[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-LSN-0109-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":38,"duplicates":39,"related":40,"reserved_at":9,"published_at":41,"modified_at":42,"state":9,"summary":43,"references_raw":45,"kevs":77,"epss":9,"epss_history":78,"metrics":79,"affected":80},"LSN-0109-1","Kernel Live Patch Security Notice\n\nIn the Linux kernel, the following vulnerability has been\nresolved: tls: fix use-after-free on failed backlog decryption When the\ndecrypt request goes to the backlog and crypto_aead_decrypt returns -EBUSY,\ntls_do_decryption will wait until all async decryptions have completed. If\none of them fails, tls_do_decryption will return -EBADMSG and\ntls_decrypt_sg jumps to the error path, releasing all the pages. But the\npages have been passed to the async callback, and have already been\nreleased by tls_decrypt_done. The only true async case is when\ncrypto_aead_decrypt returns -EINPROGRESS. With -EBUSY, we already waited so\nwe can tell tls_sw_recvmsg that the data is available for immediate copy,\nbut we need to notify tls_decrypt_sg (via the new ->async_done flag) that\nthe memory has already been released.)(CVE-2024-26800)\n\nIn the Linux kernel, the following vulnerability has been\nresolved: inet: inet_defrag: prevent sk release while still in use\nip_local_out() and other functions can pass skb->sk as function argument.\nIf the skb is a fragment and reassembly happens before such function call\nreturns, the sk must not be released. This affects skb fragments\nreassembled via netfilter or similar modules, e.g. openvswitch or ct_act.c,\nwhen run as part of tx pipeline. Eric Dumazet made an initial analysis of\nthis bug. Quoting Eric: Calling ip_defrag() in output path is also implying\nskb_orphan(), which is buggy because output path relies on sk not\ndisappearing. A relevant old patch about the issue was : 8282f27449bf\n('inet: frag: Always orphan skbs inside ip_defrag()') [..\nnet/ipv4/ip_output.c depends on skb->sk being set, and probably to an inet\nsocket, not an arbitrary one. If we orphan the packet in ipvlan, then\ndownstream things like FQ packet scheduler will not work properly. We need\nto change ip_defrag() to only use skb_orphan() when really needed, ie\nwhenever frag_list is going to be used. Eric suggested to stash sk in\nfragment queue and made an initial patch. However there is a problem with\nthis: If skb is refragmented again right after, ip_do_fragment() will copy\nhead->sk to the new fragments, and sets up destructor to sock_wfree. IOW,\nwe have no choice but to fix up sk_wmem accouting to reflect the fully\nreassembled skb, else wmem will underflow. This change moves the orphan\ndown into the core, to last possible moment. As ip_defrag_offset is aliased\nwith sk_buff->sk member, we must move the offset into the FRAG_CB, else\nskb->sk gets clobbered. This allows to delay the orphaning long enough to\nlearn if the skb has to be queued or if the skb is completing the reasm\nqueue. In the former case, things work as before, skb is orphaned. This is\nsafe because skb gets queued/stolen and won't continue past reasm engine.\nIn the latter case, we will steal the skb->sk reference, reattach it to the\nhead skb, and fix up wmem accouting when inet_frag inflates truesize.)(CVE-2024-26921)\n\nIn the Linux kernel, the following vulnerability has been\nresolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by\ncpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses\ndel_timer() to de-activate the timer. If the timer handler is running,\ndel_timer() could not stop it and will return directly. If the port region\nis released by release_region() and then the timer handler\ncpu5wdt_trigger() calls outb() to write into the region that is released,\nthe use-after-free bug will happen. Change del_timer() to\ntimer_shutdown_sync() in order that the timer handler could be finished\nbefore the port region is released.)(CVE-2024-38630)\n\nIn the Linux kernel, the following vulnerability has been\nresolved: exec: Fix ToCToU between perm check and set-uid/gid usage When\nopening a file for exec via do_filp_open(), permission checking is done\nagainst the file's metadata at that moment, and on success, a file pointer\nis passed back. Much later in the execve() code path, the file metadata\n(specifically mode, uid, and gid) is used to determine if/how to set the\nuid and gid. However, those values may have changed since the permissions\ncheck, meaning the execution may gain unintended privileges. For example,\nif a file could change permissions from executable and not set-id:\n---------x 1 root root 16048 Aug 7 13:16 target to set-id and non-\nexecutable: ---S------ 1 root root 16048 Aug 7 13:16 target it is possible\nto gain root privileges when execution should have been disallowed. While\nthis race condition is rare in real-world scenarios, it has been observed\n(and proven exploitable) when package managers are updating the setuid bits\nof installed programs. Such files start with being world-executable but\nthen are adjusted to be group-exec with a set-uid bit. For example, 'chmod\no-x,u+s target' makes 'target' executable only by uid 'root' and gid\n'cdrom', while also becoming setuid-root: -rwxr-xr-x 1 root cdrom 16048 Aug\n7 13:16 target becomes: -rwsr-xr-- 1 root cdrom 16048 Aug 7 13:16 target\nBut racing the chmod means users without group 'cdrom' membership can get\nthe permission to execute 'target' just before the chmod, and when the\nchmod finishes, the exec reaches brpm_fill_uid(), and performs the setuid\nto root, violating the expressed authorization of 'only cdrom group members\ncan setuid to root'. Re-check that we still have execute permissions in\ncase the metadata has changed. It would be better to keep a copy from the\nperm-check time, but until we can do that refactoring, the least-bad option\nis to do a full inode_permission() call (under inode lock). It is\nunderstood that this is safe against dead-locks, but hardly optimal.)(CVE-2024-43882)\n\nIn the Linux kernel, the following vulnerability has been\nresolved: vsock/virtio: Initialization of the dangling pointer occurring in\nvsk->trans During loopback communication, a dangling pointer can be created\nin vsk->trans, potentially leading to a Use-After-Free condition. This\nissue is resolved by initializing vsk->trans to NULL.)(CVE-2024-50264)\n\nIn the Linux kernel, the following vulnerability has been\nresolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling\npointer When hvs is released, there is a possibility that vsk->trans may\nnot be initialized to NULL, which could lead to a dangling pointer. This\nissue is resolved by initializing vsk->trans to NULL.)(CVE-2024-53103)",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36],{"_key":15},"CVE-2024-26800",{"_key":17},"CVE-2024-26921",{"_key":19},"CVE-2024-38630",{"_key":21},"CVE-2024-43882",{"_key":23},"CVE-2024-50264",{"_key":25},"CVE-2024-53103",{"_key":27},"UBUNTU-CVE-2024-26800",{"_key":29},"UBUNTU-CVE-2024-26921",{"_key":31},"UBUNTU-CVE-2024-38630",{"_key":33},"UBUNTU-CVE-2024-43882",{"_key":35},"UBUNTU-CVE-2024-50264",{"_key":37},"UBUNTU-CVE-2024-53103",[],[],[],"2025-02-20T10:11:03Z","2026-06-03T13:33:18.890181839Z",{"cisa_kev":44,"cisa_ransomware":44,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[46,52,57,61,65,69,73],{"url":47,"sources":48,"tags":50},"https://ubuntu.com/security/notices/LSN-0109-1",[49],"osv_ubuntu",[51],"Advisory",{"url":53,"sources":54,"tags":55},"https://ubuntu.com/security/CVE-2024-26800",[49],[56],"REPORT",{"url":58,"sources":59,"tags":60},"https://ubuntu.com/security/CVE-2024-26921",[49],[56],{"url":62,"sources":63,"tags":64},"https://ubuntu.com/security/CVE-2024-38630",[49],[56],{"url":66,"sources":67,"tags":68},"https://ubuntu.com/security/CVE-2024-43882",[49],[56],{"url":70,"sources":71,"tags":72},"https://ubuntu.com/security/CVE-2024-50264",[49],[56],{"url":74,"sources":75,"tags":76},"https://ubuntu.com/security/CVE-2024-53103",[49],[56],[],[],[],[81,107,126,133,140,156,163,170,186,193,200,207,214,221,228,235,248,255,260,273],{"ecosystem":82,"name":83,"vendor":84,"product":83,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":83,"source":9,"versions":86},"Ubuntu","linux","ubuntu","deb",[87,91,95,98,101,104],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",true,"ecosystem",{"version":92,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":93,"version_end_type":94,"fixed_in":9},"lt4_4_0_267_301","4.4.0-267.301","excluding",{"version":96,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":97,"version_end_type":94,"fixed_in":9},"lt4_15_0_233_245","4.15.0-233.245",{"version":99,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":100,"version_end_type":94,"fixed_in":9},"lt5_4_0_205_225","5.4.0-205.225",{"version":102,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":103,"version_end_type":94,"fixed_in":9},"lt5_15_0_131_141","5.15.0-131.141",{"version":105,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":106,"version_end_type":94,"fixed_in":9},"lt6_8_0_52_53","6.8.0-52.53",{"ecosystem":82,"name":108,"vendor":84,"product":108,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":108,"source":9,"versions":109},"linux-aws",[110,111,114,117,120,123],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":112,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":113,"version_end_type":94,"fixed_in":9},"lt4_4_0_1180_195","4.4.0-1180.195",{"version":115,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":116,"version_end_type":94,"fixed_in":9},"lt4_15_0_1177_190","4.15.0-1177.190",{"version":118,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":119,"version_end_type":94,"fixed_in":9},"lt5_4_0_1139_149","5.4.0-1139.149",{"version":121,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":122,"version_end_type":94,"fixed_in":9},"lt5_15_0_1078_85","5.15.0-1078.85",{"version":124,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":125,"version_end_type":94,"fixed_in":9},"lt6_8_0_1023_25","6.8.0-1023.25",{"ecosystem":82,"name":127,"vendor":84,"product":127,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":127,"source":9,"versions":128},"linux-aws-5.15",[129,130],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":131,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":132,"version_end_type":94,"fixed_in":9},"lt5_15_0_1077_84~20_04_1","5.15.0-1077.84~20.04.1",{"ecosystem":82,"name":134,"vendor":84,"product":134,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":134,"source":9,"versions":135},"linux-aws-hwe",[136,137],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":138,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":139,"version_end_type":94,"fixed_in":9},"lt4_15_0_1177_190~16_04_1","4.15.0-1177.190~16.04.1",{"ecosystem":82,"name":141,"vendor":84,"product":141,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":141,"source":9,"versions":142},"linux-azure",[143,144,147,150,153],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":145,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":146,"version_end_type":94,"fixed_in":9},"lt4_15_0_1185_200~16_04_1","4.15.0-1185.200~16.04.1",{"version":148,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":149,"version_end_type":94,"fixed_in":9},"lt5_4_0_1143_150","5.4.0-1143.150",{"version":151,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":152,"version_end_type":94,"fixed_in":9},"lt5_15_0_1079_88","5.15.0-1079.88",{"version":154,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":155,"version_end_type":94,"fixed_in":9},"lt6_8_0_1021_25","6.8.0-1021.25",{"ecosystem":82,"name":157,"vendor":84,"product":157,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":157,"source":9,"versions":158},"linux-azure-4.15",[159,160],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":161,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":162,"version_end_type":94,"fixed_in":9},"lt4_15_0_1185_200","4.15.0-1185.200",{"ecosystem":82,"name":164,"vendor":84,"product":164,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":164,"source":9,"versions":165},"linux-azure-5.15",[166,167],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":168,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":169,"version_end_type":94,"fixed_in":9},"lt5_15_0_1079_88~20_04_1","5.15.0-1079.88~20.04.1",{"ecosystem":82,"name":171,"vendor":84,"product":171,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":171,"source":9,"versions":172},"linux-gcp",[173,174,177,180,183],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":175,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":176,"version_end_type":94,"fixed_in":9},"lt4_15_0_1170_187~16_04_1","4.15.0-1170.187~16.04.1",{"version":178,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":179,"version_end_type":94,"fixed_in":9},"lt5_4_0_1142_151","5.4.0-1142.151",{"version":181,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":182,"version_end_type":94,"fixed_in":9},"lt5_15_0_1075_84","5.15.0-1075.84",{"version":184,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":185,"version_end_type":94,"fixed_in":9},"lt6_8_0_1021_23","6.8.0-1021.23",{"ecosystem":82,"name":187,"vendor":84,"product":187,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":187,"source":9,"versions":188},"linux-gcp-4.15",[189,190],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":191,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":192,"version_end_type":94,"fixed_in":9},"lt4_15_0_1170_187","4.15.0-1170.187",{"ecosystem":82,"name":194,"vendor":84,"product":194,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":194,"source":9,"versions":195},"linux-gcp-5.15",[196,197],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":198,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":199,"version_end_type":94,"fixed_in":9},"lt5_15_0_1075_84~20_04_1","5.15.0-1075.84~20.04.1",{"ecosystem":82,"name":201,"vendor":84,"product":201,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":201,"source":9,"versions":202},"linux-gke",[203,204],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":205,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":206,"version_end_type":94,"fixed_in":9},"lt5_15_0_1073_79","5.15.0-1073.79",{"ecosystem":82,"name":208,"vendor":84,"product":208,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":208,"source":9,"versions":209},"linux-gkeop",[210,211],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":212,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":213,"version_end_type":94,"fixed_in":9},"lt5_4_0_1102_106","5.4.0-1102.106",{"ecosystem":82,"name":215,"vendor":84,"product":215,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":215,"source":9,"versions":216},"linux-hwe",[217,218],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":219,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":220,"version_end_type":94,"fixed_in":9},"lt4_15_0_233_245~16_04_1","4.15.0-233.245~16.04.1",{"ecosystem":82,"name":222,"vendor":84,"product":222,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":222,"source":9,"versions":223},"linux-hwe-5.15",[224,225],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":226,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":227,"version_end_type":94,"fixed_in":9},"lt5_15_0_131_141~20_04_1","5.15.0-131.141~20.04.1",{"ecosystem":82,"name":229,"vendor":84,"product":229,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":229,"source":9,"versions":230},"linux-hwe-5.4",[231,232],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":233,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":234,"version_end_type":94,"fixed_in":9},"lt5_4_0_205_225~18_04_1","5.4.0-205.225~18.04.1",{"ecosystem":82,"name":236,"vendor":84,"product":236,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":236,"source":9,"versions":237},"linux-ibm",[238,239,242,245],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":240,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":241,"version_end_type":94,"fixed_in":9},"lt5_4_0_1085_90","5.4.0-1085.90",{"version":243,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":244,"version_end_type":94,"fixed_in":9},"lt5_15_0_1069_72","5.15.0-1069.72",{"version":246,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":247,"version_end_type":94,"fixed_in":9},"lt6_8_0_1019_19","6.8.0-1019.19",{"ecosystem":82,"name":249,"vendor":84,"product":249,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":249,"source":9,"versions":250},"linux-ibm-5.15",[251,252],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":253,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":254,"version_end_type":94,"fixed_in":9},"lt5_15_0_1069_72~20_04_1","5.15.0-1069.72~20.04.1",{"ecosystem":82,"name":256,"vendor":84,"product":256,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":256,"source":9,"versions":257},"linux-lowlatency-hwe-5.15",[258,259],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":226,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":227,"version_end_type":94,"fixed_in":9},{"ecosystem":82,"name":261,"vendor":84,"product":261,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":261,"source":9,"versions":262},"linux-oracle",[263,264,267,270],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":265,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":266,"version_end_type":94,"fixed_in":9},"lt4_15_0_1139_150","4.15.0-1139.150",{"version":268,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":269,"version_end_type":94,"fixed_in":9},"lt5_4_0_1137_146","5.4.0-1137.146",{"version":271,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":272,"version_end_type":94,"fixed_in":9},"lt5_15_0_1074_80","5.15.0-1074.80",{"ecosystem":82,"name":274,"vendor":84,"product":274,"cpe_part":9,"purl_type":85,"purl_namespace":84,"purl_name":274,"source":9,"versions":275},"linux-oracle-5.15",[276,277],{"version":88,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":278,"is_range":89,"range_type":90,"version_start":9,"version_start_type":9,"version_end":279,"version_end_type":94,"fixed_in":9},"lt5_15_0_1074_80~20_04_1","5.15.0-1074.80~20.04.1"]