CLSA-2025-1744213128
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2025-1744213128.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2025-1744213128
- Upstream
- Published
- 2025-04-09T15:38:52Z
- Modified
- 2026-06-04T10:03:27.038020523Z
- Summary
- Fix of 55 CVEs
- Details
-
- CVE-url: https://ubuntu.com/security/CVE-2025-21858
- geneve: Fix use-after-free in genevefinddev().
- CVE-url: https://ubuntu.com/security/CVE-2024-36921
- wifi: iwlwifi: mvm: guard against invalid STA ID on removal
- CVE-url: https://ubuntu.com/security/CVE-2023-52621
- bpf: Check rcureadlocktraceheld() before calling bpf map helpers
- CVE-url: https://ubuntu.com/security/CVE-2025-21855
- ibmvnic: Don't reference skb after sending to VIOS
- CVE-url: https://ubuntu.com/security/CVE-2021-47110
- x86/kvm: Disable kvmclock on all CPUs on shutdown
- CVE-url: https://ubuntu.com/security/CVE-2025-21791
- vrf: use RCU protection in l3mdevl3out()
- CVE-url: https://ubuntu.com/security/CVE-2024-57980
- media: uvcvideo: Fix double free in error path
- CVE-url: https://ubuntu.com/security/CVE-2025-21718
- net: rose: fix timer races against user threads
- CVE-url: https://ubuntu.com/security/CVE-2025-21735
- NFC: nci: Add bounds checking in ncihcicreate_pipe()
- CVE-url: https://ubuntu.com/security/CVE-2023-52805
- jfs: fix array-index-out-of-bounds in diAlloc
- CVE-url: https://ubuntu.com/security/CVE-2023-52847
- media: bttv: fix use after free error due to btv->timeout timer
- CVE-url: https://ubuntu.com/security/CVE-2024-41014
- xfs: add bounds checking to xlogrecoverprocess_data
- CVE-url: https://ubuntu.com/security/CVE-2025-21782
- orangefs: fix a oob in orangefsdebugwrite
- CVE-url: https://ubuntu.com/security/CVE-2024-26872
- RDMA/srpt: Do not register event handler until srpt device is fully setup
- CVE-url: https://ubuntu.com/security/CVE-2024-26982
- Squashfs: check the inode number is not the invalid value of zero
- CVE-url: https://ubuntu.com/security/CVE-2024-56548
- hfsplus: don't query the device logical block size multiple times
- CVE-url: https://ubuntu.com/security/CVE-2024-57850
- jffs2: Prevent rtime decompress memory corruption
- CVE-url: https://ubuntu.com/security/CVE-2024-49982
- aoe: fix the potential use-after-free problem in more places
- CVE-url: https://ubuntu.com/security/CVE-2024-47696
- RDMA/iwcm: Fix WARNING:atkernel/workqueue.c:#checkflush_dependency
- CVE-url: https://ubuntu.com/security/CVE-2024-50074
- parport: Proper fix for array out-of-bounds access
- CVE-url: https://ubuntu.com/security/CVE-2025-21687
- vfio/platform: check the bounds of read/write syscalls
- CVE-url: https://ubuntu.com/security/CVE-2024-57889
- regmap: allow to disable all locking mechanisms
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
- CVE-url: https://ubuntu.com/security/CVE-2024-56539
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiexconfigscan()
- CVE-url: https://ubuntu.com/security/CVE-2024-53680
- ipvs: fix UB due to uninitialized stack access in ipvsprotocol_init()
- CVE-url: https://ubuntu.com/security/CVE-2024-56630
- ocfs2: free inode when ocfs2getinit_inode() fails
- CVE-url: https://ubuntu.com/security/CVE-2024-53184
- um: ubd: Do not use drvdata in release
- CVE-url: https://ubuntu.com/security/CVE-2024-57884
- mm: vmscan: account for free pages to prevent infinite Loop in throttledirectreclaim()
- CVE-url: https://ubuntu.com/security/CVE-2024-56597
- jfs: fix shift-out-of-bounds in dbSplit
- CVE-url: https://ubuntu.com/security/CVE-2025-21664
- dm thin: make getfirstthin use rcu-safe list first function
- CVE-url: https://ubuntu.com/security/CVE-2024-56594
- drm/amdgpu: set the right AMDGPU sg segment limitation
- CVE-url: https://ubuntu.com/security/CVE-2024-56681
- crypto: bcm - add error check in the ahashhmacinit function
- CVE-url: https://ubuntu.com/security/CVE-2024-52332
- igb: Fix potential invalid memory access in igbinitmodule()
- CVE-url: https://ubuntu.com/security/CVE-2024-56570
- ovl: Filter invalid inodes with missing lookup function
- CVE-url: https://ubuntu.com/security/CVE-2024-57912
- iio: pressure: zpa2326: fix information leak in triggered buffer
- CVE-url: https://ubuntu.com/security/CVE-2024-53172
- ubi: fastmap: Fix duplicate slab cache names while attaching
- CVE-url: https://ubuntu.com/security/CVE-2024-57929
- dm array: fix releasing a faulty array block twice in dmarraycursor_end
- CVE-url: https://ubuntu.com/security/CVE-2024-56532
- ALSA: us122l: Use sndcardfreewhenclosed() at disconnection
- CVE-url: https://ubuntu.com/security/CVE-2024-53183
- um: net: Do not use drvdata in release
- CVE-url: https://ubuntu.com/security/CVE-2024-56644
- net/ipv6: release expired exception dst cached in socket
- CVE-url: https://ubuntu.com/security/CVE-2024-57948
- mac802154: check local interfaces before deleting sdata list
- CVE-url: https://ubuntu.com/security/CVE-2024-57904
- iio: adc: at91: call inputfreedevice() on allocated iio_dev
- CVE-url: https://ubuntu.com/security/CVE-2024-56637
- netfilter: ipset: Hold module reference while requesting a module
- CVE-url: https://ubuntu.com/security/CVE-2024-56576
- media: i2c: tc358743: Fix crash in the probe error path when using polling
- CVE-url: https://ubuntu.com/security/CVE-2024-53214
- vfio/pci: Properly hide first-in-list PCIe extended capability
- CVE-url: https://ubuntu.com/security/CVE-2024-56700
- media: wl128x: Fix atomicity violation in fmcsendcmd()
- CVE-url: https://ubuntu.com/security/CVE-2024-56531
- ALSA: caiaq: Use sndcardfreewhenclosed() at disconnection
- CVE-url: https://ubuntu.com/security/CVE-2024-53194
- PCI: Fix use-after-free of slot->bus on hot remove
- CVE-url: https://ubuntu.com/security/CVE-2024-58055
- usb: gadget: f_tcm: Don't free command immediately
- CVE-url: https://ubuntu.com/security/CVE-2024-56619
- nilfs2: fix potential out-of-bounds memory access in nilfsfindentry()
- CVE-url: https://ubuntu.com/security/CVE-2021-47636
- ubifs: Fix read out-of-bounds in ubifswbufwrite_nolock()
- CVE-url: https://ubuntu.com/security/CVE-2024-5317
- nfsd: make sure exp active before svcexportshow
- CVE-url: https://ubuntu.com/security/CVE-2024-53174
- SUNRPC: make sure cache entry active before cache_show
- CVE-url: https://ubuntu.com/security/CVE-2021-47219
- scsi: scsidebug: Fix out-of-bound read in respreport_tgtpgs()
- CVE-url: https://ubuntu.com/security/CVE-2024-50269
- usb: musb: sunxi: Fix accessing an released usb phy
- CVE-url: https://ubuntu.com/security/CVE-2024-57908
- iio: imu: kmx61: fix information leak in triggered buffer
- CVE-url: https://ubuntu.com/security/CVE-2025-21858
- References
Affected packages
TuxCare:Ubuntu:18.04
linux-buildinfo-4.15.0-246-tuxcare.els34-generic
linux-buildinfo-4.15.0-246-tuxcare.els34-lowlatency
linux-cloud-tools-4.15.0-246-tuxcare.els34
linux-cloud-tools-4.15.0-246-tuxcare.els34-generic
linux-cloud-tools-4.15.0-246-tuxcare.els34-lowlatency
linux-cloud-tools-common
linux-cloud-tools-generic
linux-cloud-tools-lowlatency
linux-crashdump
linux-doc
linux-generic
linux-headers-4.15.0-246-tuxcare.els34
linux-headers-4.15.0-246-tuxcare.els34-generic
linux-headers-4.15.0-246-tuxcare.els34-lowlatency
linux-headers-generic
linux-headers-lowlatency
linux-image-generic
linux-image-lowlatency
linux-image-unsigned-4.15.0-246-tuxcare.els34-generic
linux-image-unsigned-4.15.0-246-tuxcare.els34-lowlatency
Package
- Name
- linux-image-unsigned-4.15.0-246-tuxcare.els34-lowlatency
- Purl
- pkg:deb/tuxcare/linux-image-unsigned-4.15.0-246-tuxcare.els34-lowlatency?distro=ubuntu-18.04