Headline
Ubuntu Security Notice USN-6536-1
Ubuntu Security Notice 6536-1 - Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information. Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service.
==========================================================================Ubuntu Security Notice USN-6536-1December 06, 2023linux, linux-aws, linux-azure, linux-laptop, linux-lowlatency,linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-laptop: Linux kernel for Lenovo X13s ARM laptops- linux-lowlatency: Linux low latency kernel- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-starfive: Linux kernel for StarFive processors- linux-oem-6.5: Linux kernel for OEM systemsDetails:Lucas Leong discovered that the netfilter subsystem in the Linux kernel didnot properly validate some attributes passed from userspace. A localattacker could use this to cause a denial of service (system crash) orpossibly expose sensitive information (kernel memory). (CVE-2023-39189)Kyle Zeng discovered that the IPv4 implementation in the Linux kernel didnot properly handle socket buffers (skb) when performing IP routing incertain circumstances, leading to a null pointer dereference vulnerability.A privileged attacker could use this to cause a denial of service (systemcrash). (CVE-2023-42754)Yikebaer Aizezi discovered that the ext4 file system implementation in theLinux kernel contained a use-after-free vulnerability when handling inodeextent metadata. An attacker could use this to construct a malicious ext4file system image that, when mounted, could cause a denial of service(system crash). (CVE-2023-45898)Jason Wang discovered that the virtio ring implementation in the Linuxkernel did not properly handle iov buffers in some situations. A localattacker in a guest VM could use this to cause a denial of service (hostsystem crash). (CVE-2023-5158)Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kerneldid not properly handle queue initialization failures in certainsituations, leading to a use-after-free vulnerability. A remote attackercould use this to cause a denial of service (system crash) or possiblyexecute arbitrary code. (CVE-2023-5178)Budimir Markovic discovered that the perf subsystem in the Linux kernel didnot properly handle event groups, leading to an out-of-bounds writevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-5717)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10: linux-image-6.5.0-1005-starfive 6.5.0-1005.6 linux-image-6.5.0-1007-laptop 6.5.0-1007.10 linux-image-6.5.0-1008-raspi 6.5.0-1008.11 linux-image-6.5.0-1009-azure 6.5.0-1009.9 linux-image-6.5.0-1009-azure-fde 6.5.0-1009.9 linux-image-6.5.0-1011-aws 6.5.0-1011.11 linux-image-6.5.0-1013-oracle 6.5.0-1013.13 linux-image-6.5.0-14-generic 6.5.0-14.14 linux-image-6.5.0-14-generic-64k 6.5.0-14.14 linux-image-6.5.0-14-lowlatency 6.5.0-14.14.1 linux-image-6.5.0-14-lowlatency-64k 6.5.0-14.14.1 linux-image-aws 6.5.0.1011.11 linux-image-azure 6.5.0.1009.11 linux-image-azure-fde 6.5.0.1009.11 linux-image-generic 6.5.0.14.16 linux-image-generic-64k 6.5.0.14.16 linux-image-generic-lpae 6.5.0.14.16 linux-image-kvm 6.5.0.14.16 linux-image-laptop-23.10 6.5.0.1007.10 linux-image-lowlatency 6.5.0.14.14.12 linux-image-lowlatency-64k 6.5.0.14.14.12 linux-image-oracle 6.5.0.1013.13 linux-image-raspi 6.5.0.1008.9 linux-image-raspi-nolpae 6.5.0.1008.9 linux-image-starfive 6.5.0.1005.7 linux-image-virtual 6.5.0.14.16Ubuntu 22.04 LTS: linux-image-6.5.0-1009-oem 6.5.0-1009.10 linux-image-oem-22.04d 6.5.0.1009.11After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References: https://ubuntu.com/security/notices/USN-6536-1 CVE-2023-39189, CVE-2023-42754, CVE-2023-45898, CVE-2023-5158, CVE-2023-5178, CVE-2023-5717Package Information: https://launchpad.net/ubuntu/+source/linux/6.5.0-14.14 https://launchpad.net/ubuntu/+source/linux-aws/6.5.0-1011.11 https://launchpad.net/ubuntu/+source/linux-azure/6.5.0-1009.9 https://launchpad.net/ubuntu/+source/linux-laptop/6.5.0-1007.10 https://launchpad.net/ubuntu/+source/linux-lowlatency/6.5.0-14.14.1 https://launchpad.net/ubuntu/+source/linux-oracle/6.5.0-1013.13 https://launchpad.net/ubuntu/+source/linux-raspi/6.5.0-1008.11 https://launchpad.net/ubuntu/+source/linux-starfive/6.5.0-1005.6 https://launchpad.net/ubuntu/+source/linux-oem-6.5/6.5.0-1009.10
Related news
Red Hat Security Advisory 2024-2394-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, double free, integer overflow, memory exhaustion, memory leak, null pointer, out of bounds access, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-1269-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-1248-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-0897-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Ubuntu Security Notice 6635-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
Red Hat Security Advisory 2024-0386-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Ubuntu Security Notice 6549-5 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6548-5 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 6573-1 - Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information. Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service.
Ubuntu Security Notice 6548-4 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 6549-4 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
Debian Linux Security Advisory 5594-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Ubuntu Security Notice 6549-3 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6548-3 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 6534-3 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6548-2 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 6549-2 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6534-2 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6549-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6548-1 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 6532-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
Ubuntu Security Notice 6532-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
Ubuntu Security Notice 6532-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
Ubuntu Security Notice 6534-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6534-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6534-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6534-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6494-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6494-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6494-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
Red Hat Security Advisory 2023-7559-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7557-01 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include information leakage and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-7554-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7551-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include information leakage and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-7549-01 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7548-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
Ubuntu Security Notice 6497-1 - Maxim Levitsky discovered that the KVM nested virtualization implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly handle queue initialization failures in certain situations, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6497-1 - Maxim Levitsky discovered that the KVM nested virtualization implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly handle queue initialization failures in certain situations, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6494-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6494-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6494-1 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
Red Hat Security Advisory 2023-7418-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7379-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges.
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent.
A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.
A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor.