Linux kernel vulnerabilities<\/p>\n
A security issue affects these releases of Ubuntu and its derivatives:<\/p>\n
– Ubuntu 20.04 LTS
\n– Ubuntu 18.04 LTS
\n– Ubuntu 16.04 ESM
\n– Ubuntu 22.04 LTS
\n– Ubuntu 14.04 ESM<\/p>\n
Summary<\/p>\n
Several security issues were fixed in the kernel.<\/p>\n
Software Description<\/p>\n
– linux – Linux kernel
\n– linux-aws – Linux kernel for Amazon Web Services (AWS) systems
\n– linux-azure – Linux kernel for Microsoft Azure Cloud systems
\n– linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems
\n– linux-gke – Linux kernel for Google Container Engine (GKE) systems
\n– linux-gkeop – Linux kernel for Google Container Engine (GKE) systems
\n– linux-ibm – Linux kernel for IBM cloud systems<\/p>\n
Details<\/p>\n
It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
\nkernel did not properly perform data buffer size validation in some
\nsituations. A physically proximate attacker could use this to craft a
\nmalicious USB device that when inserted, could cause a denial of service
\n(system crash) or possibly expose sensitive information. (CVE-2023-1380)<\/p>\n
Reima Ishii discovered that the nested KVM implementation for Intel x86
\nprocessors in the Linux kernel did not properly validate control
\nregisters in certain situations. An attacker in a guest VM could use
\nthis to cause a denial of service (guest crash). (CVE-2023-30456)<\/p>\n
Mingi Cho discovered that the netfilter subsystem in the Linux kernel
\ndid not properly validate the status of a nft chain while performing a
\nlookup by id, leading to a use-after-free vulnerability. An attacker
\ncould use this to cause a denial of service (system crash) or possibly
\nexecute arbitrary code. (CVE-2023-31248)<\/p>\n
Gwangun Jung discovered that the Quick Fair Queueing scheduler
\nimplementation in the Linux kernel contained an out-of-bounds write
\nvulnerability. A local attacker could use this to cause a denial of
\nservice (system crash) or possibly execute arbitrary code.
\n(CVE-2023-31436)<\/p>\n
Tanguy Dubroca discovered that the netfilter subsystem in the Linux
\nkernel did not properly handle certain pointer data type, leading to an
\nout-of- bounds write vulnerability. A privileged attacker could use this
\nto cause a denial of service (system crash) or possibly execute
\narbitrary code. (CVE-2023-35001)<\/p>\n
Update instructions<\/p>\n
The problem can be corrected by updating your kernel livepatch to the
\nfollowing versions:<\/p>\n
Ubuntu 20.04 LTS
\naws – 96.2
\nazure – 96.2
\ngcp – 96.2
\ngcp – 96.3
\ngeneric – 96.2
\ngeneric – 96.3
\ngke – 96.2
\ngke – 96.3
\ngkeop – 96.2
\nibm – 96.2
\nlowlatency – 96.2
\nlowlatency – 96.3<\/p>\n
Ubuntu 18.04 LTS
\nazure – 96.2
\ngcp – 96.2
\ngeneric – 96.2
\ngke – 96.2
\ngkeop – 96.2
\nibm – 96.2
\nlowlatency – 96.2<\/p>\n
Ubuntu 16.04 ESM
\naws – 96.2
\nazure – 96.2
\ngcp – 96.2
\ngeneric – 96.2
\nlowlatency – 96.2<\/p>\n
Ubuntu 22.04 LTS
\nazure – 96.2
\nazure – 96.3
\ngcp – 96.2
\ngcp – 96.3
\ngeneric – 96.2
\ngeneric – 96.3
\ngke – 96.2
\ngke – 96.3
\nibm – 96.2
\nibm – 96.3<\/p>\n
Ubuntu 14.04 ESM
\ngeneric – 96.2
\nlowlatency – 96.2<\/p>\n
Support Information<\/p>\n
Livepatches for supported LTS kernels will receive upgrades for a period
\nof up to 13 months after the build date of the kernel.<\/p>\n
Livepatches for supported HWE kernels which are not based on an LTS
\nkernel version will receive upgrades for a period of up to 9 months
\nafter the build date of the kernel, or until the end of support for that
\nkernel\u2019s non-LTS distro release version, whichever is sooner.<\/p>\n
References<\/p>\n
– CVE-2023-1380
\n– CVE-2023-30456
\n– CVE-2023-31248
\n– CVE-2023-31436
\n– CVE-2023-35001<\/p>\n","protected":false},"excerpt":{"rendered":"
Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 20.04 LTS – Ubuntu 18.04 LTS – Ubuntu 16.04 ESM – Ubuntu 22.04 LTS – Ubuntu 14.04 ESM Summary Several security issues were fixed in the kernel. Software Description – linux – Linux kernel – linux-aws – Linux kernel …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-45642","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45642","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=45642"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45642\/revisions"}],"predecessor-version":[{"id":45697,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/45642\/revisions\/45697"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=45642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=45642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=45642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}