CLSA-2024-1731603213
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2024-1731603213.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2024-1731603213
- Upstream
- Published
- 2024-11-14T16:53:39Z
- Modified
- 2026-06-04T10:03:51.920526752Z
- Summary
- Fix of 76 CVEs
- Details
-
- CVE-url: https://ubuntu.com/security/CVE-2024-44946
- kcm: Serialise kcm_sendmsg() for the same socket.
- CVE-url: https://ubuntu.com/security/CVE-2024-42292
- kobjectuevent: Fix OOB access within zapmodalias_env()
- CVE-url: https://ubuntu.com/security/CVE-2024-41042
- netfilter: nftables: prefer nftchain_validate
- CVE-url: https://ubuntu.com/security/CVE-2024-42265
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions
- CVE-url: https://ubuntu.com/security/CVE-2024-50036
- net: do not delay dstentriesadd() in dst_release()
- CVE-url: https://ubuntu.com/security/CVE-2024-47663
- staging: iio: frequency: ad9833: Load clock using clock framework
- staging: iio: frequency: ad9834: Validate frequency parameter value
- CVE-url: https://ubuntu.com/security/CVE-2024-47669
- nilfs2: fix state management in error path of log writing function
- CVE-url: https://ubuntu.com/security/CVE-2023-52918
- media: pci: cx23885: check cx23885vdevinit() return
- CVE-url: https://ubuntu.com/security/CVE-2024-44960
- usb: gadget: core: Check for unset descriptor
- CVE-url: https://ubuntu.com/security/CVE-2024-42297
- f2fs: fix to don't dirty inode for readonly filesystem
- CVE-url: https://ubuntu.com/security/CVE-2024-46750
- PCI: Add missing bridge lock to pcibuslock()
- CVE-url: https://ubuntu.com/security/CVE-2024-46676
- nfc: pn533: Add poll mod list filling check
- CVE-url: https://ubuntu.com/security/CVE-2024-46761
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
- CVE-url: https://ubuntu.com/security/CVE-2024-46755
- wifi: mwifiex: Do not return unused priv in mwifiexgetprivbyid()
- CVE-url: https://ubuntu.com/security/CVE-2024-46679
- ethtool: check device is present when getting link settings
- CVE-url: https://ubuntu.com/security/CVE-2024-46721
- apparmor: fix possible NULL pointer dereference
- CVE-url: https://ubuntu.com/security/CVE-2024-46685
- pinctrl: single: fix potential NULL dereference in pcsgetfunction()
- CVE-url: https://ubuntu.com/security/CVE-2024-44947
- fuse: Initialize beyond-EOF page contents before setting uptodate
- CVE-url: https://ubuntu.com/security/CVE-2024-46675
- usb: dwc3: core: Prevent USB core invalid event buffer address access
- CVE-url: https://ubuntu.com/security/CVE-2024-43893
- serial: core: check uartclk for zero to avoid divide by zero
- CVE-url: https://ubuntu.com/security/CVE-2024-45021
- memcgwriteevent_control(): fix a user-triggerable oops
- CVE-url: https://ubuntu.com/security/CVE-2024-46677
- gtp: fix a potential NULL pointer dereference
- CVE-url: https://ubuntu.com/security/CVE-2024-43861
- net: usb: qmi_wwan: fix memory leak for not ip packets
- CVE-url: https://ubuntu.com/security/CVE-2024-41063
- Bluetooth: hcicore: cancel all works upon hciunregister_dev()
- CVE-url: https://ubuntu.com/security/CVE-2024-45006
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
- CVE-url: https://ubuntu.com/security/CVE-2024-43853
- cgroup/cpuset: Prevent UAF in proccpusetshow()
- CVE-url: https://ubuntu.com/security/CVE-2024-42310
- drm/gma500: fix null pointer dereference in cdvintellvdsgetmodes
- CVE-url: https://ubuntu.com/security/CVE-2024-42311
- hfs: fix to initialize fields of hfsinodeinfo after hfsallocinode()
- CVE-url: https://ubuntu.com/security/CVE-2024-41012
- filelock: Remove locks reliably when fcntl/close race is detected
- CVE-url: https://ubuntu.com/security/CVE-2024-45028
- mmc: mmc_test: Fix NULL dereference on allocation failure
- CVE-url: https://ubuntu.com/security/CVE-2024-43860
- remoteproc: imx_rproc: Skip over memory region when node value is NULL
- CVE-url: https://ubuntu.com/security/CVE-2024-43914
- md/raid5: avoid BUG_ON() while continue reshape after reassembling
- CVE-url: https://ubuntu.com/security/CVE-2024-45025
- fix bitmap corruption on closerange() with CLOSERANGE_UNSHARE
- CVE-url: https://ubuntu.com/security/CVE-2024-43856
- dma: fix call order in dmamfreecoherent
- CVE-url: https://ubuntu.com/security/CVE-2024-42289
- scsi: qla2xxx: During vport delete send async logout explicitly
- CVE-url: https://ubuntu.com/security/CVE-2024-44995
- net: hns3: fix a deadlock problem when config TC during resetting
- CVE-url: https://ubuntu.com/security/CVE-2024-43854
- block: initialize integrity buffer to zero before writing it to media
- CVE-url: https://ubuntu.com/security/CVE-2024-43884
- Bluetooth: MGMT: Add error handling to pair_device()
- CVE-url: https://ubuntu.com/security/CVE-2024-43871
- devres: Fix memory leakage caused by driver API devmfreepercpu()
- CVE-url: https://ubuntu.com/security/CVE-2024-42309
- drm/gma500: fix null pointer dereference in psbintellvdsgetmodes
- CVE-url: https://ubuntu.com/security/CVE-2024-26668
- netfilter: nft_limit: reject configurations that cause integer overflow
- CVE-url: https://ubuntu.com/security/CVE-2024-50044
- Bluetooth: RFCOMM: FIX possible deadlock in rfcommskstate_change
- CVE-url: https://ubuntu.com/security/CVE-2024-49967
- ext4: no need to continue when the number of entries is 1
- CVE-url: https://ubuntu.com/security/CVE-2024-50033
- slip: make slhc_remember() more robust against malicious packets
- CVE-url: https://ubuntu.com/security/CVE-2024-47670
- ocfs2: add bounds checking to ocfs2xattrfind_entry()
- CVE-url: https://ubuntu.com/security/CVE-2024-49950
- Bluetooth: L2CAP: Fix uaf in l2cap_connect
- CVE-url: https://ubuntu.com/security/CVE-2024-49883
- ext4: aovid use-after-free in ext4extinsert_extent()
- CVE-url: https://ubuntu.com/security/CVE-2024-47745
- mm: call the securitymmapfile() LSM hook in remapfilepages()
- CVE-url: https://ubuntu.com/security/CVE-2024-49860
- ACPI: sysfs: validate return type of _STR method
- CVE-url: https://ubuntu.com/security/CVE-2024-49882
- ext4: fix double brelse() the buffer of the extents path
- CVE-url: https://ubuntu.com/security/CVE-2024-49995
- tipc: guard against string buffer overrun
- CVE-url: https://ubuntu.com/security/CVE-2024-47723
- jfs: fix out-of-bounds in dbNextAG() and diAlloc()
- CVE-url: https://ubuntu.com/security/CVE-2024-50055
- driver core: bus: Fix double free in driver API bus_register()
- CVE-url: https://ubuntu.com/security/CVE-2024-47698
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
- CVE-url: https://ubuntu.com/security/CVE-2022-49026
- e100: Fix possible use after free in e100xmitprepare
- CVE-url: https://ubuntu.com/security/CVE-2024-47742
- firmware_loader: Block path traversal
- CVE-url: https://ubuntu.com/security/CVE-2024-50035
- ppp: fix pppasyncencode() illegal access
- CVE-url: https://ubuntu.com/security/CVE-2024-47757
- nilfs2: fix potential oob read in nilfsbtreecheck_delete()
- CVE-url: https://ubuntu.com/security/CVE-2024-49884
- ext4: avoid ext4error()'s caused by ENOMEM in the truncate path
- ext4: fix slab-use-after-free in ext4splitextentat()
- CVE-url: https://ubuntu.com/security/CVE-2022-49006
- tracing: Free buffers when a used dynamic event is removed
- CVE-url: https://ubuntu.com/security/CVE-2024-49903
- jfs: Fix uaf in dbFreeBits
- CVE-url: https://ubuntu.com/security/CVE-2024-47701
- ext4: avoid OOB when system.data xattr changes underneath the filesystem
- CVE-url: https://ubuntu.com/security/CVE-2024-49889
- ext4: avoid use-after-free in ext4extshow_leaf()
- CVE-url: https://ubuntu.com/security/CVE-2024-50073
- tty: ngsm: Fix use-after-free in gsmcleanup_mux
- CVE-url: https://ubuntu.com/security/CVE-2024-47747
- net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition
- CVE-url: https://ubuntu.com/security/CVE-2024-49900
- jfs: Fix uninit-value access of newea in eabuffer
- CVE-url: https://ubuntu.com/security/CVE-2024-47697
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error
- CVE-url: https://ubuntu.com/security/CVE-2022-48951
- ASoC: ops: Check bounds for second channel in sndsocputvolswsx()
- CVE-url: https://ubuntu.com/security/CVE-2024-49981
- media: venus: fix use after free bug in venus_remove due to race condition
- CVE-url: https://ubuntu.com/security/CVE-2024-43839
- bna: adjust 'name' buf size of bnatcb and bnaccb structures
- CVE-url: https://ubuntu.com/security/CVE-2024-47659
- smack: tcp: ipv4, fix incorrect labeling
- CVE-url: https://ubuntu.com/security/CVE-2024-47685
- netfilter: nfrejectipv6: fix nfrejectip6tcphdrput()
- CVE-url: https://ubuntu.com/security/CVE-2024-39476
- md/raid5: fix deadlock that raid5d() wait for itself to clear MDSBCHANGE_PENDING
- CVE-url: https://ubuntu.com/security/CVE-2024-27397
- netfilter: nftables: use timestamp to check for set element timeout
- netfilter: nftables: annotate data-races around element expiration
- netfilter: nf_tables: support timeouts larger than 23 days
- CVE-url: https://ubuntu.com/security/CVE-2024-26641
- net: Fix unwanted sign extension in netdevstatstostats64()
- ip6tunnel: make sure to pull inner header in __ip6tnlrcv()
- CVE-url: https://ubuntu.com/security/CVE-2024-38611
- media: i2c: et8ek8: Don't strip remove function when driver is builtin
- CVE-url: https://ubuntu.com/security/CVE-2024-44946
- References
Affected packages
TuxCare:Ubuntu:18.04
linux-buildinfo-4.15.0-240-tuxcare.els28-generic
linux-buildinfo-4.15.0-240-tuxcare.els28-lowlatency
linux-cloud-tools-4.15.0-240-tuxcare.els28
linux-cloud-tools-4.15.0-240-tuxcare.els28-generic
linux-cloud-tools-4.15.0-240-tuxcare.els28-lowlatency
linux-cloud-tools-common
linux-cloud-tools-generic
linux-cloud-tools-lowlatency
linux-crashdump
linux-doc
linux-generic
linux-headers-4.15.0-240-tuxcare.els28
linux-headers-4.15.0-240-tuxcare.els28-generic
linux-headers-4.15.0-240-tuxcare.els28-lowlatency
linux-headers-generic
linux-headers-lowlatency
linux-image-generic
linux-image-lowlatency
linux-image-unsigned-4.15.0-240-tuxcare.els28-generic
linux-image-unsigned-4.15.0-240-tuxcare.els28-lowlatency
Package
- Name
- linux-image-unsigned-4.15.0-240-tuxcare.els28-lowlatency
- Purl
- pkg:deb/tuxcare/linux-image-unsigned-4.15.0-240-tuxcare.els28-lowlatency?distro=ubuntu-18.04