LSN-0114-1

Advisory lineage Upstream: 16 Downstream: 0

Upstream

CVE-2022-49176 CVE-2022-49179 CVE-2022-49909 CVE-2023-52885 CVE-2024-49883 CVE-2024-53197

Published: 18 Aug 2025, 10:14

Last modified:02 Jun 2026, 09:01

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

18 Aug 2025, 10:14

Published

Vulnerability first disclosed

02 Jun 2026, 09:01

Last Modified

Vulnerability information updated

Description

Kernel Live Patch Security Notice In the Linux kernel, the following vulnerability has been resolved: bfq: fix use-after-free in bfq_dispatch_request KASAN reports a use-after-free report when doing normal scsi-mq test . In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oom_bfqq Our test report a UAF: . In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() When l2cap_recv_frame() is invoked to receive data, and the cid is L2CAP_CID_A2MP, if the channel does not exist, it will create a channel. However, after a channel is created, the hold operation of the channel is not performed. In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the established child sock, there is a window that the newsock retaining a freed listener svc_sock in sk_user_data which cloning from parent. In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(), we'll use the stale path and cause UAF. Below is a sample trace with dummy values: ext4_ext_insert_extent path . In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. In the Linux kernel, the following vulnerability has been resolved: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up The issue was caused by dput(upper) being called before ovl_dentry_update_reval(), while upper->d_flags was still accessed in ovl_dentry_remote(). In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem.

Affected Systems

ubuntu•linux
< 4.4.0-271.305 | < 4.15.0-240.252 | < 5.15.0-140.150 | < 6.8.0-79.79 | < 4.4.0-270.304 | < 4.15.0-206.217 | < 5.15.0-60.66 | all
ubuntu•linux-aws
< 4.4.0-1184.199 | < 4.15.0-1183.196 | < 5.15.0-1084.91 | < 6.8.0-1036.38 | < 4.4.0-1183.198 | < 4.15.0-1151.164 | < 5.15.0-1030.34 | all
ubuntu•linux-aws-5.15
< 5.15.0-1084.91~20.04.1 | < 5.15.0-1030.34~20.04.1
ubuntu•linux-aws-hwe
< 4.15.0-1183.196~16.04.1 | < 4.15.0-1151.164~16.04.1
ubuntu•linux-azure
< 4.15.0-1191.206~16.04.1 | < 5.15.0-1089.98 | < 6.8.0-1038.44 | < 4.15.0-1162.177~16.04.1 | < 5.15.0-1033.40 | all
ubuntu•linux-azure-4.15
< 4.15.0-1191.206 | < 4.15.0-1162.177
ubuntu•linux-azure-5.15
< 5.15.0-1089.98~20.04.1 | < 5.15.0-1033.40~20.04.1
ubuntu•linux-gcp
< 4.15.0-1176.193~16.04.1 | < 5.15.0-1083.92 | < 6.8.0-1037.39 | < 4.15.0-1146.162~16.04.1 | < 5.15.0-1029.36 | all
ubuntu•linux-gcp-4.15
< 4.15.0-1176.193 | < 4.15.0-1146.162
ubuntu•linux-gcp-5.15
< 5.15.0-1083.92~20.04.1 | < 5.15.0-1029.36~20.04.1
ubuntu•linux-gke
< 5.15.0-1081.87 | < 5.15.0-1027.32
ubuntu•linux-hwe
< 4.15.0-240.252~16.04.1 | < 4.15.0-206.217~16.04.1
ubuntu•linux-hwe-5.15
< 5.15.0-142.152~20.04.1 | < 5.15.0-60.66~20.04.1
ubuntu•linux-ibm
< 5.15.0-1076.79 | < 6.8.0-1036.36 | < 5.15.0-1025.28 | all
ubuntu•linux-ibm-5.15
< 5.15.0-1076.79~20.04.1 | all
ubuntu•linux-lowlatency-hwe-5.15
< 5.15.0-140.150~20.04.1 | < 5.15.0-60.66~20.04.1
ubuntu•linux-lts-xenial
< 4.4.0-271.305~14.04.1 | < 4.4.0-270.304~14.04.1
ubuntu•linux-oracle
< 4.15.0-1145.156 | < 5.15.0-1081.87 | < 6.8.0-1033.34 | < 4.15.0-1115.126 | < 5.15.0-1029.35 | all
ubuntu•linux-oracle-5.15
< 5.15.0-1081.87~20.04.1 | < 5.15.0-1029.35~20.04.1

LSN-0114-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (9)