USN-6952-1: Linux kernel vulnerabilities

Releases

• Ubuntu 24.04 LTS

Packages

• linux-nvidia-lowlatency - Linux low latency kernel for NVIDIA systems
• linux-oracle - Linux kernel for Oracle Cloud systems

Details

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde
discovered that an untrusted hypervisor could inject malicious #VC
interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw
is known as WeSee. A local attacker in control of the hypervisor could use
this to expose sensitive information or possibly execute arbitrary code in
the trusted execution environment. (CVE-2024-25742)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

• ARM32 architecture;
• ARM64 architecture;
• M68K architecture;
• OpenRISC architecture;
• PowerPC architecture;
• RISC-V architecture;
• x86 architecture;
• Block layer subsystem;
• Accessibility subsystem;
• Bluetooth drivers;
• Clock framework and drivers;
• CPU frequency scaling framework;
• Hardware crypto device drivers;
• DMA engine subsystem;
• DPLL subsystem;
• FireWire subsystem;
• EFI core;
• Qualcomm firmware drivers;
• GPIO subsystem;
• GPU drivers;
• HID subsystem;
• Microsoft Hyper-V drivers;
• I2C subsystem;
• InfiniBand drivers;
• IOMMU subsystem;
• IRQ chip drivers;
• Macintosh device drivers;
• Multiple devices driver;
• Media drivers;
• EEPROM drivers;
• MMC subsystem;
• Network drivers;
• STMicroelectronics network drivers;
• Device tree and open firmware driver;
• HiSilicon SoC PMU drivers;
• PHY drivers;
• Pin controllers subsystem;
• Remote Processor subsystem;
• S/390 drivers;
• SCSI drivers;
• SPI subsystem;
• Media staging drivers;
• Thermal drivers;
• TTY drivers;
• Userspace I/O drivers;
• USB subsystem;
• DesignWare USB3 driver;
• ACRN Hypervisor Service Module driver;
• Virtio drivers;
• 9P distributed file system;
• BTRFS file system;
• eCrypt file system;
• EROFS file system;
• File systems infrastructure;
• GFS2 file system;
• JFFS2 file system;
• Network file systems library;
• Network file system client;
• Network file system server daemon;
• NILFS2 file system;
• Proc file system;
• SMB network file system;
• Tracing file system;
• Mellanox drivers;
• Memory management;
• Socket messages infrastructure;
• Slab allocator;
• Tracing infrastructure;
• User-space API (UAPI);
• Core kernel;
• BPF subsystem;
• DMA mapping infrastructure;
• RCU subsystem;
• Dynamic debug library;
• KUnit library;
• Maple Tree data structure library;
• Heterogeneous memory management;
• Amateur Radio drivers;
• Bluetooth subsystem;
• Ethernet bridge;
• Networking core;
• IPv4 networking;
• IPv6 networking;
• Multipath TCP;
• Netfilter;
• NET/ROM layer;
• NFC subsystem;
• NSH protocol;
• Open vSwitch;
• Phonet protocol;
• SMC sockets;
• TIPC protocol;
• Unix domain sockets;
• Wireless networking;
• Key management;
• ALSA framework;
• HD-audio driver;
• Kirkwood ASoC drivers;
• MediaTek ASoC drivers;
  (CVE-2024-38601, CVE-2024-36935, CVE-2024-35991, CVE-2024-36032,
  CVE-2024-35988, CVE-2024-36886, CVE-2024-36913, CVE-2024-36928,
  CVE-2024-38553, CVE-2024-36927, CVE-2024-38615, CVE-2024-36958,
  CVE-2024-36977, CVE-2024-36889, CVE-2024-38554, CVE-2024-38590,
  CVE-2024-42134, CVE-2024-35857, CVE-2024-35850, CVE-2024-35986,
  CVE-2024-36921, CVE-2024-38569, CVE-2024-36966, CVE-2024-38542,
  CVE-2024-38585, CVE-2024-36884, CVE-2024-36006, CVE-2024-38577,
  CVE-2024-36016, CVE-2024-38584, CVE-2024-36887, CVE-2024-38598,
  CVE-2024-35994, CVE-2024-38603, CVE-2024-35998, CVE-2024-27401,
  CVE-2024-35852, CVE-2024-36944, CVE-2024-38572, CVE-2024-36917,
  CVE-2024-36943, CVE-2024-36009, CVE-2024-38587, CVE-2024-35949,
  CVE-2024-36945, CVE-2024-36004, CVE-2024-36919, CVE-2024-27398,
  CVE-2024-38582, CVE-2024-35847, CVE-2024-38580, CVE-2024-38602,
  CVE-2024-36916, CVE-2024-36903, CVE-2024-38555, CVE-2024-36952,
  CVE-2024-38589, CVE-2024-27394, CVE-2024-36933, CVE-2024-36975,
  CVE-2024-38591, CVE-2024-38612, CVE-2024-36939, CVE-2024-35983,
  CVE-2024-38607, CVE-2024-36929, CVE-2024-35849, CVE-2024-36941,
  CVE-2024-35858, CVE-2024-38599, CVE-2024-35996, CVE-2024-36031,
  CVE-2024-36931, CVE-2024-35990, CVE-2024-35851, CVE-2024-38556,
  CVE-2024-36000, CVE-2024-36910, CVE-2024-38573, CVE-2024-36906,
  CVE-2024-36951, CVE-2024-38604, CVE-2024-38613, CVE-2024-38547,
  CVE-2024-36014, CVE-2024-36949, CVE-2024-36033, CVE-2024-38597,
  CVE-2024-36880, CVE-2024-38594, CVE-2024-36894, CVE-2024-38546,
  CVE-2024-36947, CVE-2024-38541, CVE-2024-35989, CVE-2024-27399,
  CVE-2024-38550, CVE-2024-36922, CVE-2024-36008, CVE-2024-38540,
  CVE-2024-36924, CVE-2024-36892, CVE-2024-38549, CVE-2024-36882,
  CVE-2024-36908, CVE-2024-38566, CVE-2024-36005, CVE-2024-38583,
  CVE-2024-36968, CVE-2024-36017, CVE-2024-38565, CVE-2024-36881,
  CVE-2024-38611, CVE-2024-36897, CVE-2024-38560, CVE-2024-36923,
  CVE-2024-38575, CVE-2024-36899, CVE-2024-38570, CVE-2024-36898,
  CVE-2024-36896, CVE-2024-38559, CVE-2024-38588, CVE-2024-38606,
  CVE-2024-38551, CVE-2024-36891, CVE-2024-38567, CVE-2024-36895,
  CVE-2024-35993, CVE-2024-38552, CVE-2024-36925, CVE-2024-36964,
  CVE-2024-36888, CVE-2024-36956, CVE-2024-36946, CVE-2024-38600,
  CVE-2024-35997, CVE-2024-36912, CVE-2024-35984, CVE-2024-35848,
  CVE-2024-38545, CVE-2024-38563, CVE-2024-36918, CVE-2024-36001,
  CVE-2024-36957, CVE-2024-38576, CVE-2024-36030, CVE-2024-38574,
  CVE-2024-36963, CVE-2024-36890, CVE-2024-36960, CVE-2024-36901,
  CVE-2024-38614, CVE-2024-35859, CVE-2024-38593, CVE-2024-36904,
  CVE-2024-36012, CVE-2024-38578, CVE-2024-36011, CVE-2024-36930,
  CVE-2024-36938, CVE-2024-36893, CVE-2024-35987, CVE-2024-36905,
  CVE-2024-35853, CVE-2024-36003, CVE-2024-38562, CVE-2024-38617,
  CVE-2024-35855, CVE-2024-36965, CVE-2024-38596, CVE-2024-38558,
  CVE-2024-38568, CVE-2024-36955, CVE-2024-36029, CVE-2024-36967,
  CVE-2024-36940, CVE-2024-38595, CVE-2024-36028, CVE-2024-38610,
  CVE-2024-36911, CVE-2024-35999, CVE-2024-35854, CVE-2024-38571,
  CVE-2024-38548, CVE-2024-36948, CVE-2024-36002, CVE-2024-36961,
  CVE-2024-36900, CVE-2024-36932, CVE-2024-36902, CVE-2024-35992,
  CVE-2024-36914, CVE-2024-38592, CVE-2024-38616, CVE-2024-27400,
  CVE-2024-36937, CVE-2024-36920, CVE-2024-38586, CVE-2024-36909,
  CVE-2024-35846, CVE-2024-39482, CVE-2024-38579, CVE-2024-38539,
  CVE-2024-27395, CVE-2024-36962, CVE-2024-36013, CVE-2024-27396,
  CVE-2024-38557, CVE-2024-36953, CVE-2024-41011, CVE-2023-52882,
  CVE-2024-36969, CVE-2024-36007, CVE-2024-35856, CVE-2024-38605,
  CVE-2024-36915, CVE-2024-36979, CVE-2024-36954, CVE-2024-38538,
  CVE-2024-36950, CVE-2024-36926, CVE-2024-38544, CVE-2024-36959,
  CVE-2024-38561, CVE-2024-36883, CVE-2024-36936, CVE-2024-38564,
  CVE-2024-38543, CVE-2024-36934, CVE-2024-35947, CVE-2024-38620)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.04

• linux-image-6.8.0-1010-oracle - 6.8.0-1010.10
• linux-image-6.8.0-1010-oracle-64k - 6.8.0-1010.10
• linux-image-6.8.0-1011-nvidia-lowlatency - 6.8.0-1011.11.1
• linux-image-6.8.0-1011-nvidia-lowlatency-64k - 6.8.0-1011.11.1
• linux-image-nvidia-lowlatency - 6.8.0-1011.11.1
• linux-image-nvidia-lowlatency-64k - 6.8.0-1011.11.1
• linux-image-oracle - 6.8.0-1010.10
• linux-image-oracle-64k - 6.8.0-1010.10

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

• CVE-2024-36029
• CVE-2024-35990
• CVE-2024-36004
• CVE-2024-36001
• CVE-2024-36891
• CVE-2024-38615
• CVE-2024-35984
• CVE-2024-38549
• CVE-2024-36969
• CVE-2024-38588
• CVE-2024-38605
• CVE-2024-36900
• CVE-2024-36959
• CVE-2024-38600
• CVE-2024-38603
• CVE-2024-35988
• CVE-2024-35991
• CVE-2024-36918
• CVE-2024-38565
• CVE-2024-38575
• CVE-2024-41011
• CVE-2024-36920
• CVE-2024-36938
• CVE-2024-38553
• CVE-2024-36928
• CVE-2024-36946
• CVE-2024-36916
• CVE-2024-36952
• CVE-2024-38577
• CVE-2024-38548
• CVE-2024-36911
• CVE-2024-36932
• CVE-2024-35987
• CVE-2024-36949
• CVE-2024-38617
• CVE-2024-38610
• CVE-2024-38570
• CVE-2024-38540
• CVE-2024-38595
• CVE-2024-36934
• CVE-2024-36881
• CVE-2024-38593
• CVE-2024-35846
• CVE-2024-36017
• CVE-2024-36931
• CVE-2024-38539
• CVE-2024-38597
• CVE-2024-36884
• CVE-2024-36880
• CVE-2024-35848
• CVE-2024-36960
• CVE-2024-42134
• CVE-2024-36977
• CVE-2024-36961
• CVE-2024-36012
• CVE-2024-38573
• CVE-2024-35947
• CVE-2024-38616
• CVE-2024-27399
• CVE-2024-38572
• CVE-2024-36917
• CVE-2024-38590
• CVE-2024-38544
• CVE-2024-36951
• CVE-2024-38607
• CVE-2024-36965
• CVE-2024-36975
• CVE-2024-36958
• CVE-2024-38568
• CVE-2024-38580
• CVE-2024-36890
• CVE-2024-36892
• CVE-2024-36929
• CVE-2024-36921
• CVE-2024-38571
• CVE-2024-38599
• CVE-2024-36011
• CVE-2024-36944
• CVE-2024-35992
• CVE-2024-38614
• CVE-2024-35854
• CVE-2024-38564
• CVE-2024-27395
• CVE-2024-36912
• CVE-2024-38576
• CVE-2024-35989
• CVE-2024-36028
• CVE-2024-36939
• CVE-2024-36898
• CVE-2024-38545
• CVE-2024-36923
• CVE-2024-35949
• CVE-2024-38598
• CVE-2024-36924
• CVE-2024-38582
• CVE-2024-36919
• CVE-2024-36957
• CVE-2024-36000
• CVE-2024-36007
• CVE-2024-38587
• CVE-2024-38585
• CVE-2024-38567
• CVE-2024-38541
• CVE-2024-38602
• CVE-2024-36937
• CVE-2024-36031
• CVE-2024-36883
• CVE-2024-36894
• CVE-2024-36910
• CVE-2024-36936
• CVE-2024-36945
• CVE-2024-38579
• CVE-2024-36002
• CVE-2024-36953
• CVE-2024-38542
• CVE-2024-38596
• CVE-2024-38562
• CVE-2024-36893
• CVE-2024-35858
• CVE-2024-38546
• CVE-2023-52882
• CVE-2024-36886
• CVE-2024-38574
• CVE-2024-36033
• CVE-2024-36904
• CVE-2024-36908
• CVE-2024-36954
• CVE-2024-36930
• CVE-2024-38583
• CVE-2024-35994
• CVE-2024-36895
• CVE-2024-35986
• CVE-2024-35850
• CVE-2024-35855
• CVE-2024-35996
• CVE-2024-35997
• CVE-2024-36933
• CVE-2024-35999
• CVE-2024-36955
• CVE-2024-36896
• CVE-2024-38543
• CVE-2024-35847
• CVE-2024-36913
• CVE-2024-38552
• CVE-2024-38594
• CVE-2024-35859
• CVE-2024-36926
• CVE-2024-38620
• CVE-2024-38551
• CVE-2024-38550
• CVE-2024-35856
• CVE-2024-38554
• CVE-2024-38561
• CVE-2024-36032
• CVE-2024-38559
• CVE-2024-38611
• CVE-2024-27396
• CVE-2024-38566
• CVE-2024-36922
• CVE-2024-36963
• CVE-2024-36966
• CVE-2024-38569
• CVE-2024-36013
• CVE-2024-38613
• CVE-2024-36905
• CVE-2024-38612
• CVE-2024-36887
• CVE-2024-38589
• CVE-2024-36967
• CVE-2024-36950
• CVE-2024-38578
• CVE-2024-38591
• CVE-2024-36009
• CVE-2024-38604
• CVE-2024-36915
• CVE-2024-36008
• CVE-2024-36962
• CVE-2024-36947
• CVE-2024-38555
• CVE-2024-36882
• CVE-2024-36979
• CVE-2024-25742
• CVE-2024-35852
• CVE-2024-35857
• CVE-2024-36888
• CVE-2024-36889
• CVE-2024-38557
• CVE-2024-36006
• CVE-2024-35993
• CVE-2024-27394
• CVE-2024-35998
• CVE-2024-36897
• CVE-2024-35853
• CVE-2024-36940
• CVE-2024-38547
• CVE-2024-36927
• CVE-2024-36030
• CVE-2024-38586
• CVE-2024-38606
• CVE-2024-36914
• CVE-2024-35983
• CVE-2024-36903
• CVE-2024-36943
• CVE-2024-35851
• CVE-2024-36968
• CVE-2024-38556
• CVE-2024-36901
• CVE-2024-36902
• CVE-2024-36909
• CVE-2024-38601
• CVE-2024-36964
• CVE-2024-38538
• CVE-2024-38592
• CVE-2024-35849
• CVE-2024-36899
• CVE-2024-39482
• CVE-2024-36906
• CVE-2024-38584
• CVE-2024-36003
• CVE-2024-27398
• CVE-2024-36016
• CVE-2024-36956
• CVE-2024-27401
• CVE-2024-36014
• CVE-2024-38563
• CVE-2024-27400
• CVE-2024-36925
• CVE-2024-36948
• CVE-2024-36941
• CVE-2024-38560
• CVE-2024-36935
• CVE-2024-38558
• CVE-2024-36005

Related notices

• USN-6898-1
• USN-6898-2
• USN-6898-3
• USN-6898-4
• USN-6917-1
• USN-6919-1
• USN-6927-1
• USN-6949-1
• USN-6955-1
• USN-6949-2
• USN-7019-1
• USN-6921-1
• USN-6921-2
• USN-6896-1
• USN-6896-2
• USN-6896-3
• USN-6896-4
• USN-6896-5
• USN-6951-1
• USN-6953-1
• USN-6951-2
• USN-6951-3
• USN-6951-4
• USN-6979-1
• USN-7007-1
• USN-7009-1
• USN-7007-2
• USN-7007-3
• USN-7009-2
• USN-6926-1
• USN-6938-1
• USN-6926-2
• USN-6926-3
• USN-6950-1
• USN-6950-2
• USN-6957-1
• USN-6956-1
• USN-6950-3
• USN-6950-4
• USN-7088-1
• USN-7088-2
• USN-7088-3
• USN-7088-4
• USN-7100-1
• USN-7100-2
• USN-7088-5
• USN-7119-1
• USN-7123-1
• USN-7144-1
• USN-7021-1
• USN-7022-1
• USN-7028-1
• USN-7021-2
• USN-7021-3
• USN-7039-1
• USN-7022-2
• USN-7021-4
• USN-7022-3
• USN-7028-2
• USN-7021-5
• USN-7069-1
• USN-7069-2
• USN-7110-1
• USN-7003-1
• USN-7003-2
• USN-7006-1
• USN-7003-3
• USN-7003-4
• USN-7003-5
• USN-7121-1
• USN-7121-2
• USN-7121-3
• USN-6923-1
• USN-6923-2
• USN-6972-1
• USN-6972-2
• USN-6972-3
• USN-6972-4
• USN-6974-1
• USN-6973-1
• USN-6973-2
• USN-6974-2
• USN-6973-3
• USN-6973-4
• USN-7148-1
• LSN-0107-1
• USN-6924-1
• USN-6924-2
• LSN-0106-1