[CLSA-2025:1758010922] Fix of 51 CVEs

Type:

security

Severity:

Important

Release date:

2025-09-16 08:22:06 UTC

Description:

   * CVE-url: https://ubuntu.com/security/CVE-2025-38000
     - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
   * CVE-url: https://ubuntu.com/security/CVE-2024-57996 // CVE-url:
     https://ubuntu.com/security/CVE-2025-37752
     - net_sched: sch_sfq: move the limit validation
   * Focal update: v5.4.285 upstream stable release (LP: #2089233) //
     CVE-2024-50202 // CVE-url: https://ubuntu.com/security/CVE-2024-50202
     - nilfs2: propagate directory read errors from nilfs_find_entry()
   * Focal update: v5.4.279 upstream stable release (LP: #2073621) // CVE-url:
     https://ubuntu.com/security/CVE-2024-50202
     - nilfs2: Remove check for PageError
     - nilfs2: return the mapped address from nilfs_get_page()
   * Focal update: v5.4.287 upstream stable release (LP: #2095145) // CVE-url:
     https://ubuntu.com/security/CVE-2024-53131
     - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
   * Focal update: v5.4.287 upstream stable release (LP: #2095145) // CVE-url:
     https://ubuntu.com/security/CVE-2024-53130
     - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
   * CVE-url: https://ubuntu.com/security/CVE-2022-49179
     - block, bfq: don't move oom_bfqq
   * CVE-url: https://ubuntu.com/security/CVE-2022-49176
     - bfq: fix use-after-free in bfq_dispatch_request
   * CVE-url: https://ubuntu.com/security/CVE-2025-21956
     - drm/amd/display: Assign normalized_pix_clk when color depth = 14
   * CVE-url: https://ubuntu.com/security/CVE-2025-21992
     - HID: ignore non-functional sensor in HP 5MP Camera
   * CVE-url: https://ubuntu.com/security/CVE-2025-22021
     - netfilter: socket: Lookup orig tuple for IPv6 SNAT
   * CVE-url: https://ubuntu.com/security/CVE-2025-22073
     - spufs: fix a leak on spufs_new_file() failure
   * CVE-url: https://ubuntu.com/security/CVE-2025-22079
     - ocfs2: validate l_tree_depth to avoid out-of-bounds access
   * CVE-url: https://ubuntu.com/security/CVE-2025-22086
     - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow
   * CVE-url: https://ubuntu.com/security/CVE-2025-21722
     - nilfs2: do not force clear folio if buffer is referenced
   * CVE-url: https://ubuntu.com/security/CVE-2025-22018
     - atm: Fix NULL pointer dereference
   * CVE-url: https://ubuntu.com/security/CVE-2024-58071
     - team: prevent adding a device which is already a team device lower
   * CVE-url: https://ubuntu.com/security/CVE-2024-58063
     - wifi: rtlwifi: fix memory leaks and invalid access at probe error path
   * CVE-url: https://ubuntu.com/security/CVE-2024-58052
     - drm/amdgpu: Fix potential NULL pointer dereference in
       atomctrl_get_smc_sclk_range_table
   * CVE-url: https://ubuntu.com/security/CVE-2024-58058
     - ubifs: skip dumping tnc tree when zroot is null
   * CVE-url: https://ubuntu.com/security/CVE-2025-21859
     - USB: gadget: f_midi: f_midi_complete to call queue_work
   * CVE-url: https://ubuntu.com/security/CVE-2025-21640
     - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
   * CVE-url: https://ubuntu.com/security/CVE-2024-57922
     - drm/amd/display: Add check for granularity in dml ceil/floor helpers
   * CVE-url: https://ubuntu.com/security/CVE-2024-57913
     - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
   * CVE-url: https://ubuntu.com/security/CVE-2025-21638
     - sctp: sysctl: auth_enable: avoid using current->nsproxy
   * CVE-url: https://ubuntu.com/security/CVE-2024-50195
     - posix-clock: Fix missing timespec64 check in pc_clock_settime()
   * CVE-url: https://ubuntu.com/security/CVE-2024-50299
     - sctp: properly validate chunk size in sctp_sf_ootb()
   * CVE-url: https://ubuntu.com/security/CVE-2024-50273
     - btrfs: reinitialize delayed ref list after deleting it from the list
   * CVE-url: https://ubuntu.com/security/CVE-2024-41016
     - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
   * CVE-url: https://ubuntu.com/security/CVE-2024-50287
     - media: v4l2-tpg: prevent the risk of a division by zero
   * CVE-url: https://ubuntu.com/security/CVE-2024-49965
     - ocfs2: remove unreasonable unlock in ocfs2_read_blocks
   * CVE-url: https://ubuntu.com/security/CVE-2024-50179
     - ceph: remove the incorrect Fw reference check when dirtying pages
   * CVE-url: https://ubuntu.com/security/CVE-2024-40953
     - KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
   * CVE-url: https://ubuntu.com/security/CVE-2024-50290
     - media: cx24116: prevent overflows on SNR calculus
   * CVE-url: https://ubuntu.com/security/CVE-2024-49877
     - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
   * CVE-url: https://ubuntu.com/security/CVE-2024-49938
     - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
   * CVE-url: https://ubuntu.com/security/CVE-2024-50008
     - wifi: mwifiex: Fix memcpy() field-spanning write warning in
       mwifiex_cmd_802_11_scan_ext()
   * CVE-url: https://ubuntu.com/security/CVE-2024-47672
     - wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
   * CVE-url: https://ubuntu.com/security/CVE-2024-49959
     - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
   * CVE-url: https://ubuntu.com/security/CVE-2024-49963
     - mailbox: bcm2835: Fix timeout during suspend mode
   * CVE-url: https://ubuntu.com/security/CVE-2024-47709
     - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
   * CVE-url: https://ubuntu.com/security/CVE-2025-21699
     - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
   * CVE-url: https://ubuntu.com/security/CVE-2025-21689
     - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
   * CVE-url: https://ubuntu.com/security/CVE-2024-38544
     - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
   * CVE-url: https://ubuntu.com/security/CVE-2024-50251
     - netfilter: nft_payload: sanitize offset and length before calling
       skb_checksum()
   * CVE-url: https://ubuntu.com/security/CVE-2024-49949
     - udp: add udp gso
     - net: avoid potential underflow in qdisc_pkt_len_init() with UFO
   * CVE-url: https://ubuntu.com/security/CVE-2024-53101
     - fs: Fix uninitialized value issue in from_kuid and from_kgid
   * CVE-url: https://ubuntu.com/security/CVE-2023-52975
     - scsi: iscsi: Move pool freeing
     - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
   * Focal update: v5.4.287 upstream stable release (LP: #2095145) // CVE-url:
     https://ubuntu.com/security/CVE-2024-56748
     - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()
   * CVE-url: https://ubuntu.com/security/CVE-2025-37797
     - net_sched: hfsc: Fix a UAF vulnerability in class handling
   * CVE-url: https://ubuntu.com/security/CVE-2024-38541
     - of: module: add buffer overflow check in of_modalias()
   * Miscellaneous upstream changes
     - fixup! UBUNTU: [Config] updateconfigs for NFSD_FAULT_INJECTION

Updated packages:

linux-buildinfo-4.15.0-251-tuxcare.els39-generic_4.15.0-251.262_amd64.deb
sha:b69d265ebf4e90c6e2793267e839bb3851287f49
linux-buildinfo-4.15.0-251-tuxcare.els39-lowlatency_4.15.0-251.262_amd64.deb
sha:ea1ee441c0235e8ef97ea282434573ff1fe729f7
linux-cloud-tools-4.15.0-251-tuxcare.els39_4.15.0-251.262_amd64.deb
sha:918e266bce9e4f5744eacd3b91feedd8b586a270
linux-cloud-tools-4.15.0-251-tuxcare.els39-generic_4.15.0-251.262_amd64.deb
sha:71d88956801622bdd69e8cfd74e19cbc8385099d
linux-cloud-tools-4.15.0-251-tuxcare.els39-lowlatency_4.15.0-251.262_amd64.deb
sha:7cdb55d92917f0d26342bb519bbb24e4d0d71c03
linux-cloud-tools-common_4.15.0-251.262_all.deb
sha:2b035751349e6fdccb3283c936f18ba58c2988ff
linux-doc_4.15.0-251.262_all.deb
sha:2d000cc630397fc20a5a48c5ec535e356eaeea0a
linux-headers-4.15.0-251-tuxcare.els39_4.15.0-251.262_all.deb
sha:36d64f7a5a8d64c823ab13ae2c810be2206aa648
linux-headers-4.15.0-251-tuxcare.els39-generic_4.15.0-251.262_amd64.deb
sha:41bdbe0040e201df6893d2601c18f3f7f105d8e3
linux-headers-4.15.0-251-tuxcare.els39-lowlatency_4.15.0-251.262_amd64.deb
sha:53280a88f28e26514de4e494519f7a2f8abb45db
linux-image-unsigned-4.15.0-251-tuxcare.els39-generic_4.15.0-251.262_amd64.deb
sha:0978905af287fabb23bebdd179411520b054e69b
linux-image-unsigned-4.15.0-251-tuxcare.els39-lowlatency_4.15.0-251.262_amd64.deb
sha:cb00e124655d5bef8de2aebeef6a412d2ecd7843
linux-libc-dev_4.15.0-251.262_amd64.deb
sha:90a513d92897ee2f29a09591918d0fb262cde1a8
linux-modules-4.15.0-251-tuxcare.els39-generic_4.15.0-251.262_amd64.deb
sha:01b2c05d672194f704b5dcb0093d44d7e7b2b2b2
linux-modules-4.15.0-251-tuxcare.els39-lowlatency_4.15.0-251.262_amd64.deb
sha:e37be5ea53f3722311ad5a89f12de8104483f2db
linux-modules-extra-4.15.0-251-tuxcare.els39-generic_4.15.0-251.262_amd64.deb
sha:11c53ccc69e999988445ab73b4177d3ef9c6cc2f
linux-source-4.15.0_4.15.0-251.262_all.deb
sha:32b0eea9395cba06d152ef90964de6cdafd48931
linux-tools-4.15.0-251-tuxcare.els39_4.15.0-251.262_amd64.deb
sha:b6b7d8988b4651182b7b654a7630b27c79f8fa3f
linux-tools-4.15.0-251-tuxcare.els39-generic_4.15.0-251.262_amd64.deb
sha:094a08278d2b7de13448c84a2d22dfc195a52a1c
linux-tools-4.15.0-251-tuxcare.els39-lowlatency_4.15.0-251.262_amd64.deb
sha:e3ab81f466716f708199600b23e9edc949be447d
linux-tools-common_4.15.0-251.262_all.deb
sha:8e311d2812daa83e5ccb7af4ceb1eeb56360cc92
linux-tools-host_4.15.0-251.262_all.deb
sha:90c15aff8a8fb1c1d85c0202215ef33635c16872

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.