{"id":58255,"date":"2024-07-17T21:31:45","date_gmt":"2024-07-17T18:31:45","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179582\/LSN-0105-1.txt"},"modified":"2024-07-17T21:31:45","modified_gmt":"2024-07-17T18:31:45","slug":"kernel-live-patch-security-notice-lsn-0105-1","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/kernel-live-patch-security-notice-lsn-0105-1\/","title":{"rendered":"Kernel Live Patch Security Notice LSN-0105-1"},"content":{"rendered":"

Linux kernel vulnerabilities<\/p>\n

A security issue affects these releases of Ubuntu and its derivatives:<\/p>\n

– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS
– Ubuntu 16.04 ESM
– Ubuntu 22.04 LTS
– Ubuntu 14.04 ESM<\/p>\n

Summary<\/p>\n

Several security issues were fixed in the kernel.<\/p>\n

Software Description<\/p>\n

– linux – Linux kernel
– linux-aws – Linux kernel for Amazon Web Services (AWS) systems
– linux-azure – Linux kernel for Microsoft Azure Cloud systems
– linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems
– linux-gke – Linux kernel for Google Container Engine (GKE) systems
– linux-gkeop – Linux kernel for Google Container Engine (GKE) systems
– linux-ibm – Linux kernel for IBM cloud systems
– linux-oracle – Linux kernel for Oracle Cloud systems<\/p>\n

Details<\/p>\n

It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service
or possibly execute arbitrary code. (CVE-2023-6270)<\/p>\n

It was discovered that the netfilter connection tracker for netlink in
the Linux kernel did not properly perform reference counting in some
error conditions. A local attacker could possibly use this to cause a
denial of service (memory exhaustion). (CVE-2023-7192)<\/p>\n

In the Linux kernel, the following vulnerability has been
resolved: netfilter: nf_tables: disallow anonymous set with timeout flag
Anonymous sets are never used with timeout from userspace, reject this.
Exception to this rule is NFT_SET_EVAL to ensure legacy meters still
work. (CVE-2024-26642)<\/p>\n

In the Linux kernel, the following vulnerability has been
resolved: cifs: fix underflow in parse_server_interfaces() (CVE-2024-26828)<\/p>\n

In the Linux kernel, the following vulnerability has been
resolved: netfilter: nft_set_pipapo: do not free live element.
(CVE-2024-26924)<\/p>\n

Update instructions<\/p>\n

The problem can be corrected by updating your kernel livepatch to the
following versions:<\/p>\n

Ubuntu 20.04 LTS
aws – 105.1
azure – 105.1
gcp – 105.1
generic – 105.1
gke – 105.1
gkeop – 105.1
ibm – 105.1
lowlatency – 105.1
oracle – 105.1<\/p>\n

Ubuntu 18.04 LTS
aws – 105.1
azure – 105.1
gcp – 105.1
generic – 105.1
lowlatency – 105.1
oracle – 105.1<\/p>\n

Ubuntu 16.04 ESM
aws – 105.1
azure – 105.1
gcp – 105.1
generic – 105.1
lowlatency – 105.1<\/p>\n

Ubuntu 22.04 LTS
aws – 105.1
gcp – 105.1
generic – 105.1
generic – 105.2
gke – 105.1
ibm – 105.1
oracle – 105.1<\/p>\n

Ubuntu 14.04 ESM
generic – 105.1
lowlatency – 105.1<\/p>\n

Support Information<\/p>\n

Livepatches for supported LTS kernels will receive upgrades for a period
of up to 13 months after the build date of the kernel.<\/p>\n

Livepatches for supported HWE kernels which are not based on an LTS
kernel version will receive upgrades for a period of up to 9 months
after the build date of the kernel, or until the end of support for that
kernel\u2019s non-LTS distro release version, whichever is sooner.<\/p>\n

References<\/p>\n

– CVE-2023-6270
– CVE-2023-7192
– CVE-2024-26642
– CVE-2024-26828
– CVE-2024-26924<\/p>\n","protected":false},"excerpt":{"rendered":"

Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 20.04 LTS– Ubuntu 18.04 LTS– Ubuntu 16.04 ESM– Ubuntu 22.04 LTS– Ubuntu 14.04 ESM Summary Several security issues were fixed in the kernel. Software Description – linux – Linux kernel– linux-aws – Linux kernel for Amazon Web Services (AWS) …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58255","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58255","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58255"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58255\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}