CLSA-2025-1758010922
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2025-1758010922.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CLSA-2025-1758010922
- Upstream
- Published
- 2025-09-16T08:22:06Z
- Modified
- 2026-06-04T10:04:50.922405057Z
- Summary
- Fix of 51 CVEs
- Details
-
- CVE-url: https://ubuntu.com/security/CVE-2025-38000
- schhfsc: Fix qlen accounting bug when using peek in hfscenqueue()
- CVE-url: https://ubuntu.com/security/CVE-2024-57996 // CVE-url:
https://ubuntu.com/security/CVE-2025-37752
- netsched: schsfq: move the limit validation
- Focal update: v5.4.285 upstream stable release (LP: #2089233) //
CVE-2024-50202 // CVE-url: https://ubuntu.com/security/CVE-2024-50202
- nilfs2: propagate directory read errors from nilfsfindentry()
- Focal update: v5.4.279 upstream stable release (LP: #2073621) // CVE-url:
https://ubuntu.com/security/CVE-2024-50202
- nilfs2: Remove check for PageError
- nilfs2: return the mapped address from nilfsgetpage()
- Focal update: v5.4.287 upstream stable release (LP: #2095145) // CVE-url:
https://ubuntu.com/security/CVE-2024-53131
- nilfs2: fix null-ptr-deref in blocktouchbuffer tracepoint
- Focal update: v5.4.287 upstream stable release (LP: #2095145) // CVE-url:
https://ubuntu.com/security/CVE-2024-53130
- nilfs2: fix null-ptr-deref in blockdirtybuffer tracepoint
- CVE-url: https://ubuntu.com/security/CVE-2022-49179
- block, bfq: don't move oom_bfqq
- CVE-url: https://ubuntu.com/security/CVE-2022-49176
- bfq: fix use-after-free in bfqdispatchrequest
- CVE-url: https://ubuntu.com/security/CVE-2025-21956
- drm/amd/display: Assign normalizedpixclk when color depth = 14
- CVE-url: https://ubuntu.com/security/CVE-2025-21992
- HID: ignore non-functional sensor in HP 5MP Camera
- CVE-url: https://ubuntu.com/security/CVE-2025-22021
- netfilter: socket: Lookup orig tuple for IPv6 SNAT
- CVE-url: https://ubuntu.com/security/CVE-2025-22073
- spufs: fix a leak on spufsnewfile() failure
- CVE-url: https://ubuntu.com/security/CVE-2025-22079
- ocfs2: validate ltreedepth to avoid out-of-bounds access
- CVE-url: https://ubuntu.com/security/CVE-2025-22086
- RDMA/mlx5: Fix mlx5pollone() cur_qp update flow
- CVE-url: https://ubuntu.com/security/CVE-2025-21722
- nilfs2: do not force clear folio if buffer is referenced
- CVE-url: https://ubuntu.com/security/CVE-2025-22018
- atm: Fix NULL pointer dereference
- CVE-url: https://ubuntu.com/security/CVE-2024-58071
- team: prevent adding a device which is already a team device lower
- CVE-url: https://ubuntu.com/security/CVE-2024-58063
- wifi: rtlwifi: fix memory leaks and invalid access at probe error path
- CVE-url: https://ubuntu.com/security/CVE-2024-58052
- drm/amdgpu: Fix potential NULL pointer dereference in atomctrlgetsmcsclkrange_table
- CVE-url: https://ubuntu.com/security/CVE-2024-58058
- ubifs: skip dumping tnc tree when zroot is null
- CVE-url: https://ubuntu.com/security/CVE-2025-21859
- USB: gadget: fmidi: fmidicomplete to call queuework
- CVE-url: https://ubuntu.com/security/CVE-2025-21640
- sctp: sysctl: cookiehmacalg: avoid using current->nsproxy
- CVE-url: https://ubuntu.com/security/CVE-2024-57922
- drm/amd/display: Add check for granularity in dml ceil/floor helpers
- CVE-url: https://ubuntu.com/security/CVE-2024-57913
- usb: gadget: ffs: Remove WARNON in functionfs_bind
- CVE-url: https://ubuntu.com/security/CVE-2025-21638
- sctp: sysctl: auth_enable: avoid using current->nsproxy
- CVE-url: https://ubuntu.com/security/CVE-2024-50195
- posix-clock: Fix missing timespec64 check in pcclocksettime()
- CVE-url: https://ubuntu.com/security/CVE-2024-50299
- sctp: properly validate chunk size in sctpsfootb()
- CVE-url: https://ubuntu.com/security/CVE-2024-50273
- btrfs: reinitialize delayed ref list after deleting it from the list
- CVE-url: https://ubuntu.com/security/CVE-2024-41016
- ocfs2: strict bound check before memcmp in ocfs2xattrfind_entry()
- CVE-url: https://ubuntu.com/security/CVE-2024-50287
- media: v4l2-tpg: prevent the risk of a division by zero
- CVE-url: https://ubuntu.com/security/CVE-2024-49965
- ocfs2: remove unreasonable unlock in ocfs2readblocks
- CVE-url: https://ubuntu.com/security/CVE-2024-50179
- ceph: remove the incorrect Fw reference check when dirtying pages
- CVE-url: https://ubuntu.com/security/CVE-2024-40953
- KVM: Fix a data race on lastboostedvcpu in kvmvcpuon_spin()
- CVE-url: https://ubuntu.com/security/CVE-2024-50290
- media: cx24116: prevent overflows on SNR calculus
- CVE-url: https://ubuntu.com/security/CVE-2024-49877
- ocfs2: fix possible null-ptr-deref in ocfs2setbuffer_uptodate
- CVE-url: https://ubuntu.com/security/CVE-2024-49938
- wifi: ath9k_htc: Use __skbsetlength() for resetting urb before resubmit
- CVE-url: https://ubuntu.com/security/CVE-2024-50008
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiexcmd80211scan_ext()
- CVE-url: https://ubuntu.com/security/CVE-2024-47672
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
- CVE-url: https://ubuntu.com/security/CVE-2024-49959
- jbd2: stop waiting for space when jbd2cleanupjournal_tail() returns error
- CVE-url: https://ubuntu.com/security/CVE-2024-49963
- mailbox: bcm2835: Fix timeout during suspend mode
- CVE-url: https://ubuntu.com/security/CVE-2024-47709
- can: bcm: Clear bo->bcmprocread after removeprocentry().
- CVE-url: https://ubuntu.com/security/CVE-2025-21699
- gfs2: Truncate address space when flipping GFS2DIFJDATA flag
- CVE-url: https://ubuntu.com/security/CVE-2025-21689
- USB: serial: quatech2: fix null-ptr-deref in qt2processread_urb()
- CVE-url: https://ubuntu.com/security/CVE-2024-38544
- RDMA/rxe: Fix seg fault in rxecompqueue_pkt
- CVE-url: https://ubuntu.com/security/CVE-2024-50251
- netfilter: nftpayload: sanitize offset and length before calling skbchecksum()
- CVE-url: https://ubuntu.com/security/CVE-2024-49949
- udp: add udp gso
- net: avoid potential underflow in qdiscpktlen_init() with UFO
- CVE-url: https://ubuntu.com/security/CVE-2024-53101
- fs: Fix uninitialized value issue in fromkuid and fromkgid
- CVE-url: https://ubuntu.com/security/CVE-2023-52975
- scsi: iscsi: Move pool freeing
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
- Focal update: v5.4.287 upstream stable release (LP: #2095145) // CVE-url:
https://ubuntu.com/security/CVE-2024-56748
- scsi: qedf: Fix a possible memory leak in qedfallocandinitsb()
- CVE-url: https://ubuntu.com/security/CVE-2025-37797
- net_sched: hfsc: Fix a UAF vulnerability in class handling
- CVE-url: https://ubuntu.com/security/CVE-2024-38541
- of: module: add buffer overflow check in of_modalias()
- Miscellaneous upstream changes
- fixup! UBUNTU: [Config] updateconfigs for NFSDFAULTINJECTION
- CVE-url: https://ubuntu.com/security/CVE-2025-38000
- References
Affected packages
TuxCare:Ubuntu:18.04
linux-buildinfo-4.15.0-251-tuxcare.els39-generic
linux-buildinfo-4.15.0-251-tuxcare.els39-lowlatency
linux-cloud-tools-4.15.0-251-tuxcare.els39
linux-cloud-tools-4.15.0-251-tuxcare.els39-generic
linux-cloud-tools-4.15.0-251-tuxcare.els39-lowlatency
linux-cloud-tools-common
linux-doc
linux-headers-4.15.0-251-tuxcare.els39
linux-headers-4.15.0-251-tuxcare.els39-generic
linux-headers-4.15.0-251-tuxcare.els39-lowlatency
linux-image-unsigned-4.15.0-251-tuxcare.els39-generic
linux-image-unsigned-4.15.0-251-tuxcare.els39-lowlatency
Package
- Name
- linux-image-unsigned-4.15.0-251-tuxcare.els39-lowlatency
- Purl
- pkg:deb/tuxcare/linux-image-unsigned-4.15.0-251-tuxcare.els39-lowlatency?distro=ubuntu-18.04