LSN-0099-1: Kernel Live Patch Security Notice

28 November 2023

Several security issues were fixed in the kernel.

Releases

Software Description

  • aws - Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 4.15.0-1119, >= 5.4.0-1009, >= 5.4.0-1061, >= 5.15.0-1000, >= 4.4.0-1098, >= 4.4.0-1129)
  • aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
  • aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems - (>= 5.4.0-1069)
  • aws-6.2 - Linux kernel for Amazon Web Services (AWS) systems - (>= 6.2.0-1007)
  • aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems - (>= 4.15.0-1126)
  • azure - Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 5.15.0-1000, >= 4.15.0-1063, >= 4.15.0-1078, >= 4.15.0-1114)
  • azure-4.15 - Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1115)
  • azure-5.4 - Linux kernel for Microsoft Azure cloud systems - (>= 5.4.0-1069)
  • azure-6.2 - Linux kernel for Microsoft Azure cloud systems - (>= 6.2.0-1000)
  • gcp - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009, >= 5.15.0-1000, >= 4.15.0-1118)
  • gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems - (>= 4.15.0-1121)
  • gcp-5.15 - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000)
  • gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1069)
  • gcp-6.2 - Linux kernel for Google Cloud Platform (GCP) systems - (>= 6.2.0-1000)
  • generic-4.15 - Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-214, >= 4.15.0-143, >= 4.15.0-143, >= 4.15.0-69)
  • generic-4.4 - Linux kernel - (>= 4.4.0-168, >= 4.4.0-211, >= 4.4.0-168)
  • generic-5.15 - Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
  • generic-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
  • gke - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033, >= 5.15.0-1000)
  • gke-5.15 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.15.0-1000)
  • gkeop - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • hwe-6.2 - Linux hardware enablement (HWE) kernel - (>= 6.2.0-20)
  • ibm - Linux kernel for IBM cloud systems - (>= 5.4.0-1009, >= 5.15.0-1000)
  • ibm-5.15 - Linux kernel for IBM cloud systems - (>= 5.15.0-1000)
  • ibm-5.4 - Linux kernel for IBM cloud systems - (>= 5.4.0-1009)
  • linux - Linux kernel - (>= 5.15.0-71, >= 5.15.0-24)
  • lowlatency-4.15 - Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-214, >= 4.15.0-143, >= 4.15.0-143, >= 4.15.0-69)
  • lowlatency-4.4 - Linux kernel - (>= 4.4.0-168, >= 4.4.0-211, >= 4.4.0-168)
  • lowlatency-5.15 - Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
  • lowlatency-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)

Details

It was discovered that the Xen netback driver in the Linux kernel did not
properly handle packets structured in certain ways. An attacker in a guest
VM could possibly use this to cause a denial of service (host NIC
availability).(CVE-2022-3643)

It was discovered that the virtual terminal driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly expose sensitive
information (kernel memory).(CVE-2023-3567)

It was discovered that the universal 32bit network packet classifier
implementation in the Linux kernel did not properly perform reference
counting in some situations, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-3609)

It was discovered that the network packet classifier with
netfilter/firewall marks implementation in the Linux kernel did not
properly handle reference counting, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2023-3776)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle table rules flush in certain circumstances. A local
attacker could possibly use this to cause a denial of service (system
crash) or execute arbitrary code.(CVE-2023-3777)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle rule additions to bound chains in certain
circumstances. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code.(CVE-2023-3995)

It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle PIPAPO element removal, leading to a use-after-free
vulnerability. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code.(CVE-2023-4004)

Bing-Jhong Billy Jheng discovered that the Unix domain socket
implementation in the Linux kernel contained a race condition in certain
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.(CVE-2023-4622)

Budimir Markovic discovered that the qdisc implementation in the Linux
kernel did not properly validate inner classes, leading to a use-after-free
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2023-4623)

Alex Birnberg discovered that the netfilter subsystem in the Linux kernel
did not properly validate register length, leading to an out-of- bounds
write vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash).(CVE-2023-4881)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle removal of rules from chain bindings in certain
circumstances, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code.(CVE-2023-5197)

Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2023-31436)

Ross Lagerwall discovered that the Xen netback backend driver in the Linux
kernel did not properly handle certain unusual packets from a
paravirtualized network frontend, leading to a buffer overflow. An attacker
in a guest VM could use this to cause a denial of service (host system
crash) or possibly execute arbitrary code.(CVE-2023-34319)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2023-40283)

Kyle Zeng discovered that the networking stack implementation in the Linux
kernel did not properly validate skb object size in certain conditions. An
attacker could use this cause a denial of service (system crash) or
possibly execute arbitrary code.(CVE-2023-42752)

Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did
not properly calculate array offsets, leading to a out-of-bounds write
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2023-42753)

Checking update status

The problem can be corrected in these Livepatch versions:

Kernel type 22.04 20.04 18.04 16.04 14.04
aws 99.2 99.1 99.1 99.1
aws-5.15 99.2
aws-5.4 99.1
aws-6.2 99.2
aws-hwe 99.1
azure 99.2 99.1 99.1
azure-4.15 99.1
azure-5.4 99.1
azure-6.2 99.2
gcp 99.2 99.1 99.1
gcp-4.15 99.1
gcp-5.15 99.2
gcp-5.4 99.1
gcp-6.2 99.2
generic-4.15 99.1 99.1
generic-4.4 99.1 99.1
generic-5.15 99.2
generic-5.4 99.1 99.1
gke 99.2 99.1
gke-5.15 99.2
gkeop 99.1
hwe-6.2 99.2
ibm 99.2 99.1
ibm-5.15 99.2
ibm-5.4 99.1
linux 99.2
lowlatency-4.15 99.1 99.1
lowlatency-4.4 99.1 99.1
lowlatency-5.15 99.2
lowlatency-5.4 99.1 99.1

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status