LSN-0115-1

Advisory lineage Upstream: 10 Downstream: 0

Upstream

CVE-2024-27407 CVE-2024-47685 CVE-2024-50047 CVE-2025-21887 CVE-2025-22088 UBUNTU-CVE-2024-27407

Published: 08 Oct 2025, 09:47

Last modified:03 Jun 2026, 13:33

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

08 Oct 2025, 09:47

Published

Vulnerability first disclosed

03 Jun 2026, 13:33

Last Modified

Vulnerability information updated

Description

Kernel Live Patch Security Notice In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr())(CVE-2024-27407). In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1) Use skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put() BUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344 nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 . In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. In the Linux kernel, the following vulnerability has been resolved: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up The issue was caused by dput(upper) being called before ovl_dentry_update_reval(), while upper->d_flags was still accessed in ovl_dentry_remote(). In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem.

Affected Systems

ubuntu•linux
all | < 4.4.0-272.306 | < 4.15.0-241.253 | < 5.4.0-219.239 | < 5.15.0-153.163 | < 6.8.0-79.79
ubuntu•linux-aws
all | < 4.4.0-1185.200 | < 4.15.0-1184.197 | < 5.4.0-1148.158 | < 5.15.0-1091.98 | < 6.8.0-1036.38
ubuntu•linux-aws-5.15
all | < 5.15.0-1091.98~20.04.1
ubuntu•linux-aws-hwe
all | < 4.15.0-1184.197~16.04.1
ubuntu•linux-azure
all | < 4.15.0-1192.207~16.04.1 | < 5.15.0-1095.104 | < 6.8.0-1038.44
ubuntu•linux-azure-4.15
all | < 4.15.0-1192.207
ubuntu•linux-azure-5.15
all | < 5.15.0-1095.104~20.04.1
ubuntu•linux-gcp
all | < 4.15.0-1177.194~16.04.1 | < 5.15.0-1091.100 | < 6.8.0-1037.39
ubuntu•linux-gcp-4.15
all | < 4.15.0-1177.194
ubuntu•linux-gcp-5.15
all | < 5.15.0-1091.100~20.04.1
ubuntu•linux-gke
all | < 5.15.0-1088.94
ubuntu•linux-hwe
all | < 4.15.0-241.253~16.04.1
ubuntu•linux-hwe-5.15
all | < 5.15.0-153.163~20.04.1
ubuntu•linux-hwe-5.4
all | < 5.4.0-219.239~18.04.1
ubuntu•linux-ibm
all | < 5.15.0-1085.88 | < 6.8.0-1036.36
ubuntu•linux-ibm-5.15
all | < 5.15.0-1085.88~20.04.1
ubuntu•linux-lowlatency-hwe-5.15
all | < 5.15.0-153.163~20.04.1
ubuntu•linux-lts-xenial
all | < 4.4.0-272.306~14.04.1
ubuntu•linux-oracle
all | < 4.15.0-1146.157 | < 5.15.0-1089.95 | < 6.8.0-1033.34
ubuntu•linux-oracle-5.15
all | < 5.15.0-1090.96~20.04.1

LSN-0115-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (6)