Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisorysystem updateubuntuUbuntu 23.10 & 22.04 LTS USN-6872-2: Kernel Security Updates
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-6872-2 July 04, 2024 linux-lowlatency, linux-lowlatency-hwe-6.5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-lowlatency: Linux low latency kernel - linux-lowlatency-hwe-6.5: Linux low latency kernel Details: Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystem: - Netfilter; (CVE-2024-26809, CVE-2024-26643, CVE-2024-26925, CVE-2024-26924) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10 linux-image-6.5.0-42-lowlatency 6.5.0-42.42.1 linux-image-6.5.0-42-lowlatency-64k 6.5.0-42.42.1 linux-image-lowlatency 6.5.0.42.42.1 linux-image-lowlatency-64k 6.5.0.42.42.1 Ubuntu 22.04 LTS linux-image-6.5.0-42-lowlatency 6.5.0-42.42.1~22.04.1 linux-image-6.5.0-42-lowlatency-64k 6.5.0-42.42.1~22.04.1 linux-image-lowlatency-64k-hwe-22.04 6.5.0.42.42.1~22.04.1 linux-image-lowlatency-hwe-22.04 6.5.0.42.42.1~22.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this aswell. References: https://ubuntu.com/security/notices/USN-6872-2 https://ubuntu.com/security/notices/USN-6872-1 CVE-2024-26643, CVE-2024-26809, CVE-2024-26924, CVE-2024-26925 Package Information: https://launchpad.net/ubuntu/+source/linux-lowlatency/6.5.0-42.42.1 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.5/6.5.0-42.42.1~22.04.1 . Ubuntu Security Notice USN-6874-3 addresses vulnerabilities in the kernel impacting various Ubuntu releases.. Kernel Security Update, Ubuntu Security Notice, Linux Lowlatency, Security Patches. . Severity: Critical. LinuxSecurity.com Team
Jul 04, 2024
•Critical
Ubuntu
172
security advisorydenial of servicekernel updateUbuntu 23.10 & 22.04 LTS USN-6651-2 Critical: Low Latency Kernel Threats
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-6651-2 February 28, 2024 linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-lowlatency: Linux low latency kernel - linux-lowlatency-hwe-6.5: Linux low latency kernel - linux-oem-6.5: Linux kernel for OEM systems Details: It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51780) It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-6915) Robert Morris discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain server commands fields, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-0565) Jann Horn discovered that the io_uring subsystem in the Linux kernel did not properly handle the release of certain buffer rings. A local attacker could use this tocause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-0582) Jann Horn discovered that the TLS subsystem in the Linux kernel did not properly handle spliced messages, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-0646) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: linux-image-6.5.0-21-lowlatency 6.5.0-21.21.1 linux-image-6.5.0-21-lowlatency-64k 6.5.0-21.21.1 linux-image-lowlatency 6.5.0.21.21.15 linux-image-lowlatency-64k 6.5.0.21.21.15 Ubuntu 22.04 LTS: linux-image-6.5.0-1015-oem 6.5.0-1015.16 linux-image-6.5.0-21-lowlatency 6.5.0-21.21.1~22.04.1 linux-image-6.5.0-21-lowlatency-64k 6.5.0-21.21.1~22.04.1 linux-image-lowlatency-64k-hwe-22.04 6.5.0.21.21.1~22.04.7 linux-image-lowlatency-hwe-22.04 6.5.0.21.21.1~22.04.7 linux-image-oem-22.04d 6.5.0.1015.17 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6651-2 https://ubuntu.com/security/notices/USN-6651-1 CVE-2023-51780, CVE-2023-51781, CVE-2023-6915, CVE-2024-0565, CVE-2024-0582, CVE-2024-0646 Package Information: https://launchpad.net/ubuntu/+source/linux-lowlatency/6.5.0-21.21.1 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.5/6.5.0-21.21.1~22.04.1 https://launchpad.net/ubuntu/+source/linux-oem-6.5/6.5.0-1015.16 . Several vulnerabilities addressed in the low latency kernel updates for Ubuntu. Urgent measures needed to safeguard against system failures and security breaches.. Ubuntu Kernel Security, Low Latency Exploit Patches, System Crash Prevention. . Severity: Critical. LinuxSecurity.com Team
Feb 28, 2024
•Critical
Ubuntu
172
security advisorydenial of servicekernel patchUbuntu 22.04 LTS: USN-6549-3 Critical: Kernel Crash Issues
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-6549-3 December 13, 2023 linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-lowlatency: Linux low latency kernel - linux-lowlatency-hwe-5.15: Linux low latency kernel Details: It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-37453) Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3773) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-39189) Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did not properly validate u32 packets content, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39192) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate SCTP data, leading to an out-of-boundsread vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39193) Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel did not properly handle state filters, leading to an out- of-bounds read vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39194) It was discovered that a race condition existed in QXL virtual GPU driver in the Linux kernel, leading to a use after free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-39198) Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers (skb) when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-42754) Jason Wang discovered that the virtio ring implementation in the Linux kernel did not properly handle iov buffers in some situations. A local attacker in a guest VM could use this to cause a denial of service (host system crash). (CVE-2023-5158) Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly handle queue initialization failures in certain situations, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5178) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717) Update instructions: The problem can be corrected by updating your system tothe following package versions: Ubuntu 22.04 LTS: linux-image-5.15.0-91-lowlatency 5.15.0-91.101 linux-image-5.15.0-91-lowlatency-64k 5.15.0-91.101 linux-image-lowlatency 5.15.0.91.92 linux-image-lowlatency-64k 5.15.0.91.92 Ubuntu 20.04 LTS: linux-image-5.15.0-91-lowlatency 5.15.0-91.101~20.04.1 linux-image-5.15.0-91-lowlatency-64k 5.15.0-91.101~20.04.1 linux-image-lowlatency-64k-hwe-20.04 5.15.0.91.101~20.04.45 linux-image-lowlatency-hwe-20.04 5.15.0.91.101~20.04.45 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6549-3 https://ubuntu.com/security/notices/USN-6549-1 CVE-2023-37453, CVE-2023-3773, CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-42754, CVE-2023-5158, CVE-2023-5178, CVE-2023-5717 Package Information: https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-91.101 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-91.101~20.04.1 . Ubuntu Security Update USN-6549-3 addresses multiple low latency kernel weaknesses that impact both system performance and security.. Kernel Security Patches, Ubuntu Updates, Low Latency Kernel, System Security Advisory. . Severity: Critical. LinuxSecurity.com Team
Dec 13, 2023
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!