USN-6893-3: Linux kernel vulnerabilities

Releases

• Ubuntu 24.04 LTS

Packages

• linux-aws - Linux kernel for Amazon Web Services (AWS) systems

Details

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

• ARM64 architecture;
• RISC-V architecture;
• S390 architecture;
• x86 architecture;
• Block layer subsystem;
• Compute Acceleration Framework;
• Accessibility subsystem;
• Android drivers;
• Drivers core;
• Bluetooth drivers;
• Clock framework and drivers;
• Data acquisition framework and drivers;
• Cryptographic API;
• Buffer Sharing and Synchronization framework;
• GPU drivers;
• On-Chip Interconnect management framework;
• IOMMU subsystem;
• Multiple devices driver;
• Media drivers;
• VMware VMCI Driver;
• Network drivers;
• Microsoft Azure Network Adapter (MANA) driver;
• Device tree and open firmware driver;
• Chrome hardware platform drivers;
• i.MX PM domains;
• TI SCI PM domains driver;
• S/390 drivers;
• SCSI drivers;
• SPI subsystem;
• Thermal drivers;
• TTY drivers;
• USB subsystem;
• Framebuffer layer;
• BTRFS file system;
• Network file system server daemon;
• NILFS2 file system;
• File systems infrastructure;
• Pstore file system;
• SMB network file system;
• BPF subsystem;
• Bluetooth subsystem;
• Netfilter;
• io_uring subsystem;
• Core kernel;
• Extra boot config (XBC);
• Memory management;
• Amateur Radio drivers;
• B.A.T.M.A.N. meshing protocol;
• Ethernet bridge;
• Networking core;
• IPv4 networking;
• IPv6 networking;
• Multipath TCP;
• NFC subsystem;
• RDS protocol;
• Network traffic control;
• SMC sockets;
• Sun RPC protocol;
• TLS protocol;
• Unix domain sockets;
• Wireless networking;
• eXpress Data Path;
• SELinux security module;
  (CVE-2024-35955, CVE-2024-35921, CVE-2024-35946, CVE-2024-35934,
  CVE-2024-26993, CVE-2024-35899, CVE-2024-35952, CVE-2024-35894,
  CVE-2024-35886, CVE-2024-35872, CVE-2024-35970, CVE-2024-35936,
  CVE-2024-35907, CVE-2024-27013, CVE-2024-35910, CVE-2024-27009,
  CVE-2024-35875, CVE-2024-36021, CVE-2024-26923, CVE-2024-26997,
  CVE-2024-35978, CVE-2024-35981, CVE-2024-27015, CVE-2024-26928,
  CVE-2024-35963, CVE-2024-35897, CVE-2024-27020, CVE-2024-35922,
  CVE-2024-27001, CVE-2024-27011, CVE-2024-35940, CVE-2024-35871,
  CVE-2024-35900, CVE-2024-35869, CVE-2024-35905, CVE-2024-35974,
  CVE-2024-35873, CVE-2024-35882, CVE-2024-35914, CVE-2024-35956,
  CVE-2024-35887, CVE-2024-35920, CVE-2024-27018, CVE-2024-35880,
  CVE-2024-35943, CVE-2024-35912, CVE-2024-35979, CVE-2024-35862,
  CVE-2024-36019, CVE-2024-35950, CVE-2024-35977, CVE-2024-35918,
  CVE-2024-26992, CVE-2024-35884, CVE-2024-35916, CVE-2024-26817,
  CVE-2024-35959, CVE-2024-35909, CVE-2024-35933, CVE-2024-35982,
  CVE-2024-26996, CVE-2024-35980, CVE-2024-36018, CVE-2024-26925,
  CVE-2024-35929, CVE-2024-35971, CVE-2024-26990, CVE-2024-35885,
  CVE-2024-36025, CVE-2024-26998, CVE-2024-35930, CVE-2024-26982,
  CVE-2024-36022, CVE-2024-35895, CVE-2024-35902, CVE-2024-35911,
  CVE-2024-27002, CVE-2024-35968, CVE-2024-35861, CVE-2024-35903,
  CVE-2024-36026, CVE-2024-35896, CVE-2024-35945, CVE-2024-26936,
  CVE-2024-35954, CVE-2024-26985, CVE-2024-35908, CVE-2024-35924,
  CVE-2024-35938, CVE-2024-26991, CVE-2024-27017, CVE-2024-26922,
  CVE-2024-35919, CVE-2024-35915, CVE-2024-35985, CVE-2024-26995,
  CVE-2024-35870, CVE-2024-27010, CVE-2024-35904, CVE-2024-26999,
  CVE-2024-26983, CVE-2024-35939, CVE-2024-35865, CVE-2024-35860,
  CVE-2024-35944, CVE-2024-27021, CVE-2024-27016, CVE-2024-27004,
  CVE-2024-27019, CVE-2024-36027, CVE-2024-35890, CVE-2024-35975,
  CVE-2024-35901, CVE-2024-35967, CVE-2024-26986, CVE-2024-35957,
  CVE-2024-35937, CVE-2024-26988, CVE-2024-35972, CVE-2024-35926,
  CVE-2024-26926, CVE-2024-35964, CVE-2024-26994, CVE-2024-35889,
  CVE-2024-26981, CVE-2024-36024, CVE-2024-27022, CVE-2024-35935,
  CVE-2024-26811, CVE-2024-35932, CVE-2024-35866, CVE-2024-27008,
  CVE-2024-27012, CVE-2024-36023, CVE-2024-35931, CVE-2024-35888,
  CVE-2024-26989, CVE-2024-35868, CVE-2024-35976, CVE-2024-35953,
  CVE-2024-36020, CVE-2024-35893, CVE-2024-35961, CVE-2024-35965,
  CVE-2024-35892, CVE-2024-35942, CVE-2024-35958, CVE-2024-27014,
  CVE-2024-35867, CVE-2024-27003, CVE-2024-27007, CVE-2024-35951,
  CVE-2024-35973, CVE-2024-35863, CVE-2024-26984, CVE-2024-35898,
  CVE-2024-35960, CVE-2024-27005, CVE-2024-35917, CVE-2024-35927,
  CVE-2024-26980, CVE-2024-35877, CVE-2024-35925, CVE-2024-26921,
  CVE-2024-35913, CVE-2023-52699, CVE-2024-26987, CVE-2024-27006,
  CVE-2024-35878, CVE-2024-35864, CVE-2024-35969, CVE-2024-35883,
  CVE-2024-35891, CVE-2024-35879, CVE-2024-27000, CVE-2024-35966)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.04

• linux-image-6.8.0-1011-aws - 6.8.0-1011.12
• linux-image-aws - 6.8.0-1011.12

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

• CVE-2024-35967
• CVE-2024-35866
• CVE-2024-35933
• CVE-2024-35884
• CVE-2024-26981
• CVE-2024-27017
• CVE-2024-35905
• CVE-2024-26980
• CVE-2024-35879
• CVE-2024-35926
• CVE-2024-36021
• CVE-2024-35953
• CVE-2024-35982
• CVE-2024-35915
• CVE-2024-27003
• CVE-2024-35985
• CVE-2024-35927
• CVE-2024-35877
• CVE-2024-36023
• CVE-2024-35868
• CVE-2024-26982
• CVE-2024-35882
• CVE-2024-35951
• CVE-2024-35893
• CVE-2024-27022
• CVE-2024-26922
• CVE-2024-35878
• CVE-2024-24859
• CVE-2024-35887
• CVE-2024-36026
• CVE-2024-35940
• CVE-2024-35907
• CVE-2024-35979
• CVE-2024-35976
• CVE-2024-26928
• CVE-2024-35968
• CVE-2024-35913
• CVE-2024-35899
• CVE-2024-35895
• CVE-2024-35894
• CVE-2024-26936
• CVE-2024-26921
• CVE-2024-26985
• CVE-2024-26992
• CVE-2024-26989
• CVE-2024-35904
• CVE-2024-26993
• CVE-2024-26996
• CVE-2024-35880
• CVE-2024-27004
• CVE-2024-27013
• CVE-2024-35883
• CVE-2024-35916
• CVE-2024-35934
• CVE-2024-36019
• CVE-2024-35958
• CVE-2024-27012
• CVE-2024-36027
• CVE-2024-35870
• CVE-2024-35943
• CVE-2024-35889
• CVE-2024-35918
• CVE-2024-35902
• CVE-2024-27019
• CVE-2024-35957
• CVE-2024-27020
• CVE-2024-35872
• CVE-2024-35937
• CVE-2024-36022
• CVE-2024-35871
• CVE-2024-26990
• CVE-2024-26994
• CVE-2024-27016
• CVE-2024-26997
• CVE-2024-35861
• CVE-2024-35865
• CVE-2024-35964
• CVE-2024-35959
• CVE-2024-35966
• CVE-2024-26988
• CVE-2024-35922
• CVE-2024-35897
• CVE-2024-27015
• CVE-2024-35869
• CVE-2024-27006
• CVE-2024-35892
• CVE-2024-35911
• CVE-2024-35925
• CVE-2024-35909
• CVE-2024-35932
• CVE-2024-35888
• CVE-2024-35875
• CVE-2024-35952
• CVE-2024-35896
• CVE-2024-27009
• CVE-2024-26987
• CVE-2024-35938
• CVE-2024-35920
• CVE-2024-35908
• CVE-2024-26925
• CVE-2024-35963
• CVE-2024-27001
• CVE-2024-35931
• CVE-2024-24857
• CVE-2024-35969
• CVE-2024-35961
• CVE-2024-26991
• CVE-2024-26984
• CVE-2024-35971
• CVE-2024-35973
• CVE-2024-26995
• CVE-2024-36024
• CVE-2024-27014
• CVE-2024-35885
• CVE-2024-35942
• CVE-2024-35900
• CVE-2024-35862
• CVE-2024-35935
• CVE-2024-27007
• CVE-2024-35910
• CVE-2024-35863
• CVE-2024-35977
• CVE-2024-27011
• CVE-2024-35886
• CVE-2024-35890
• CVE-2024-35954
• CVE-2024-26926
• CVE-2024-35960
• CVE-2024-35970
• CVE-2024-35965
• CVE-2024-26817
• CVE-2024-35929
• CVE-2024-35936
• CVE-2024-26999
• CVE-2024-36020
• CVE-2024-24858
• CVE-2024-26923
• CVE-2024-26986
• CVE-2024-26998
• CVE-2024-35921
• CVE-2024-26983
• CVE-2024-35946
• CVE-2024-35980
• CVE-2024-27002
• CVE-2024-36018
• CVE-2024-35944
• CVE-2024-35978
• CVE-2024-35956
• CVE-2024-35860
• CVE-2024-35898
• CVE-2024-27018
• CVE-2024-35903
• CVE-2024-27005
• CVE-2024-35912
• CVE-2024-35914
• CVE-2024-35955
• CVE-2024-35891
• CVE-2024-26811
• CVE-2024-35864
• CVE-2023-52699
• CVE-2024-35867
• CVE-2024-35975
• CVE-2024-27010
• CVE-2024-35924
• CVE-2024-35981
• CVE-2024-27000
• CVE-2024-35939
• CVE-2024-35930
• CVE-2024-35873
• CVE-2024-35901
• CVE-2024-35919
• CVE-2024-35972
• CVE-2024-27008
• CVE-2024-35917
• CVE-2024-35974
• CVE-2024-35945
• CVE-2024-35950
• CVE-2024-36025
• CVE-2024-27021

Related notices

• USN-6893-1
• USN-6893-2
• USN-6918-1
• USN-6896-1
• USN-6898-1
• USN-6896-2
• USN-6898-2
• USN-6896-3
• USN-6898-3
• USN-6896-4
• USN-6896-5
• USN-6898-4
• USN-6917-1
• USN-6919-1
• USN-6927-1
• USN-7019-1
• USN-6923-1
• USN-6923-2
• USN-6957-1
• USN-6956-1
• USN-6950-1
• USN-6950-2
• USN-6950-3
• USN-6950-4
• USN-6926-1
• USN-6938-1
• USN-6926-2
• USN-6926-3
• USN-7007-1
• USN-7007-2
• USN-7007-3
• USN-7121-1
• USN-7121-2
• USN-7121-3
• USN-7148-1
• USN-6866-1
• USN-6866-2
• USN-6866-3
• USN-6895-1
• USN-6895-2
• USN-6900-1
• USN-6895-3
• USN-6895-4
• USN-6922-1
• USN-6922-2
• USN-6951-1
• USN-6953-1
• USN-6951-2
• USN-6951-3
• USN-6951-4
• USN-6979-1
• USN-6973-1
• USN-6974-1
• USN-6973-2
• USN-6974-2
• USN-6973-3
• USN-6973-4
• USN-7006-1
• LSN-0107-1
• USN-7021-1
• USN-7022-1
• USN-7021-2
• USN-7021-3
• USN-7022-2
• USN-7021-4
• USN-7022-3
• USN-7021-5
• USN-7119-1
• USN-6868-1
• USN-6872-1
• USN-6873-1
• USN-6874-1
• USN-6872-2
• USN-6873-2
• USN-6868-2
• USN-7028-1
• USN-7028-2
• USN-6972-1
• USN-6972-2
• USN-6972-3
• USN-6972-4
• USN-6875-1