Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

-   Ubuntu 20.04 LTS
-   Ubuntu 18.04 LTS
-   Ubuntu 24.04 LTS
-   Ubuntu 16.04 LTS
-   Ubuntu 22.04 LTS
-   Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software Description

-   linux - Linux kernel
-   linux-aws - Linux kernel for Amazon Web Services (AWS) systems
-   linux-azure - Linux kernel for Microsoft Azure Cloud systems
-   linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
-   linux-gke - Linux kernel for Google Container Engine (GKE) systems
-   linux-ibm - Linux kernel for IBM cloud systems
-   linux-oracle - Linux kernel for Oracle Cloud systems

Details

In the Linux kernel, the following vulnerability has been resolved: bfq:
fix use-after-free in bfq_dispatch_request KASAN reports a
use-after-free report when doing normal scsi-mq test. (CVE-2022-49176)

In the Linux kernel, the following vulnerability has been resolved:
block, bfq: don’t move oom_bfqq Our test report a UAF.
(CVE-2022-49179)

In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() When
l2cap_recv_frame() is invoked to receive data, and the cid is
L2CAP_CID_A2MP, if the channel does not exist, it will create a channel.
However, after a channel is created, the hold operation of the channel
is not performed. (CVE-2022-49909)

In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener
svc_sock is freed, and before invoking svc_tcp_accept() for the
established child sock, there is a window that the newsock retaining a
freed listener svc_sock in sk_user_data which cloning from parent.
(CVE-2023-52885)

In the Linux kernel, the following vulnerability has been resolved:
ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin
mentioned in Link, in ext4_ext_insert_extent(), if the path is
reallocated in ext4_ext_create_new_leaf(), we’ll use the stale path and
cause UAF. (CVE-2024-49883)

In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox
devices A bogus device can provide a bNumConfigurations value that
exceeds the initial value used in usb_get_configuration for allocating
dev->config. (CVE-2024-53197)

In the Linux kernel, the following vulnerability has been resolved: ovl:
fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up The
issue was caused by dput(upper) being called before
ovl_dentry_update_reval(), while upper->d_flags was still accessed in
ovl_dentry_remote(). (CVE-2025-21887)

In the Linux kernel, the following vulnerability has been resolved:
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the
erdma_cep_put(new_cep) being called, new_cep will be freed, and the
following dereference will cause a UAF problem. (CVE-2025-22088)

Update instructions

The problem can be corrected by updating your kernel livepatch to the
following versions:

Ubuntu 20.04 LTS
    aws - 114.1
    azure - 114.1
    gcp - 114.1
    generic - 114.1
    ibm - 114.1
    lowlatency - 114.1
    oracle - 114.1

Ubuntu 18.04 LTS
    aws - 114.1
    azure - 114.1
    gcp - 114.1
    generic - 114.1
    lowlatency - 114.1
    oracle - 114.1

Ubuntu 24.04 LTS
    aws - 114.1
    azure - 114.1
    gcp - 114.1
    generic - 114.1
    ibm - 114.1
    oracle - 114.1

Ubuntu 16.04 LTS
    aws - 114.1
    azure - 114.1
    gcp - 114.1
    generic - 114.1
    lowlatency - 114.1

Ubuntu 22.04 LTS
    aws - 114.1
    azure - 114.1
    gcp - 114.1
    generic - 114.1
    gke - 114.1
    ibm - 114.1
    oracle - 114.1

Ubuntu 14.04 LTS
    generic - 114.1
    lowlatency - 114.1

Support Information

Livepatches for supported LTS kernels will receive upgrades for a period
of up to 13 months after the build date of the kernel.

Livepatches for supported HWE kernels which are not based on an LTS
kernel version will receive upgrades for a period of up to 9 months
after the build date of the kernel, or until the end of support for that
kernel’s non-LTS distro release version, whichever is sooner.

References

-   CVE-2022-49176
-   CVE-2022-49179
-   CVE-2022-49909
-   CVE-2023-52885
-   CVE-2024-49883
-   CVE-2024-53197
-   CVE-2025-21887
-   CVE-2025-22088