that
exceeds the initial value used in usb_get_configuration for allocating
dev->config. (CVE-2024-53197)
In the Linux kernel, the following vulnerability has been resolved: ovl:
fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up The
issue was caused by dput(upper) being called before
ovl_dentry_update_reval(), while upper->d_flags was still accessed in
ovl_dentry_remote(). (CVE-2025-21887)
In the Linux kernel, the following vulnerability has been resolved:
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the
erdma_cep_put(new_cep) being called, new_cep will be freed, and the
following dereference will cause a UAF problem. (CVE-2025-22088)
Update instructions
The problem can be corrected by updating your kernel livepatch to the
following versions:
Ubuntu 20.04 LTS
aws - 114.1
azure - 114.1
gcp - 114.1
generic - 114.1
ibm - 114.1
lowlatency - 114.1
oracle - 114.1
Ubuntu 18.04 LTS
aws - 114.1
azure - 114.1
gcp - 114.1
generic - 114.1
lowlatency - 114.1
oracle - 114.1
Ubuntu 24.04 LTS
aws - 114.1
azure - 114.1
gcp - 114.1
generic - 114.1
ibm - 114.1
oracle - 114.1
Ubuntu 16.04 LTS
aws - 114.1
azure - 114.1
gcp - 114.1
generic - 114.1
lowlatency - 114.1
Ubuntu 22.04 LTS
aws - 114.1
azure - 114.1
gcp - 114.1
generic - 114.1
gke - 114.1
ibm - 114.1
oracle - 114.1
Ubuntu 14.04 LTS
generic - 114.1
lowlatency - 114.1
Support Information
Livepatches for supported LTS kernels will receive upgrades for a period
of up to 13 months after the build date of the kernel.
Livepatches for supported HWE kernels which are not based on an LTS
kernel version will receive upgrades for a period of up to 9 months
after the build date of the kernel, or until the end of support for that
kernel’s non-LTS distro release version, whichever is sooner.
References
- CVE-2022-49176
- CVE-2022-49179
- CVE-2022-49909
- CVE-2023-52885
- CVE-2024-49883
- CVE-2024-53197
- CVE-2025-21887
- CVE-2025-22088
[USN-7698-1] OpenLDAP vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7698-1
August 17, 2025
openldap vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in OpenLDAP.
Software Description:
- openldap: Lightweight Directory Access Protocol
Details:
It was discovered that OpenLDAP incorrectly handled Certificate Exact
Assertion processing. A remote attacker could possibly use this issue to
cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36221)
It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing.
A remote attacker could use this issue to cause OpenLDAP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)
It was discovered that OpenLDAP incorrectly handled Return Filter control
handling. A remote attacker could use this issue to cause OpenLDAP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2020-36223)
It was discovered that OpenLDAP incorrectly handled certain cancel
operations. A remote attacker could possibly use this issue to cause
OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36227)
It was discovered that OpenLDAP incorrectly handled Certificate List
Extract Assertion processing. A remote attacker could possibly use this
issue to cause OpenLDAP to crash, resulting in a denial of service.
(CVE-2020-36228)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
slapd 2.4.31-1+nmu2ubuntu8.5+esm7
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7698-1
CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224,
CVE-2020-36225, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228
[USN-7699-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7699-1
August 18, 2025
linux, linux-aws, linux-aws-6.14, linux-gcp, linux-gcp-6.14, linux-oracle,
linux-oracle-6.14, linux-raspi, linux-realtime vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-realtime: Linux kernel for Real-time systems
- linux-aws-6.14: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-6.14: Linux kernel for Google Cloud Platform (GCP) systems
- linux-oracle-6.14: Linux kernel for Oracle Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- RISC-V architecture;
- x86 architecture;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- GPU drivers;
- HID subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- Input Device core drivers;
- Network drivers;
- Mellanox network drivers;
- PHY drivers;
- Voltage and Current Regulator drivers;
- VideoCore services drivers;
- USB Type-C Connector System Software Interface driver;
- Xen hypervisor drivers;
- EROFS file system;
- Network file system (NFS) client;
- File systems infrastructure;
- SMB network file system;
- Network traffic control;
- io_uring subsystem;
- Kernel command line parsing driver;
- Scheduler infrastructure;
- Memory management;
- Networking core;
- MAC80211 subsystem;
- Management Component Transport Protocol (MCTP);
- Netfilter;
- Open vSwitch;
- TLS protocol;
- Wireless networking;
- SOF drivers;
(CVE-2025-38011, CVE-2025-38095, CVE-2025-37967, CVE-2025-38012,
CVE-2025-38019, CVE-2025-37960, CVE-2025-37973, CVE-2025-37958,
CVE-2025-38094, CVE-2025-37963, CVE-2025-37955, CVE-2025-38014,
CVE-2025-38025, CVE-2025-37970, CVE-2025-37947, CVE-2025-37966,
CVE-2025-37948, CVE-2025-38013, CVE-2025-37957, CVE-2025-38028,
CVE-2025-37962, CVE-2025-38002, CVE-2025-37996, CVE-2025-37992,
CVE-2025-37969, CVE-2025-38009, CVE-2025-38027, CVE-2025-38020,
CVE-2025-38023, CVE-2025-38008, CVE-2025-38015, CVE-2025-37954,
CVE-2025-38007, CVE-2025-38005, CVE-2025-37956, CVE-2025-37965,
CVE-2025-37972, CVE-2025-38006, CVE-2025-37971, CVE-2025-38056,
CVE-2025-37968, CVE-2025-38024, CVE-2025-37951, CVE-2025-38016,
CVE-2025-38022, CVE-2025-37964, CVE-2025-37994, CVE-2025-37952,
CVE-2025-37998, CVE-2025-37993, CVE-2025-38018, CVE-2025-38010,
CVE-2025-37995, CVE-2025-38021, CVE-2025-37999, CVE-2025-37961,
CVE-2025-37959, CVE-2025-37950, CVE-2025-37949)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
linux-image-6.14.0-1010-realtime 6.14.0-1010.10
linux-image-6.14.0-1011-aws 6.14.0-1011.11
linux-image-6.14.0-1011-aws-64k 6.14.0-1011.11
linux-image-6.14.0-1011-oracle 6.14.0-1011.11
linux-image-6.14.0-1011-oracle-64k 6.14.0-1011.11
linux-image-6.14.0-1012-raspi 6.14.0-1012.12
linux-image-6.14.0-1014-gcp 6.14.0-1014.15
linux-image-6.14.0-1014-gcp-64k 6.14.0-1014.15
linux-image-6.14.0-28-generic 6.14.0-28.28
linux-image-6.14.0-28-generic-64k 6.14.0-28.28
linux-image-aws 6.14.0-1011.11
linux-image-aws-6.14 6.14.0-1011.11
linux-image-aws-64k 6.14.0-1011.11
linux-image-aws-64k-6.14 6.14.0-1011.11
linux-image-gcp 6.14.0-1014.15
linux-image-gcp-6.14 6.14.0-1014.15
linux-image-gcp-64k 6.14.0-1014.15
linux-image-gcp-64k-6.14 6.14.0-1014.15
linux-image-generic 6.14.0-28.28
linux-image-generic-6.14 6.14.0-28.28
linux-image-generic-64k 6.14.0-28.28
linux-image-generic-64k-6.14 6.14.0-28.28
linux-image-oem-24.04 6.14.0-28.28
linux-image-oem-24.04a 6.14.0-28.28
linux-image-oracle 6.14.0-1011.11
linux-image-oracle-6.14 6.14.0-1011.11
linux-image-oracle-64k 6.14.0-1011.11
linux-image-oracle-64k-6.14 6.14.0-1011.11
linux-image-raspi 6.14.0-1012.12
linux-image-raspi-6.14 6.14.0-1012.12
linux-image-realtime 6.14.0-1010.10
linux-image-realtime-6.14 6.14.0-1010.10
linux-image-virtual 6.14.0-28.28
linux-image-virtual-6.14 6.14.0-28.28
Ubuntu 24.04 LTS
linux-image-6.14.0-1011-aws 6.14.0-1011.11~24.04.1
linux-image-6.14.0-1011-aws-64k 6.14.0-1011.11~24.04.1
linux-image-6.14.0-1011-oracle 6.14.0-1011.11~24.04.1
linux-image-6.14.0-1011-oracle-64k 6.14.0-1011.11~24.04.1
linux-image-6.14.0-1014-gcp 6.14.0-1014.15~24.04.1
linux-image-6.14.0-1014-gcp-64k 6.14.0-1014.15~24.04.1
linux-image-aws 6.14.0-1011.11~24.04.1
linux-image-aws-6.14 6.14.0-1011.11~24.04.1
linux-image-aws-64k 6.14.0-1011.11~24.04.1
linux-image-aws-64k-6.14 6.14.0-1011.11~24.04.1
linux-image-gcp 6.14.0-1014.15~24.04.1
linux-image-gcp-6.14 6.14.0-1014.15~24.04.1
linux-image-gcp-64k 6.14.0-1014.15~24.04.1
linux-image-gcp-64k-6.14 6.14.0-1014.15~24.04.1
linux-image-oracle 6.14.0-1011.11~24.04.1
linux-image-oracle-6.14 6.14.0-1011.11~24.04.1
linux-image-oracle-64k 6.14.0-1011.11~24.04.1
linux-image-oracle-64k-6.14 6.14.0-1011.11~24.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7699-1
CVE-2025-37947, CVE-2025-37948, CVE-2025-37949, CVE-2025-37950,
CVE-2025-37951, CVE-2025-37952, CVE-2025-37954, CVE-2025-37955,
CVE-2025-37956, CVE-2025-37957, CVE-2025-37958, CVE-2025-37959,
CVE-2025-37960, CVE-2025-37961, CVE-2025-37962, CVE-2025-37963,
CVE-2025-37964, CVE-2025-37965, CVE-2025-37966, CVE-2025-37967,
CVE-2025-37968, CVE-2025-37969, CVE-2025-37970, CVE-2025-37971,
CVE-2025-37972, CVE-2025-37973, CVE-2025-37992, CVE-2025-37993,
CVE-2025-37994, CVE-2025-37995, CVE-2025-37996, CVE-2025-37998,
CVE-2025-37999, CVE-2025-38002, CVE-2025-38005, CVE-2025-38006,
CVE-2025-38007, CVE-2025-38008, CVE-2025-38009, CVE-2025-38010,
CVE-2025-38011, CVE-2025-38012, CVE-2025-38013, CVE-2025-38014,
CVE-2025-38015, CVE-2025-38016, CVE-2025-38018, CVE-2025-38019,
CVE-2025-38020, CVE-2025-38021, CVE-2025-38022, CVE-2025-38023,
CVE-2025-38024, CVE-2025-38025, CVE-2025-38027, CVE-2025-38028,
CVE-2025-38056, CVE-2025-38094, CVE-2025-38095
Package Information:
https://launchpad.net/ubuntu/+source/linux/6.14.0-28.28
https://launchpad.net/ubuntu/+source/linux-aws/6.14.0-1011.11
https://launchpad.net/ubuntu/+source/linux-gcp/6.14.0-1014.15
https://launchpad.net/ubuntu/+source/linux-oracle/6.14.0-1011.11
https://launchpad.net/ubuntu/+source/linux-raspi/6.14.0-1012.12
https://launchpad.net/ubuntu/+source/linux-realtime/6.14.0-1010.10
https://launchpad.net/ubuntu/+source/linux-aws-6.14/6.14.0-1011.11~24.04.1
https://launchpad.net/ubuntu/+source/linux-gcp-6.14/6.14.0-1014.15~24.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-6.14/6.14.0-1011.11~24.04.1
