1. Ubuntu Security Notices
  2. LSN-0102-1

LSN-0102-1: Kernel Live Patch Security Notice

Publication date

3 April 2024

Overview

Several security issues were fixed in the kernel.

Releases

Software description

  • aws – Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 4.15.0-1119, >= 4.15.0-1159, >= 5.4.0-1009, >= 5.4.0-1061, >= 5.15.0-1000, >= 4.4.0-1098, >= 4.4.0-1129, >= 4.4.0-1159)
  • aws-5.15 – Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
  • aws-5.4 – Linux kernel for Amazon Web Services (AWS) systems - (>= 5.4.0-1069)
  • aws-6.5 – Linux kernel for Amazon Web Services (AWS) systems - (>= 6.5.0-1007)
  • aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems - (>= 4.15.0-1126)
  • azure – Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 5.15.0-1000, >= 4.15.0-1063, >= 4.15.0-1078, >= 4.15.0-1114)
  • azure-4.15 – Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1115, >= 4.15.0-1168)
  • azure-5.4 – Linux kernel for Microsoft Azure cloud systems - (>= 5.4.0-1069)
  • azure-6.5 – Linux kernel for Microsoft Azure cloud systems - (>= 6.5.0-1000)
  • gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009, >= 5.15.0-1000, >= 4.15.0-1118)
  • aws – Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 4.15.0-1119, >= 4.15.0-1159, >= 5.4.0-1009, >= 5.4.0-1061, >= 5.15.0-1000, >= 4.4.0-1098, >= 4.4.0-1129, >= 4.4.0-1159)
  • aws-5.15 – Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
  • aws-5.4 – Linux kernel for Amazon Web Services (AWS) systems - (>= 5.4.0-1069)
  • aws-6.5 – Linux kernel for Amazon Web Services (AWS) systems - (>= 6.5.0-1007)
  • aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems - (>= 4.15.0-1126)
  • azure – Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 5.15.0-1000, >= 4.15.0-1063, >= 4.15.0-1078, >= 4.15.0-1114)
  • azure-4.15 – Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1115, >= 4.15.0-1168)
  • azure-5.4 – Linux kernel for Microsoft Azure cloud systems - (>= 5.4.0-1069)
  • azure-6.5 – Linux kernel for Microsoft Azure cloud systems - (>= 6.5.0-1000)
  • gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009, >= 5.15.0-1000, >= 4.15.0-1118)
  • gcp-4.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 4.15.0-1154, >= 4.15.0-1121)
  • gcp-5.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000)
  • gcp-5.4 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1069)
  • gcp-6.5 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 6.5.0-1000)
  • generic-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-214, >= 4.15.0-143, >= 4.15.0-143, >= 4.15.0-69)
  • generic-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-211, >= 4.4.0-243, >= 4.4.0-168)
  • generic-5.15 – Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
  • generic-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-150, >= 5.4.0-26)
  • gke – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033, >= 5.15.0-1000)
  • gke-5.15 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.15.0-1000)
  • gkeop – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • hwe-6.5 – Linux hardware enablement (HWE) kernel - (>= 6.5.0-5)
  • ibm – Linux kernel for IBM cloud systems - (>= 5.4.0-1009, >= 5.15.0-1000)
  • ibm-5.15 – Linux kernel for IBM cloud systems - (>= 5.15.0-1000)
  • linux – Linux kernel - (>= 5.15.0-71, >= 5.15.0-24)
  • lowlatency – Linux low latency kernel - (>= 5.15.0-25)
  • lowlatency-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-214, >= 4.15.0-143, >= 4.15.0-143, >= 4.15.0-69)
  • lowlatency-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-211, >= 4.4.0-243, >= 4.4.0-168)
  • lowlatency-5.15 – Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
  • lowlatency-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-150, >= 5.4.0-26)

Details

It was discovered that a race condition existed in the io_uring subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.(CVE-2023-1872)

Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory).(CVE-2023-4569)

It was discovered that the TLS subsystem in the Linux kernel did not
properly perform cryptographic operations in some situations, leading to a
null pointer dereference vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code.(CVE-2023-6176)

It...

It was discovered that a race condition existed in the io_uring subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.(CVE-2023-1872)

Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory).(CVE-2023-4569)

It was discovered that the TLS subsystem in the Linux kernel did not
properly perform cryptographic operations in some situations, leading to a
null pointer dereference vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code.(CVE-2023-6176)

It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-51781)

Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2024-0646)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.(CVE-2024-1086)

Checking update status

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status

The problem can be corrected in these Livepatch versions:

Kernel type 22.04 20.04 18.04 16.04 14.04
aws 102.1 102.1 102.1 102.1
aws-5.15 102.1
aws-5.4 102.1
aws-6.5 102.1
aws-hwe 102.1
azure 102.1 102.1 102.1
azure-4.15 102.1
azure-5.4 102.1
azure-6.5 102.1
gcp 102.1 102.1 102.1
gcp-4.15 102.1
gcp-5.15 102.1
gcp-5.4 102.1
gcp-6.5 102.1
generic-4.15 102.1 102.1
generic-4.4 102.1 102.1
generic-5.15 102.1
generic-5.4 102.1 102.1
gke 102.1 102.1
gke-5.15 102.1
gkeop 102.1
hwe-6.5 102.1
ibm 102.1 102.1
ibm-5.15 102.1
linux 102.1
lowlatency 102.1
lowlatency-4.15 102.1 102.1
lowlatency-4.4 102.1 102.1
lowlatency-5.15 102.1
lowlatency-5.4 102.1 102.1

References

Have additional questions?

Talk to a member of the team ›