{"id":56159,"date":"2024-04-09T20:09:46","date_gmt":"2024-04-09T16:09:46","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/177998\/LSN-0102-1.txt"},"modified":"2024-04-09T20:09:46","modified_gmt":"2024-04-09T16:09:46","slug":"kernel-live-patch-security-notice-lsn-0102-1","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/kernel-live-patch-security-notice-lsn-0102-1\/","title":{"rendered":"Kernel Live Patch Security Notice LSN-0102-1"},"content":{"rendered":"

Linux kernel vulnerabilities<\/p>\n

A security issue affects these releases of Ubuntu and its derivatives:<\/p>\n

– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 ESM
– Ubuntu 22.04 LTS
– Ubuntu 14.04 ESM<\/p>\n

Summary<\/p>\n

Several security issues were fixed in the kernel.<\/p>\n

Software Description<\/p>\n

– linux – Linux kernel
– linux-aws – Linux kernel for Amazon Web Services (AWS) systems
– linux-azure – Linux kernel for Microsoft Azure Cloud systems
– linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems
– linux-gke – Linux kernel for Google Container Engine (GKE) systems
– linux-gkeop – Linux kernel for Google Container Engine (GKE) systems
– linux-ibm – Linux kernel for IBM cloud systems<\/p>\n

Details<\/p>\n

It was discovered that a race condition existed in the io_uring
subsystem in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2023-1872)<\/p>\n

Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations.
A local attacker could use this to expose sensitive information (kernel
memory). (CVE-2023-4569)<\/p>\n

It was discovered that the TLS subsystem in the Linux kernel did not
properly perform cryptographic operations in some situations, leading to
a null pointer dereference vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-6176)<\/p>\n

It was discovered that a race condition existed in the AppleTalk
networking subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2023-51781)<\/p>\n

Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2024-0646)<\/p>\n

Notselwyn discovered that the netfilter subsystem in the Linux kernel
did not properly handle verdict parameters in certain cases, leading to
a use- after-free vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-1086)<\/p>\n

Update instructions<\/p>\n

The problem can be corrected by updating your kernel livepatch to the
following versions:<\/p>\n

Ubuntu 20.04 LTS
aws – 102.1
azure – 102.1
gcp – 102.1
generic – 102.1
gke – 102.1
gkeop – 102.1
ibm – 102.1
lowlatency – 102.1<\/p>\n

Ubuntu 18.04 LTS
aws – 102.1
azure – 102.1
gcp – 102.1
generic – 102.1
lowlatency – 102.1<\/p>\n

Ubuntu 16.04 ESM
aws – 102.1
azure – 102.1
gcp – 102.1
generic – 102.1
lowlatency – 102.1<\/p>\n

Ubuntu 22.04 LTS
aws – 102.1
azure – 102.1
gcp – 102.1
generic – 102.1
gke – 102.1
ibm – 102.1
lowlatency – 102.1<\/p>\n

Ubuntu 14.04 ESM
generic – 102.1
lowlatency – 102.1<\/p>\n

Support Information<\/p>\n

Livepatches for supported LTS kernels will receive upgrades for a period
of up to 13 months after the build date of the kernel.<\/p>\n

Livepatches for supported HWE kernels which are not based on an LTS
kernel version will receive upgrades for a period of up to 9 months
after the build date of the kernel, or until the end of support for that
kernel\u2019s non-LTS distro release version, whichever is sooner.<\/p>\n

References<\/p>\n

– CVE-2023-1872
– CVE-2023-4569
– CVE-2023-6176
– CVE-2023-51781
– CVE-2024-0646
– CVE-2024-1086<\/p>\n","protected":false},"excerpt":{"rendered":"

Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 20.04 LTS– Ubuntu 18.04 LTS– Ubuntu 16.04 ESM– Ubuntu 22.04 LTS– Ubuntu 14.04 ESM Summary Several security issues were fixed in the kernel. Software Description – linux – Linux kernel– linux-aws – Linux kernel for Amazon Web Services (AWS) …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56159","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56159","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56159"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56159\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}