USN-6680-1: Linux kernel vulnerabilities

Releases

• Ubuntu 23.10
• Ubuntu 22.04 LTS

Packages

• linux - Linux kernel
• linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
• linux-gcp-6.5 - Linux kernel for Google Cloud Platform (GCP) systems
• linux-laptop - Linux kernel for Lenovo X13s ARM laptops
• linux-lowlatency - Linux low latency kernel
• linux-lowlatency-hwe-6.5 - Linux low latency kernel
• linux-oem-6.5 - Linux kernel for OEM systems
• linux-oracle - Linux kernel for Oracle Cloud systems
• linux-raspi - Linux kernel for Raspberry Pi systems
• linux-starfive - Linux kernel for StarFive processors
• linux-starfive-6.5 - Linux kernel for StarFive processors

Details

黄思聪 discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel did not properly handle certain memory allocation failure
conditions, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-46343)

It was discovered that a race condition existed in the Bluetooth subsystem
of the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-51779)

It was discovered that a race condition existed in the Rose X.25 protocol
implementation in the Linux kernel, leading to a use-after- free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51782)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel
did not properly handle connect command payloads in certain situations,
leading to an out-of-bounds read vulnerability. A remote attacker could use
this to expose sensitive information (kernel memory). (CVE-2023-6121)

Jann Horn discovered that the io_uring subsystem in the Linux kernel
contained an out-of-bounds access vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2023-6560)

Dan Carpenter discovered that the netfilter subsystem in the Linux kernel
did not store data in properly sized memory locations. A local user could
use this to cause a denial of service (system crash). (CVE-2024-0607)

Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and
Shweta Shinde discovered that the Confidential Computing framework in the
Linux kernel for x86 platforms did not properly handle 32-bit emulation on
TDX and SEV. An attacker with access to the VMM could use this to cause a
denial of service (guest crash) or possibly execute arbitrary code.
(CVE-2024-25744)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.10

• linux-image-6.5.0-1009-starfive - 6.5.0-1009.10
• linux-image-6.5.0-1011-laptop - 6.5.0-1011.14
• linux-image-6.5.0-1012-raspi - 6.5.0-1012.15
• linux-image-6.5.0-1015-gcp - 6.5.0-1015.15
• linux-image-6.5.0-1018-oracle - 6.5.0-1018.18
• linux-image-6.5.0-1018-oracle-64k - 6.5.0-1018.18
• linux-image-6.5.0-25-generic - 6.5.0-25.25
• linux-image-6.5.0-25-generic-64k - 6.5.0-25.25
• linux-image-6.5.0-25-lowlatency - 6.5.0-25.25.1
• linux-image-6.5.0-25-lowlatency-64k - 6.5.0-25.25.1
• linux-image-gcp - 6.5.0.1015.15
• linux-image-generic - 6.5.0.25.25
• linux-image-generic-64k - 6.5.0.25.25
• linux-image-generic-lpae - 6.5.0.25.25
• linux-image-kvm - 6.5.0.25.25
• linux-image-laptop-23.10 - 6.5.0.1011.14
• linux-image-lowlatency - 6.5.0.25.25.16
• linux-image-lowlatency-64k - 6.5.0.25.25.16
• linux-image-oracle - 6.5.0.1018.20
• linux-image-oracle-64k - 6.5.0.1018.20
• linux-image-raspi - 6.5.0.1012.13
• linux-image-raspi-nolpae - 6.5.0.1012.13
• linux-image-starfive - 6.5.0.1009.11
• linux-image-virtual - 6.5.0.25.25

Ubuntu 22.04

• linux-image-6.5.0-1009-starfive - 6.5.0-1009.10~22.04.1
• linux-image-6.5.0-1015-gcp - 6.5.0-1015.15~22.04.1
• linux-image-6.5.0-1016-oem - 6.5.0-1016.17
• linux-image-6.5.0-25-lowlatency - 6.5.0-25.25.1~22.04.1
• linux-image-6.5.0-25-lowlatency-64k - 6.5.0-25.25.1~22.04.1
• linux-image-gcp - 6.5.0.1015.15~22.04.1
• linux-image-lowlatency-64k-hwe-22.04 - 6.5.0.25.25.1~22.04.8
• linux-image-lowlatency-hwe-22.04 - 6.5.0.25.25.1~22.04.8
• linux-image-oem-22.04d - 6.5.0.1016.18
• linux-image-starfive - 6.5.0.1009.10~22.04.4

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

• CVE-2023-46343
• CVE-2023-51782
• CVE-2023-6121
• CVE-2023-51779
• CVE-2024-0607
• CVE-2023-6560
• CVE-2024-25744

Related notices

• USN-6625-1
• USN-6625-2
• USN-6625-3
• USN-6686-1
• USN-6680-2
• USN-6686-2
• USN-6680-3
• USN-6686-3
• USN-6686-4
• USN-6705-1
• USN-6686-5
• USN-6926-1
• USN-6938-1
• USN-6926-2
• USN-6926-3
• USN-6639-1
• USN-6646-1
• USN-6647-1
• USN-6647-2
• USN-6681-1
• USN-6681-2
• USN-6681-3
• USN-6681-4
• USN-6716-1
• USN-6701-1
• USN-6701-2
• USN-6701-3
• USN-6701-4
• USN-6606-1
• USN-6739-1
• USN-6740-1
• USN-6726-1
• USN-6726-2
• USN-6726-3
• USN-7100-1
• USN-7100-2
• USN-7123-1
• USN-7144-1