Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
172
security advisorydenial of servicecriticalUbuntu 22.04 LTS USN-6706-1 Critical: Linux Kernel Crash Threat
The system could be made to crash under certain conditions.. ========================================================================== Ubuntu Security Notice USN-6706-1 March 20, 2024 linux-oem-6.1 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: The system could be made to crash under certain conditions. Software Description: - linux-oem-6.1: Linux kernel for OEM systems Details: It was discovered that the Microchip USB Ethernet driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash). Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-6.1.0-1036-oem 6.1.0-1036.36 linux-image-oem-22.04a 6.1.0.1036.37 linux-image-oem-22.04b 6.1.0.1036.37 linux-image-oem-22.04c 6.1.0.1036.37 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6706-1 CVE-2023-6039 Package Information: https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1036.36 . Ubuntu Security Patch USN-6707-2 addresses a critical stability issue linked to linux-oem-6.2 vulnerability impacting Ubuntu 20.04 LTS.. Ubuntu Vulnerability, Linux Kernel Issue,OEM Security Risk. . Severity: Critical. LinuxSecurity.com Team
Mar 20, 2024
•Critical
Ubuntu
172
security advisorydenial of servicebuffer overflowUbuntu 22.04 LTS: USN-5799-1 Critical: Linux Kernel Denial Of Service
The system could be made to crash or run programs as an administrator.. =========================================================================Ubuntu Security Notice USN-5799-1 January 11, 2023 linux-oem-5.17, linux-oem-6.0 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: The system could be made to crash or run programs as an administrator. Software Description: - linux-oem-5.17: Linux kernel for OEM systems - linux-oem-6.0: Linux kernel for OEM systems Details: Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.17.0-1026-oem 5.17.0-1026.27 linux-image-6.0.0-1010-oem 6.0.0-1010.10 linux-image-oem-22.04 5.17.0.1026.24 linux-image-oem-22.04a 5.17.0.1026.24 linux-image-oem-22.04b 6.0.0.1010.10 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5799-1 CVE-2022-4378 Package Information: https://launchpad.net/ubuntu/+source/linux-oem-5.17/5.17.0-1026.27 https://launchpad.net/ubuntu/+source/linux-oem-6.0/6.0.0-1010.10 . Ubuntu Security NoticeUSN-5799-1 reveals a critical kernel vulnerability leading to potential system failures and unauthorized access risks. Ubuntu Security, Linux Kernel Exploit, Denial of Service, Buffer Overflow. . Severity: Critical. LinuxSecurity.com Team
Jan 11, 2023
•Critical
Ubuntu
172
security advisorydenial of serviceaccess controlUbuntu 22.04 LTS Security Advisory USN-5471-1: Kernel Threats and Risks
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-5471-1 June 08, 2022 linux-oem-5.17 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oem-5.17: Linux kernel for OEM systems Details: It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966) It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system) or execute arbitrary code. (CVE-2022-1734) Minh Yuan discovered that the floppy driver in the Linux kernel contained a race condition in some situations, leading to a use-after-free vulnerability. A localattacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1836) Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. A local attacker could use this to cause a denial of service or execute arbitrary code. (CVE-2022-1972) Joseph Ravichandran and Michael Wang discovered that the io_uring subsystem in the Linux kernel did not properly initialize data in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-29968) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.17.0-1011-oem 5.17.0-1011.12 linux-image-oem-22.04 5.17.0.1011.10 linux-image-oem-22.04a 5.17.0.1011.10 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5471-1 CVE-2022-1012, CVE-2022-1205, CVE-2022-1734, CVE-2022-1836, CVE-2022-1966, CVE-2022-1972, CVE-2022-21499, CVE-2022-29968 Package Information: https://launchpad.net/ubuntu/+source/linux-oem-5.17/5.17.0-1011.12 . A series of security patches have been implemented in the Ubuntu 22.04 LTS Linux kernel, resolving various threats related to denial of service and possible unauthorized access concerns.. Linux Kernel Updates, OEM Kernel Fixes, Ubuntu Security Issues. . Severity: Critical. LinuxSecurity.com Team
Jun 08, 2022
•Critical
Ubuntu
172
security advisorydenial of servicesecurity fixUbuntu 20.04 LTS: USN-5416-1 Moderate: Linux Kernel Denial Of Service
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-5416-1 May 12, 2022 linux-oem-5.14 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oem-5.14: Linux kernel for OEM systems Details: Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. (CVE-2022-1158) It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516) It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388) It was discovered that the Microchip CAN BUS Analyzer interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28389) It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-28390) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.14.0-1036-oem 5.14.0-1036.40 linux-image-oem-20.04 5.14.0.1036.33 linux-image-oem-20.04b 5.14.0.1036.33 linux-image-oem-20.04c 5.14.0.1036.33 linux-image-oem-20.04d 5.14.0.1036.33 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5416-1 CVE-2022-1158, CVE-2022-1516, CVE-2022-28388, CVE-2022-28389, CVE-2022-28390 Package Information: https://launchpad.net/ubuntu/+source/linux-oem-5.14/5.14.0-1036.40 . Multiple vulnerabilities identified in the Ubuntu Linux kernel have been resolved with an update targeting OEM installations; the advisory outlines potential denial of service threats.. Linux Kernel Security, Ubuntu OEM, Denial of Service Issues. . LinuxSecurity.com Team
May 11, 2022
Ubuntu
172
security advisorydenial of serviceremote code executionUbuntu 20.04 LTS USN-5218-1 Critical: Linux Kernel Security Issues
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-5218-1 January 11, 2022 linux-oem-5.13 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oem-5.13: Linux kernel for OEM systems Details: Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) It was discovered that the eBPF implementation in the Linux kernel did not properly validate the memory size of certain ring buffer operation arguments. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (LP: #1956585) It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864) It was discovered that the KVM implementation for POWER8 processors in the Linux kernel did not properly keep track if a wakeup event could be resolved by a guest. An attacker in a guest VM could possibly use this to cause adenial of service (host OS crash). (CVE-2021-43056) It was discovered that the TIPC Protocol implementation in the Linux kernel did not properly validate MSG_CRYPTO messages in some situations. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-43267) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.13.0-1026-oem 5.13.0-1026.32 linux-image-oem-20.04c 5.13.0.1026.29 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5218-1 CVE-2021-20321, CVE-2021-3760, CVE-2021-4002, CVE-2021-41864, CVE-2021-43056, CVE-2021-43267, CVE-2021-43389, https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1956585 Package Information: https://launchpad.net/ubuntu/+source/linux-oem-5.13/5.13.0-1026.32 . Ubuntu 20.04 LTS, powered by the Linux kernel, faces security risks like unpatched flaws and outdated software. Regular updates via APT and USN alerts are essential.. Linux Kernel Issues,System Security Update,Ubuntu Vulnerabilities,Security Fix,Open Source Security. . Severity: Critical. LinuxSecurity.com Team
Jan 11, 2022
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!