1. Ubuntu Security Notices
  2. USN-6725-1

USN-6725-1: Linux kernel vulnerabilities

Publication date

9 April 2024

Overview

Several security issues were fixed in the Linux kernel.

Releases

Packages

Details

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate certain data structure fields when parsing lease
contexts, leading to an out-of-bounds read vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2023-1194)

Quentin Minster discovered that a race condition existed in the KSMBD
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A remote attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-32254)

It was discovered that a race condition existed in the KSMBD implementation
in the Linux kernel when handling session connections, leading to a use-
after-free vulnerability. A remote attacker could use this to cause a
denial of service...

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate certain data structure fields when parsing lease
contexts, leading to an out-of-bounds read vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2023-1194)

Quentin Minster discovered that a race condition existed in the KSMBD
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A remote attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-32254)

It was discovered that a race condition existed in the KSMBD implementation
in the Linux kernel when handling session connections, leading to a use-
after-free vulnerability. A remote attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-32258)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly validate buffer sizes in certain operations, leading to an integer
underflow and out-of-bounds read vulnerability. A remote attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2023-38427)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate SMB request protocol IDs, leading to a out-of-
bounds read vulnerability. A remote attacker could possibly use this to
cause a denial of service (system crash). (CVE-2023-38430)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate packet header sizes in certain situations,
leading to an out-of-bounds read vulnerability. A remote attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2023-38431)

It was discovered that the KSMBD implementation in the Linux kernel did not
properly handle session setup requests, leading to an out-of-bounds read
vulnerability. A remote attacker could use this to expose sensitive
information. (CVE-2023-3867)

Pratyush Yadav discovered that the Xen network backend implementation in
the Linux kernel did not properly handle zero length data request, leading
to a null pointer dereference vulnerability. An attacker in a guest VM
could possibly use this to cause a denial of service (host domain crash).
(CVE-2023-46838)

It was discovered that the IPv6 implementation of the Linux kernel did not
properly manage route cache memory usage. A remote attacker could use this
to cause a denial of service (memory exhaustion). (CVE-2023-52340)

It was discovered that the device mapper driver in the Linux kernel did not
properly validate target size during certain memory allocations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-52429, CVE-2024-23851)

Yang Chaoming discovered that the KSMBD implementation in the Linux kernel
did not properly validate request buffer sizes, leading to an out-of-bounds
read vulnerability. An attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2024-22705)

Chenyuan Yang discovered that the btrfs file system in the Linux kernel did
not properly handle read operations on newly created subvolumes in certain
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-23850)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

  • Architecture specifics;
  • Block layer;
  • Cryptographic API;
  • Android drivers;
  • EDAC drivers;
  • GPU drivers;
  • Media drivers;
  • Multifunction device drivers;
  • MTD block device drivers;
  • Network drivers;
  • NVME drivers;
  • TTY drivers;
  • Userspace I/O drivers;
  • EFI Variable file system;
  • F2FS file system;
  • GFS2 file system;
  • SMB network file system;
  • BPF subsystem;
  • IPv6 Networking;
  • Network Traffic Control;
  • AppArmor security module

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
22.04 jammy linux-image-5.15.0-102-generic –  5.15.0-102.112
linux-image-5.15.0-102-generic-64k –  5.15.0-102.112
linux-image-5.15.0-102-generic-lpae –  5.15.0-102.112
linux-image-5.15.0-102-lowlatency –  5.15.0-102.112
linux-image-5.15.0-102-lowlatency-64k –  5.15.0-102.112
linux-image-5.15.0-1040-gkeop –  5.15.0-1040.46
linux-image-5.15.0-1048-nvidia –  5.15.0-1048.48
linux-image-5.15.0-1048-nvidia-lowlatency –  5.15.0-1048.48
linux-image-5.15.0-1050-ibm –  5.15.0-1050.53
linux-image-5.15.0-1050-raspi –  5.15.0-1050.53
linux-image-5.15.0-1052-intel-iotg –  5.15.0-1052.58
linux-image-5.15.0-1054-gke –  5.15.0-1054.59
linux-image-5.15.0-1054-kvm –  5.15.0-1054.59
linux-image-5.15.0-1055-gcp –  5.15.0-1055.63
linux-image-5.15.0-1055-oracle –  5.15.0-1055.61
linux-image-5.15.0-1060-azure –  5.15.0-1060.69
linux-image-5.15.0-1060-azure-fde –  5.15.0-1060.69.1
linux-image-azure-fde-lts-22.04 –  5.15.0.1060.69.38
linux-image-azure-lts-22.04 –  5.15.0.1060.58
linux-image-gcp-lts-22.04 –  5.15.0.1055.51
linux-image-generic –  5.15.0.102.99
linux-image-generic-64k –  5.15.0.102.99
linux-image-generic-lpae –  5.15.0.102.99
linux-image-gke –  5.15.0.1054.53
linux-image-gke-5.15 –  5.15.0.1054.53
linux-image-gkeop –  5.15.0.1040.39
linux-image-gkeop-5.15 –  5.15.0.1040.39
linux-image-ibm –  5.15.0.1050.46
linux-image-intel-iotg –  5.15.0.1052.52
linux-image-kvm –  5.15.0.1054.50
linux-image-lowlatency –  5.15.0.102.98
linux-image-lowlatency-64k –  5.15.0.102.98
linux-image-nvidia –  5.15.0.1048.48
linux-image-nvidia-lowlatency –  5.15.0.1048.48
linux-image-oracle-lts-22.04 –  5.15.0.1055.51
linux-image-raspi –  5.15.0.1050.48
linux-image-raspi-nolpae –  5.15.0.1050.48
linux-image-virtual –  5.15.0.102.99
20.04 focal linux-image-5.15.0-102-generic –  5.15.0-102.112~20.04.1
linux-image-5.15.0-102-generic-64k –  5.15.0-102.112~20.04.1
linux-image-5.15.0-102-generic-lpae –  5.15.0-102.112~20.04.1
linux-image-5.15.0-102-lowlatency –  5.15.0-102.112~20.04.1
linux-image-5.15.0-102-lowlatency-64k –  5.15.0-102.112~20.04.1
linux-image-5.15.0-1040-gkeop –  5.15.0-1040.46~20.04.1
linux-image-5.15.0-1050-ibm –  5.15.0-1050.53~20.04.1
linux-image-5.15.0-1052-intel-iotg –  5.15.0-1052.58~20.04.1
linux-image-5.15.0-1055-gcp –  5.15.0-1055.63~20.04.1
linux-image-5.15.0-1055-oracle –  5.15.0-1055.61~20.04.1
linux-image-5.15.0-1060-azure –  5.15.0-1060.69~20.04.1
linux-image-5.15.0-1060-azure-fde –  5.15.0-1060.69~20.04.1.1
linux-image-azure –  5.15.0.1060.69~20.04.1
linux-image-azure-cvm –  5.15.0.1060.69~20.04.1
linux-image-azure-fde –  5.15.0.1060.69~20.04.1.39
linux-image-gcp –  5.15.0.1055.63~20.04.1
linux-image-generic-64k-hwe-20.04 –  5.15.0.102.112~20.04.1
linux-image-generic-hwe-20.04 –  5.15.0.102.112~20.04.1
linux-image-generic-lpae-hwe-20.04 –  5.15.0.102.112~20.04.1
linux-image-gkeop-5.15 –  5.15.0.1040.46~20.04.36
linux-image-ibm –  5.15.0.1050.53~20.04.1
linux-image-intel –  5.15.0.1052.58~20.04.1
linux-image-intel-iotg –  5.15.0.1052.58~20.04.1
linux-image-lowlatency-64k-hwe-20.04 –  5.15.0.102.112~20.04.1
linux-image-lowlatency-hwe-20.04 –  5.15.0.102.112~20.04.1
linux-image-oem-20.04 –  5.15.0.102.112~20.04.1
linux-image-oem-20.04b –  5.15.0.102.112~20.04.1
linux-image-oem-20.04c –  5.15.0.102.112~20.04.1
linux-image-oem-20.04d –  5.15.0.102.112~20.04.1
linux-image-oracle –  5.15.0.1055.61~20.04.1
linux-image-virtual-hwe-20.04 –  5.15.0.102.112~20.04.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

id="usn"

Have additional questions?

Talk to a member of the team ›