1. Ubuntu Security Notices
  2. USN-6651-2

USN-6651-2: Linux kernel vulnerabilities

Publication date

28 February 2024

Overview

Several security issues were fixed in the Linux kernel.

Releases

Packages

Details

It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)

It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)

Zhenghan Wang discovered that the generic ID allocator implementation in
the Linux kernel did not properly check for null bitmap when releasing IDs.
A local attacker could use this to cause a denial of service (system
crash). (CVE-2023-6915)

Robert...

It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)

It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)

Zhenghan Wang discovered that the generic ID allocator implementation in
the Linux kernel did not properly check for null bitmap when releasing IDs.
A local attacker could use this to cause a denial of service (system
crash). (CVE-2023-6915)

Robert Morris discovered that the CIFS network file system implementation
in the Linux kernel did not properly validate certain server commands
fields, leading to an out-of-bounds read vulnerability. An attacker could
use this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2024-0565)

Jann Horn discovered that the io_uring subsystem in the Linux kernel did
not properly handle the release of certain buffer rings. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2024-0582)

Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2024-0646)

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
23.10 mantic linux-image-6.5.0-21-lowlatency –  6.5.0-21.21.1
linux-image-6.5.0-21-lowlatency-64k –  6.5.0-21.21.1
linux-image-lowlatency –  6.5.0.21.21.15
linux-image-lowlatency-64k –  6.5.0.21.21.15
22.04 jammy linux-image-6.5.0-1015-oem –  6.5.0-1015.16
linux-image-6.5.0-21-lowlatency –  6.5.0-21.21.1~22.04.1
linux-image-6.5.0-21-lowlatency-64k –  6.5.0-21.21.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 –  6.5.0.21.21.1~22.04.7
linux-image-lowlatency-hwe-22.04 –  6.5.0.21.21.1~22.04.7
linux-image-oem-22.04d –  6.5.0.1015.17

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›