Headline
Ubuntu Security Notice USN-6495-1
Ubuntu Security Notice 6495-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-6495-1November 21, 2023linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-hwe-5.4,linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle,linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmpvulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-bluefield: Linux kernel for NVIDIA BlueField platforms- linux-ibm: Linux kernel for IBM cloud systems- linux-iot: Linux kernel for IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systems- linux-oracle-5.4: Linux kernel for Oracle Cloud systems- linux-raspi-5.4: Linux kernel for Raspberry Pi systemsDetails:Yu Hao discovered that the UBI driver in the Linux kernel did not properlycheck for MTD with zero erasesize during device attachment. A localprivileged attacker could use this to cause a denial of service (systemcrash). (CVE-2023-31085)Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb)Ethernet driver in the Linux kernel did not properly validate receivedframes that are larger than the set MTU size, leading to a buffer overflowvulnerability. An attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-45871)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS: linux-image-5.4.0-1026-iot 5.4.0-1026.27 linux-image-5.4.0-1034-xilinx-zynqmp 5.4.0-1034.38 linux-image-5.4.0-1061-ibm 5.4.0-1061.66 linux-image-5.4.0-1075-bluefield 5.4.0-1075.81 linux-image-5.4.0-1098-raspi 5.4.0-1098.110 linux-image-5.4.0-1103-kvm 5.4.0-1103.110 linux-image-5.4.0-1113-oracle 5.4.0-1113.122 linux-image-5.4.0-1114-aws 5.4.0-1114.124 linux-image-5.4.0-167-generic 5.4.0-167.184 linux-image-5.4.0-167-generic-lpae 5.4.0-167.184 linux-image-5.4.0-167-lowlatency 5.4.0-167.184 linux-image-aws-lts-20.04 5.4.0.1114.111 linux-image-bluefield 5.4.0.1075.70 linux-image-generic 5.4.0.167.164 linux-image-generic-lpae 5.4.0.167.164 linux-image-ibm-lts-20.04 5.4.0.1061.90 linux-image-kvm 5.4.0.1103.99 linux-image-lowlatency 5.4.0.167.164 linux-image-oem 5.4.0.167.164 linux-image-oem-osp1 5.4.0.167.164 linux-image-oracle-lts-20.04 5.4.0.1113.106 linux-image-raspi 5.4.0.1098.128 linux-image-raspi2 5.4.0.1098.128 linux-image-virtual 5.4.0.167.164 linux-image-xilinx-zynqmp 5.4.0.1034.34Ubuntu 18.04 LTS (Available with Ubuntu Pro): linux-image-5.4.0-1061-ibm 5.4.0-1061.66~18.04.1 linux-image-5.4.0-1098-raspi 5.4.0-1098.110~18.04.2 linux-image-5.4.0-1113-oracle 5.4.0-1113.122~18.04.1 linux-image-5.4.0-1114-aws 5.4.0-1114.124~18.04.1 linux-image-5.4.0-167-generic 5.4.0-167.184~18.04.1 linux-image-5.4.0-167-lowlatency 5.4.0-167.184~18.04.1 linux-image-aws 5.4.0.1114.92 linux-image-generic-hwe-18.04 5.4.0.167.184~18.04.135 linux-image-ibm 5.4.0.1061.72 linux-image-lowlatency-hwe-18.04 5.4.0.167.184~18.04.135 linux-image-oem 5.4.0.167.184~18.04.135 linux-image-oem-osp1 5.4.0.167.184~18.04.135 linux-image-oracle 5.4.0.1113.122~18.04.85 linux-image-raspi-hwe-18.04 5.4.0.1098.95 linux-image-snapdragon-hwe-18.04 5.4.0.167.184~18.04.135 linux-image-virtual-hwe-18.04 5.4.0.167.184~18.04.135After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References: https://ubuntu.com/security/notices/USN-6495-1 CVE-2023-31085, CVE-2023-45871Package Information: https://launchpad.net/ubuntu/+source/linux/5.4.0-167.184 https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1114.124 https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1075.81 https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1061.66 https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1026.27 https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1103.110 https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1113.122 https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1098.110 https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1034.38Related news
Red Hat Security Advisory 2024-1323-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Issues addressed include out of bounds write and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-1269-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-1249-03 - An update for kernel is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-0999-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-0897-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-0881-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-0554-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include out of bounds write and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-0381-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-0378-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include out of bounds write and use-after-free vulnerabilities.
Ubuntu Security Notice 6572-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6537-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6502-4 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
Ubuntu Security Notice 6496-2 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
Ubuntu Security Notice 6495-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6494-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6502-2 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
Ubuntu Security Notice 6516-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6503-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6502-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
Ubuntu Security Notice 6502-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
Ubuntu Security Notice 6496-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
Ubuntu Security Notice 6496-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.
An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.