Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
172
security advisorydenial of servicekernel updateUbuntu 18.04 LTS: USN-7428-1 critical: Kernel Update for Access Flaws
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-7428-1 April 09, 2025 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe: Linux hardware enablement (HWE) kernel Details: Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest. (CVE-2022-23041) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - HID subsystem; - Network drivers; - Mellanox network drivers; - SCSI subsystem; - SuperH / SH-Mobile drivers; - File systems infrastructure; - Ext4 file system; - JFS file system; - IP tunnels definitions; - Network namespace; - BPFsubsystem; - Networking core; - HSR network protocol; - IPv4 networking; - IPv6 networking; - Network traffic control; (CVE-2024-56615, CVE-2024-56600, CVE-2025-21700, CVE-2024-56658, CVE-2024-35960, CVE-2024-50265, CVE-2025-21702, CVE-2024-53227, CVE-2024-53165, CVE-2024-50167, CVE-2024-26863, CVE-2024-35973, CVE-2024-46826, CVE-2021-47119, CVE-2024-50302, CVE-2024-49952, CVE-2021-47101, CVE-2024-49948, CVE-2024-56595) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS linux-image-4.15.0-1141-oracle 4.15.0-1141.152 Available with Ubuntu Pro linux-image-4.15.0-1162-kvm 4.15.0-1162.167 Available with Ubuntu Pro linux-image-4.15.0-1172-gcp 4.15.0-1172.189 Available with Ubuntu Pro linux-image-4.15.0-1179-aws 4.15.0-1179.192 Available with Ubuntu Pro linux-image-4.15.0-1187-azure 4.15.0-1187.202 Available with Ubuntu Pro linux-image-4.15.0-236-generic 4.15.0-236.248 Available with Ubuntu Pro linux-image-4.15.0-236-lowlatency 4.15.0-236.248 Available with Ubuntu Pro linux-image-aws-lts-18.04 4.15.0.1179.177 Available with Ubuntu Pro linux-image-azure-lts-18.04 4.15.0.1187.155 Available with Ubuntu Pro linux-image-gcp-lts-18.04 4.15.0.1172.185 Available with Ubuntu Pro linux-image-generic 4.15.0.236.220 Available with Ubuntu Pro linux-image-kvm 4.15.0.1162.153 Available with Ubuntu Pro linux-image-lowlatency 4.15.0.236.220 Available with Ubuntu Pro linux-image-oracle-lts-18.04 4.15.0.1141.146 Available with Ubuntu Pro linux-image-virtual 4.15.0.236.220 Available with Ubuntu Pro Ubuntu 16.04 LTS linux-image-4.15.0-1141-oracle 4.15.0-1141.152~16.04.1 Available with Ubuntu Pro linux-image-4.15.0-1172-gcp 4.15.0-1172.189~16.04.1 Available with Ubuntu Pro linux-image-4.15.0-1179-aws 4.15.0-1179.192~16.04.1 Available with Ubuntu Pro linux-image-4.15.0-1187-azure 4.15.0-1187.202~16.04.1 Available with Ubuntu Pro linux-image-4.15.0-236-generic 4.15.0-236.248~16.04.1 Available with Ubuntu Pro linux-image-4.15.0-236-lowlatency 4.15.0-236.248~16.04.1 Available with Ubuntu Pro linux-image-aws-hwe 4.15.0.1179.192~16.04.1 Available with Ubuntu Pro linux-image-azure 4.15.0.1187.202~16.04.1 Available with Ubuntu Pro linux-image-gcp 4.15.0.1172.189~16.04.1 Available with Ubuntu Pro linux-image-generic-hwe-16.04 4.15.0.236.248~16.04.1 Available with Ubuntu Pro linux-image-gke 4.15.0.1172.189~16.04.1 Available with Ubuntu Pro linux-image-lowlatency-hwe-16.04 4.15.0.236.248~16.04.1 Available with Ubuntu Pro linux-image-oem 4.15.0.236.248~16.04.1 Available with Ubuntu Pro linux-image-oracle 4.15.0.1141.152~16.04.1 Available with Ubuntu Pro linux-image-virtual-hwe-16.04 4.15.0.236.248~16.04.1 Available with Ubuntu Pro Ubuntu 14.04 LTS linux-image-4.15.0-1187-azure 4.15.0-1187.202~14.04.1 Available with Ubuntu Pro linux-image-azure 4.15.0.1187.202~14.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7428-1 CVE-2021-47101, CVE-2021-47119, CVE-2022-23041, CVE-2024-26863, CVE-2024-35960, CVE-2024-35973, CVE-2024-46826, CVE-2024-49948, CVE-2024-49952, CVE-2024-50167, CVE-2024-50265, CVE-2024-50302, CVE-2024-53165, CVE-2024-53227, CVE-2024-56595, CVE-2024-56600, CVE-2024-56615, CVE-2024-56658, CVE-2025-21700, CVE-2025-21702 . The Ubuntu security announcement includes steps for a kernel upgrade designed to resolve various security flaws and enhance system integrity.. Linux Kernel Update, Ubuntu Security, Cloud Systems Kernel, Memory Access Threats, Denial of Service Fix. . Severity: Critical. LinuxSecurity.com Team
Apr 09, 2025
•Critical
Ubuntu
172
security advisorykernel updateremote accessUbuntu 20.04 LTS USN-7294-4 serious: kernel security flaws
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-7294-4 March 03, 2025 linux-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-kvm: Linux kernel for cloud environments Details: Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - ACPI drivers; - Drivers core; - ATA over ethernet (AOE) driver; - TPM device driver; - GPIO subsystem; - GPU drivers; - HID subsystem; - I2C subsystem; - InfiniBand drivers; - Mailbox framework; - Multiple devices driver; - Media drivers; - Network drivers; - NTB driver; - Virtio pmem driver; - Parport drivers; - PCI subsystem; - SPI subsystem; - Direct Digital Synthesis drivers; - USB Device Class drivers; - USB Dual Role (OTG-ready) Controller drivers; - USB Serial drivers; - USB Type-C support driver; - Framebuffer layer; - BTRFS file system; - Ceph distributed file system; - Ext4 file system; - F2FS file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NILFS2 file system; - SMB network file system; - Network traffic control; - Network sockets; - TCP network protocol; - BPF subsystem; - Perf events; - Arbitrary resource management; - Timer substystem drivers; - Tracing infrastructure; - Closures library; - Memory management; - Amateur Radio drivers; - Bluetooth subsystem; - Ethernet bridge; - CAN network layer; - Networking core; - IPv4 networking; - IPv6 networking; -MAC80211 subsystem; - Netfilter; - Netlink; - SCTP protocol; - TIPC protocol; - Wireless networking; - XFRM subsystem; - Key management; - FireWire sound drivers; - AudioScience HPI driver; - Amlogic Meson SoC drivers; - KVM core; (CVE-2024-47672, CVE-2024-50273, CVE-2024-49896, CVE-2024-49962, CVE-2024-50007, CVE-2024-47706, CVE-2024-50302, CVE-2024-50299, CVE-2024-49959, CVE-2024-49973, CVE-2024-47674, CVE-2024-50143, CVE-2024-50278, CVE-2024-50184, CVE-2024-49892, CVE-2024-50044, CVE-2024-47701, CVE-2024-49860, CVE-2024-47692, CVE-2024-49948, CVE-2024-50039, CVE-2024-50006, CVE-2024-53066, CVE-2024-49944, CVE-2024-43863, CVE-2024-47756, CVE-2024-50082, CVE-2024-50237, CVE-2024-50262, CVE-2024-49900, CVE-2024-50059, CVE-2024-50194, CVE-2024-53063, CVE-2024-47697, CVE-2024-49975, CVE-2024-50033, CVE-2024-50148, CVE-2024-50116, CVE-2024-50168, CVE-2024-47747, CVE-2024-53104, CVE-2024-50218, CVE-2024-50279, CVE-2024-46853, CVE-2024-46854, CVE-2024-50127, CVE-2024-49995, CVE-2024-50282, CVE-2024-47685, CVE-2024-50296, CVE-2024-50099, CVE-2024-50199, CVE-2024-49879, CVE-2024-50287, CVE-2024-50265, CVE-2024-50269, CVE-2024-47698, CVE-2024-49868, CVE-2024-50035, CVE-2024-47709, CVE-2024-50024, CVE-2024-50301, CVE-2024-50142, CVE-2024-53059, CVE-2024-50008, CVE-2024-49997, CVE-2024-46849, CVE-2024-50290, CVE-2024-40953, CVE-2024-49985, CVE-2024-47737, CVE-2024-49883, CVE-2024-50040, CVE-2024-49958, CVE-2024-50205, CVE-2024-47723, CVE-2024-50180, CVE-2024-50229, CVE-2024-50131, CVE-2024-47713, CVE-2024-49963, CVE-2024-44931, CVE-2024-47742, CVE-2024-49903, CVE-2024-49949, CVE-2024-47684, CVE-2024-35896, CVE-2024-41016, CVE-2024-49955, CVE-2024-50134, CVE-2024-49938, CVE-2024-49877, CVE-2024-49981, CVE-2024-50234, CVE-2024-50096, CVE-2024-49952, CVE-2024-49957, CVE-2024-49982, CVE-2024-47710, CVE-2024-53061, CVE-2024-50267, CVE-2024-47712, CVE-2024-50195, CVE-2024-50236, CVE-2024-47749, CVE-2024-47757, CVE-2024-49894, CVE-2024-50179, CVE-2024-42252, CVE-2024-49851, CVE-2024-53101,CVE-2024-38544, CVE-2024-50117, CVE-2023-52917, CVE-2024-50045, CVE-2024-40911, CVE-2024-49882, CVE-2024-49867, CVE-2024-50202, CVE-2024-49878, CVE-2024-50251, CVE-2024-50151, CVE-2024-50171, CVE-2024-47740, CVE-2024-49965, CVE-2023-52458, CVE-2024-50233, CVE-2024-40965, CVE-2024-49924, CVE-2024-50167, CVE-2024-47670, CVE-2021-47469, CVE-2024-35887, CVE-2024-50074, CVE-2024-46731, CVE-2024-47671, CVE-2024-41066, CVE-2024-49966, CVE-2024-50150, CVE-2024-50230, CVE-2024-47696, CVE-2024-47699, CVE-2024-47679, CVE-2024-49902) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS linux-image-5.4.0-1127-kvm 5.4.0-1127.136 linux-image-kvm 5.4.0.1127.123 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7294-4 https://ubuntu.com/security/notices/USN-7294-3 https://ubuntu.com/security/notices/USN-7294-2 https://ubuntu.com/security/notices/USN-7294-1 CVE-2021-47469, CVE-2023-52458, CVE-2023-52917, CVE-2024-35887, CVE-2024-35896, CVE-2024-38544, CVE-2024-40911, CVE-2024-40953, CVE-2024-40965, CVE-2024-41016, CVE-2024-41066, CVE-2024-42252, CVE-2024-43863, CVE-2024-44931, CVE-2024-46731, CVE-2024-46849, CVE-2024-46853, CVE-2024-46854, CVE-2024-47670, CVE-2024-47671, CVE-2024-47672, CVE-2024-47674, CVE-2024-47679, CVE-2024-47684, CVE-2024-47685, CVE-2024-47692, CVE-2024-47696, CVE-2024-47697, CVE-2024-47698, CVE-2024-47699, CVE-2024-47701, CVE-2024-47706, CVE-2024-47709, CVE-2024-47710,CVE-2024-47712, CVE-2024-47713, CVE-2024-47723, CVE-2024-47737, CVE-2024-47740, CVE-2024-47742, CVE-2024-47747, CVE-2024-47749, CVE-2024-47756, CVE-2024-47757, CVE-2024-49851, CVE-2024-49860, CVE-2024-49867, CVE-2024-49868, CVE-2024-49877, CVE-2024-49878, CVE-2024-49879, CVE-2024-49882, CVE-2024-49883, CVE-2024-49892, CVE-2024-49894, CVE-2024-49896, CVE-2024-49900, CVE-2024-49902, CVE-2024-49903, CVE-2024-49924, CVE-2024-49938, CVE-2024-49944, CVE-2024-49948, CVE-2024-49949, CVE-2024-49952, CVE-2024-49955, CVE-2024-49957, CVE-2024-49958, CVE-2024-49959, CVE-2024-49962, CVE-2024-49963, CVE-2024-49965, CVE-2024-49966, CVE-2024-49973, CVE-2024-49975, CVE-2024-49981, CVE-2024-49982, CVE-2024-49985, CVE-2024-49995, CVE-2024-49997, CVE-2024-50006, CVE-2024-50007, CVE-2024-50008, CVE-2024-50024, CVE-2024-50033, CVE-2024-50035, CVE-2024-50039, CVE-2024-50040, CVE-2024-50044, CVE-2024-50045, CVE-2024-50059, CVE-2024-50074, CVE-2024-50082, CVE-2024-50096, CVE-2024-50099, CVE-2024-50116, CVE-2024-50117, CVE-2024-50127, CVE-2024-50131, CVE-2024-50134, CVE-2024-50142, CVE-2024-50143, CVE-2024-50148, CVE-2024-50150, CVE-2024-50151, CVE-2024-50167, CVE-2024-50168, CVE-2024-50171, CVE-2024-50179, CVE-2024-50180, CVE-2024-50184, CVE-2024-50194, CVE-2024-50195, CVE-2024-50199, CVE-2024-50202, CVE-2024-50205, CVE-2024-50218, CVE-2024-50229, CVE-2024-50230, CVE-2024-50233, CVE-2024-50234, CVE-2024-50236, CVE-2024-50237, CVE-2024-50251, CVE-2024-50262, CVE-2024-50265, CVE-2024-50267, CVE-2024-50269, CVE-2024-50273, CVE-2024-50278, CVE-2024-50279, CVE-2024-50282, CVE-2024-50287, CVE-2024-50290, CVE-2024-50296, CVE-2024-50299, CVE-2024-50301, CVE-2024-50302, CVE-2024-53059, CVE-2024-53061, CVE-2024-53063, CVE-2024-53066, CVE-2024-53101, CVE-2024-53104 Package Information: https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1127.136 . Ubuntu Security Notice USN-7294-4 addresses crucial kernel vulnerabilities impacting cloud infrastructures running on Ubuntu 20.04.. ubuntusecurity advisory, linux kernel update, kvm vulnerabilities, system security patch. . Severity: Important. LinuxSecurity.com Team
Mar 03, 2025
•Important
Ubuntu
172
security advisorydenial of servicecriticalUbuntu 16.04, 14.04 LTS USN-6700-1 critical: Denial Of Service Issues
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-6700-1 March 18, 2024 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-kvm: Linux kernel for cloud environments - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: It was discovered that the Layer 2 Tunneling Protocol (L2TP) implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20567) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-34256) Eric Dumazet discovered that the netfilter subsystem in the Linux kernel did not properly handle DCCP conntrack buffers in certain situations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2023-39197) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-51781) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle the remount operation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0775) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS (Available with Ubuntu Pro): linux-image-4.4.0-1130-kvm 4.4.0-1130.140 linux-image-4.4.0-252-generic 4.4.0-252.286 linux-image-4.4.0-252-lowlatency 4.4.0-252.286 linux-image-generic 4.4.0.252.258 linux-image-generic-lts-xenial 4.4.0.252.258 linux-image-kvm 4.4.0.1130.127 linux-image-lowlatency 4.4.0.252.258 linux-image-lowlatency-lts-xenial 4.4.0.252.258 linux-image-virtual 4.4.0.252.258 linux-image-virtual-lts-xenial 4.4.0.252.258 Ubuntu 14.04 LTS (Available with Ubuntu Pro): linux-image-4.4.0-1129-aws 4.4.0-1129.135 linux-image-4.4.0-252-generic 4.4.0-252.286~14.04.1 linux-image-4.4.0-252-lowlatency 4.4.0-252.286~14.04.1 linux-image-aws 4.4.0.1129.126 linux-image-generic-lts-xenial 4.4.0.252.219 linux-image-lowlatency-lts-xenial 4.4.0.252.219 linux-image-virtual-lts-xenial 4.4.0.252.219 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6700-1 CVE-2022-20567, CVE-2023-34256, CVE-2023-39197, CVE-2023-51781, CVE-2024-0775, CVE-2024-1086, CVE-2024-24855 . Important patches for Ubuntu address multiple kernel security flaws and risks. Safeguard your devices promptly.. Ubuntu Kernel Security, Kernel Exploits, System Updates. . Severity: Critical. LinuxSecurity.com Team
Mar 19, 2024
•Critical
Ubuntu
217
security advisorysecurity updatekernelOracle Linux ELSA-2022-9011 Moderate: Kernel Update and Security Advisory
The following updated rpms for Oracle Linux Cloud Native Environment 1.0 ha= ve been uploaded to the Unbreakable Linux Network: . Oracle Linux Cloud Native Environment Security Advisory ELSA-2022-9011 https://linux.oracle.com/errata/ELSA-2022-9011.html The following updated rpms for Oracle Linux Cloud Native Environment 1.0 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-container-4.14.35-2047.510.5.2.el7.x86_64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates/kernel-uek-container-4.14.35-2047.510.5.2.el7.src.rpm Related CVEs: CVE-2021-0920 CVE-2021-4155 Description of changes: [4.14.35-2047.510.5.2.el7] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33722441] {CVE-2021-4155} [4.14.35-2047.510.5.1.el7] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679805] {CVE-2021-0920} - fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679805] [4.14.35-2047.510.5.el7] - net/rds: RDS connection shutdown stuck after CQ access violation error (aru kolappan) [Orabug: 33585476] - ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33501677] - rds: ib: Ack seq not always received in monotonic increasing order (H=E5kon Bugge) [Orabug: 33620419] - net/rds: Refactor rds_ib_recv_refill_one (Freddy Carrillo) [Orabug: 33265955] - arm64: pcie: Intercept Pensando specific SError (Henry Willard) [Orabug: 33590080] - arm64: pcie: Change bad_mode hook to cap_pciep_access_in_progress() (Henry Willard) [Orabug: 33590080] - arm64: pcie: Remove Pensando SError trapping patch (Henry Willard) [Orabug: 33590080] - take care multiple extents in CoW extent converting (Wengang Wang) [Orabug: 33473949] - net/mlx5e: ethtool, Add support for EEPROM high pages query (Erez Alfasi) [Orabug: 33525560] - ethtool: Add SFF-8436 and SFF-8636 max EEPROM length definitions (Erez Alfasi) [Orabug: 33525560] - net/mlx5: Removeunnecessary prints from mlx5_enter_error_state. (Anand Khoje) [Orabug: 33651549] - uek-rpm: Add _raw_spin_trylock to KABI (John Donnelly) [Orabug: 33651431] - x86/clear_page: add alternative for clear_page_clzero() (Ankur Arora) [Orabug: 33651433] - x86/asm: add clzero based page clearing (Ankur Arora) [Orabug: 33580825] - x86/cpu/amd: enable X86_FEATURE_NT_GOOD on all AMD Zen models (Ankur Arora) [Orabug: 33580825] - x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (Kim Phillips) [Orabug: 33580825] - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33651434] - net/rds: Don't pummel the subnet-manager (Gerd Rausch) [Orabug: 33651436] - uek-rpm: Add smartpqi driver module in ueknano kernel (Somasundaram Krishnasamy) [Orabug: 33651437] - rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33651440] - net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33651444] - RDMA/rxe: Bump up default maximum values used via uverbs (Rao Shoaib) [Orabug: 33651442] _______________________________________________ El-errata mailing list
Jan 10, 2022
Oracle
172
security advisorydenial of servicekernelUbuntu 21.04 USN-4997-2: Critical KVM Kernel Issues and DoS Risks
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-4997-2 June 25, 2021 linux-kvm vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-kvm: Linux kernel for cloud environments Details: USN-4997-1 fixed vulnerabilities in the Linux kernel for Ubuntu 21.04. This update provides the corresponding updates for the Linux KVM kernel for Ubuntu 21.04. Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled certain malformed frames. If a user were tricked into connecting to a malicious server, a physically proximate attacker could use this issue to inject packets. (CVE-2020-24588) Mathy Vanhoef discovered that the Linux kernel’s WiFiimplementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly verify certain fragmented frames. A physically proximate attacker could possibly use this issue to inject or decrypt packets. (CVE-2020-26141) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation accepted plaintext fragments in certain situations. A physically proximate attacker could use this issue to inject packets. (CVE-2020-26145) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147) Or Cohen discovered that the SCTP implementation in the Linux kernel contained a race condition in some situations, leading to a use-after-free condition. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23133) Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134) Manfred Paul discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel contained an out-of-bounds vulnerability. A local attacker could use this issue to execute arbitrary code. (CVE-2021-31440) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-31829) It was discovered that a race condition in the kernel Bluetooth subsystem couldlead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399) It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) It was discovered that an out-of-bounds (OOB) memory access flaw existed in the f2fs module of the Linux kernel. A local attacker could use this issue to cause a denial of service (system crash). (CVE-2021-3506) Mathias Krause discovered that a null pointer dereference existed in the Nitro Enclaves kernel driver of the Linux kernel. A local attacker could use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2021-3543) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: linux-image-5.11.0-1009-kvm 5.11.0-1009.9 linux-image-kvm 5.11.0.1009.9 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-4997-2 https://ubuntu.com/security/notices/USN-4997-1 CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26141, CVE-2020-26145, CVE-2020-26147, CVE-2021-23133, CVE-2021-23134, CVE-2021-31440, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-3506, CVE-2021-3543, CVE-2021-3609 Package Information: https://launchpad.net/ubuntu/+source/linux-kvm/5.11.0-1009.9 . Ubuntu 21.10 is provided with essential patches addressing several kernel flaws impacting system integrity and functionality.. Linux Kernel Exploits, Ubuntu Security Patches, KVM Issues. . Severity: Critical. LinuxSecurity.com Team
Jun 25, 2021
•Critical
Ubuntu
172
security advisoryUbuntumoderate severityUbuntu 18.04 LTS USN-3652-1 Moderate: Spectre Variant 4 Exposure
The system could be made to expose sensitive information.. =========================================================================Ubuntu Security Notice USN-3652-1 May 22, 2018 linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: The system could be made to expose sensitive information. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors Details: Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1008-gcp 4.15.0-1008.8 linux-image-4.15.0-1009-aws 4.15.0-1009.9 linux-image-4.15.0-1010-kvm 4.15.0-1010.10 linux-image-4.15.0-22-generic 4.15.0-22.24 linux-image-4.15.0-22-generic-lpae 4.15.0-22.24 linux-image-4.15.0-22-lowlatency 4.15.0-22.24 linux-image-aws 4.15.0.1009.9 linux-image-azure 4.15.0.1012.12 linux-image-azure-edge 4.15.0.1012.12 linux-image-gcp 4.15.0.1008.10 linux-image-generic 4.15.0.22.23 linux-image-generic-lpae 4.15.0.22.23 linux-image-gke 4.15.0.1008.10 linux-image-kvm 4.15.0.1010.10 linux-image-lowlatency 4.15.0.22.23 linux-image-oem 4.15.0.1006.8 Pleasenote that fully mitigating CVE-2018-3639 (Spectre Variant 4) may require corresponding processor microcode/firmware updates or, in virtual environments, hypervisor updates. On i386 and amd64 architectures, the SSBD feature is required to enable the kernel mitigations. BIOS vendors will be making updates available for Intel processors that implement SSBD and Ubuntu is working with Intel to provide future microcode updates. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu provided corresponding QEMU updates for usersof self-hosted virtual environments in USN 3651-1. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines. References: https://ubuntu.com/security/notices/USN-3652-1 CVE-2018-3639, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4 Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-22.24 https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1009.9 https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1012.12 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1008.8 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1010.10 https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1006.9 . Keep updated about Ubuntu's USN-3652-1 concerning the Linux kernel's information leak vulnerability and required patches.. Kernel Exposure, Ubuntu Security Notice, Linux Vulnerability Alert. . LinuxSecurity.com Team
May 22, 2018
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!