USN-6043-1: Linux kernel vulnerabilities

Publication date

26 April 2023

Overview

Several security issues were fixed in the Linux kernel.


Packages

Details

It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed. (CVE-2023-1829)

It was discovered that the OverlayFS implementation in the Linux kernel did
not properly handle copy up operation in some conditions. A local attacker
could possibly use this to gain elevated privileges. (CVE-2023-0386)

It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed. (CVE-2023-1829)

It was discovered that the OverlayFS implementation in the Linux kernel did
not properly handle copy up operation in some conditions. A local attacker
could possibly use this to gain elevated privileges. (CVE-2023-0386)

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
22.10 kinetic linux-image-5.19.0-41-generic-64k –  5.19.0-41.42
linux-image-virtual –  5.19.0.41.37
linux-image-generic-64k –  5.19.0.41.37
linux-image-aws –  5.19.0.1024.21
linux-image-gcp –  5.19.0.1022.18
linux-image-5.19.0-1022-kvm –  5.19.0-1022.23
linux-image-5.19.0-1025-azure –  5.19.0-1025.28
linux-image-ibm –  5.19.0.1021.18
linux-image-lowlatency-64k –  5.19.0.1023.19
linux-image-5.19.0-1017-raspi –  5.19.0-1017.24
linux-image-5.19.0-1023-lowlatency –  5.19.0-1023.24
linux-image-azure –  5.19.0.1025.20
linux-image-5.19.0-41-generic-lpae –  5.19.0-41.42
linux-image-raspi-nolpae –  5.19.0.1017.16
linux-image-5.19.0-41-generic –  5.19.0-41.42
linux-image-5.19.0-1017-raspi-nolpae –  5.19.0-1017.24
linux-image-5.19.0-1021-ibm –  5.19.0-1021.23
linux-image-5.19.0-1023-lowlatency-64k –  5.19.0-1023.24
linux-image-oracle –  5.19.0.1022.18
linux-image-raspi –  5.19.0.1017.16
linux-image-5.19.0-1022-oracle –  5.19.0-1022.25
linux-image-kvm –  5.19.0.1022.19
linux-image-5.19.0-1024-aws –  5.19.0-1024.25
linux-image-5.19.0-1022-gcp –  5.19.0-1022.24
linux-image-generic-lpae –  5.19.0.41.37
linux-image-generic –  5.19.0.41.37
linux-image-lowlatency –  5.19.0.1023.19
22.04 jammy linux-image-5.19.0-41-generic-64k –  5.19.0-41.42~22.04.1
linux-image-virtual-hwe-22.04 –  5.19.0.41.42~22.04.14
linux-image-5.19.0-41-generic –  5.19.0-41.42~22.04.1
linux-image-generic-64k-hwe-22.04 –  5.19.0.41.42~22.04.14
linux-image-generic-hwe-22.04 –  5.19.0.41.42~22.04.14
linux-image-generic-lpae-hwe-22.04 –  5.19.0.41.42~22.04.14
linux-image-5.19.0-41-generic-lpae –  5.19.0-41.42~22.04.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›