Ubuntu 20.04 LTS USN-6548-2 Critical: Kernel Threat Mitigation Report
Dec 12, 2023
•
LinuxSecurity Advisories
3 - 5 min read
Topics Covered
Several security issues were fixed in the Linux kernel.
========================================================================== Ubuntu Security Notice USN-6548-2 December 12, 2023 linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-raspi: Linux kernel for Raspberry Pi systems - linux-oracle-5.4: Linux kernel for Oracle Cloud systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems Details: It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. (CVE-2023-3006) It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-37453) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-39189) Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did not properly validate u32 packets content, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39192) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate SCTP data, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39193) Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel did not properly handle state filters, leading to an out- of-bounds read vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39194) Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers (skb) when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-42754) Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly handle queue initialization failures in certain situations, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5178) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717) It was discovered that the TLS subsystem in the Linux kernel did not properly perform cryptographic operations in some situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6176) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.4.0-1100-raspi 5.4.0-1100.112 linux-image-raspi 5.4.0.1100.130 linux-image-raspi2 5.4.0.1100.130 Ubuntu 18.04 LTS (Available with Ubuntu Pro): linux-image-5.4.0-1100-raspi 5.4.0-1100.112~18.04.1 linux-image-5.4.0-1115-oracle 5.4.0-1115.124~18.04.1 linux-image-oracle 5.4.0.1115.124~18.04.87 linux-image-raspi-hwe-18.04 5.4.0.1100.97 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6548-2 https://ubuntu.com/security/notices/USN-6548-1 CVE-2023-3006, CVE-2023-37453, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-5178, CVE-2023-5717, CVE-2023-6176 Package Information: https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1100.112
PREVIOUS
NEXT
Ubuntu 20.04 LTS USN-6548-2 Critical: Kernel Threat Mitigation Report
ubuntu
December 12, 2023
Several security issues were fixed in the Linux kernel.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-raspi: Linux kernel for Raspberry Pi systems - linux-oracle-5.4: Linux kernel for Oracle Cloud systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems Details: It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. (CVE-2023-3006) It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-37453) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly...
Read the Full Advisory
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.4.0-1100-raspi 5.4.0-1100.112 linux-image-raspi 5.4.0.1100.130 linux-image-raspi2 5.4.0.1100.130 Ubuntu 18.04 LTS (Available with Ubuntu Pro): linux-image-5.4.0-1100-raspi 5.4.0-1100.112~18.04.1 linux-image-5.4.0-1115-oracle 5.4.0-1115.124~18.04.1 linux-image-oracle 5.4.0.1115.124~18.04.87 linux-image-raspi-hwe-18.04 5.4.0.1100.97 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References
https://ubuntu.com/security/notices/USN-6548-2
https://ubuntu.com/security/notices/USN-6548-1
CVE-2023-3006, CVE-2023-37453, CVE-2023-39189, CVE-2023-39192,
CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-5178,
CVE-2023-5717, CVE-2023-6176
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-6548-2
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1100.112
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!