Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
172
security advisorydenial of servicebuffer overflowUbuntu 22.04 LTS USN-6516-1 Critical: Kernel Denial of Service Issues
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-6516-1 November 27, 2023 linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-intel-iotg: Linux kernel for Intel IoT platforms - linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms Details: Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. (CVE-2023-25775) Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-31083) Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-3772) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (systemcrash) or possibly execute arbitrary code. (CVE-2023-45871) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.15.0-1045-intel-iotg 5.15.0-1045.51 linux-image-intel-iotg 5.15.0.1045.45 Ubuntu 20.04 LTS: linux-image-5.15.0-1045-intel-iotg 5.15.0-1045.51~20.04.1 linux-image-intel 5.15.0.1045.51~20.04.35 linux-image-intel-iotg 5.15.0.1045.51~20.04.35 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: CVE-2023-25775, CVE-2023-31083, CVE-2023-31085, CVE-2023-3772, CVE-2023-45871 Package Information: https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1045.51 https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1045.51~20.04.1 . Essential update for the Ubuntu community addressing critical kernel fixes and vulnerabilities to combat security threats.. Ubuntu Kernel Update, Intel IoT Vulnerabilities, Security Patch, Code Execution Risks. . Severity: Critical. LinuxSecurity.com Team
Nov 27, 2023
•Critical
Ubuntu
172
security advisorydenial of servicekernel updateUbuntu 22.04 LTS USN-6325-1 Critical: Multiple Kernel Threats
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-6325-1 August 31, 2023 linux-gkeop-5.15, linux-intel-iotg vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-intel-iotg: Linux kernel for Intel IoT platforms - linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems Details: Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-21400) It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3609) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2023-3610) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle table rules flush in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-3777) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle rule additions to bound chains in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-3995) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle PIPAPO element removal, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-4004) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle bound chain deactivation in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-4015) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.15.0-1038-intel-iotg 5.15.0-1038.43 linux-image-intel-iotg 5.15.0.1038.37 Ubuntu 20.04 LTS: linux-image-5.15.0-1026-gkeop 5.15.0-1026.31~20.04.1 linux-image-gkeop-5.15 5.15.0.1026.31~20.04.22 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6325-1 CVE-2022-40982, CVE-2023-20593, CVE-2023-21400, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-4015 Package Information: https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1038.43 https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1026.31~20.04.1 . Discover the newest security patches for Ubuntu targeting critical kernel vulnerabilities impacting multiple versions.. Ubuntu Kernel Issues, Linux Security Update, Denial of Service Fix, Intel IoT Security. . Severity: Critical. LinuxSecurity.com Team
Aug 31, 2023
•Critical
Ubuntu
172
security advisorydenial of servicecode executionUbuntu 22.04 LTS USN-5703-1 Critical: Linux Kernel IoT Threats
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-5703-1 October 26, 2022 linux-intel-iotg vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-intel-iotg: Linux kernel for Intel IoT platforms Details: Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1882) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) Eric Biggers discovered that a use-after-free vulnerability existed in the io_uring subsystem in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3176) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) Jann Horn discovered that the KVM subsystem in the Linux kernel did not properly handle TLB flush operations in some situations. A local attacker in a guest VM could use this to cause a denial of service (guest crash) or possibly execute arbitrary code in the guest kernel. (CVE-2022-39189) Update instructions: The problem can be correctedby updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.15.0-1017-intel-iotg 5.15.0-1017.22 linux-image-intel-iotg 5.15.0.1017.18 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5703-1 CVE-2022-1882, CVE-2022-26373, CVE-2022-3176, CVE-2022-36879, CVE-2022-39189 Package Information: https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1017.22 . Multiple vulnerabilities in the Ubuntu linux-intel-iotg kernel may cause system crashes and allow unauthorized code execution, making timely updates essential. Ubuntu Security, Linux Kernel Updates, IoT Security, System Stability, Denial of Service Risks. . Severity: Critical. LinuxSecurity.com Team
Oct 26, 2022
•Critical
Ubuntu
172
security advisorydenial of servicesystem updateUbuntu 22.04 LTS 5655-1 Moderate: Intel IoT Kernel Denial of Service
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-5655-1 October 04, 2022 linux-intel-iotg vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-intel-iotg: Linux kernel for Intel IoT platforms Details: It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741, CVE-2022-33742) JanBeulich discovered that the Xen network device frontend driver in the Linux kernel incorrectly handled socket buffers (skb) references when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash). (CVE-2022-33743) Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in the Linux kernel on ARM platforms contained a race condition in certain situations. An attacker in a guest VM could use this to cause a denial of service in the host OS. (CVE-2022-33744) It was discovered that the virtio RPMSG bus driver in the Linux kernel contained a double-free vulnerability in certain error conditions. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-34494, CVE-2022-34495) Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter subsystem in the Linux kernel did not properly handle rules that truncated packets below the packet header size. When such rules are in place, a remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-36946) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.15.0-1016-intel-iotg 5.15.0-1016.21 linux-image-intel-iotg 5.15.0.1016.17 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5655-1 CVE-2021-33655, CVE-2022-2318, CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742, CVE-2022-33743, CVE-2022-33744, CVE-2022-34494, CVE-2022-34495, CVE-2022-36946 Package Information: https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1016.21 . Numerous security flaws within Ubuntu's Intel IoT kernel have been patched; make sure you upgrade promptly to maintain your security!. Ubuntu Kernel Security, Intel IoT Fixes, Kernel Updates. . LinuxSecurity.com Team
Oct 04, 2022
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!