USN-6956-1: Linux kernel (Azure) vulnerabilities

Releases

• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS

Packages

• linux-azure - Linux kernel for Microsoft Azure Cloud systems
• linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems
• linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems
• linux-azure-fde-5.15 - Linux kernel for Microsoft Azure CVM cloud systems

Details

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde
discovered that an untrusted hypervisor could inject malicious #VC
interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw
is known as WeSee. A local attacker in control of the hypervisor could use
this to expose sensitive information or possibly execute arbitrary code in
the trusted execution environment. (CVE-2024-25742)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

• ARM32 architecture;
• ARM64 architecture;
• Block layer subsystem;
• Bluetooth drivers;
• Clock framework and drivers;
• FireWire subsystem;
• GPU drivers;
• InfiniBand drivers;
• Multiple devices driver;
• EEPROM drivers;
• Network drivers;
• Pin controllers subsystem;
• Remote Processor subsystem;
• S/390 drivers;
• SCSI drivers;
• TTY drivers;
• 9P distributed file system;
• Network file system client;
• SMB network file system;
• Socket messages infrastructure;
• Dynamic debug library;
• Bluetooth subsystem;
• Networking core;
• IPv4 networking;
• IPv6 networking;
• Multipath TCP;
• Netfilter;
• NSH protocol;
• Phonet protocol;
• TIPC protocol;
• Wireless networking;
• Key management;
• ALSA framework;
• HD-audio driver;
  (CVE-2024-36933, CVE-2024-36960, CVE-2024-26936, CVE-2024-36975,
  CVE-2023-52882, CVE-2024-27401, CVE-2024-36929, CVE-2024-36939,
  CVE-2024-35947, CVE-2024-36883, CVE-2024-26886, CVE-2024-36952,
  CVE-2024-36950, CVE-2024-36940, CVE-2024-36897, CVE-2023-52585,
  CVE-2024-26900, CVE-2024-36959, CVE-2024-36928, CVE-2024-36938,
  CVE-2024-36016, CVE-2024-36965, CVE-2024-36967, CVE-2024-36889,
  CVE-2024-36905, CVE-2024-36969, CVE-2024-36916, CVE-2024-36954,
  CVE-2024-27017, CVE-2024-36941, CVE-2024-36957, CVE-2024-27399,
  CVE-2024-36937, CVE-2024-36955, CVE-2024-38600, CVE-2023-52752,
  CVE-2024-36953, CVE-2024-26980, CVE-2024-36902, CVE-2024-26952,
  CVE-2024-36904, CVE-2024-36964, CVE-2024-36946, CVE-2024-36880,
  CVE-2024-36906, CVE-2024-36947, CVE-2024-36886, CVE-2024-36934,
  CVE-2024-35848, CVE-2024-36919, CVE-2024-36017, CVE-2024-36944,
  CVE-2024-36931, CVE-2024-27398)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04

• linux-image-5.15.0-1070-azure - 5.15.0-1070.79
• linux-image-5.15.0-1070-azure-fde - 5.15.0-1070.79.1
• linux-image-azure-fde-lts-22.04 - 5.15.0.1070.79.47
• linux-image-azure-lts-22.04 - 5.15.0.1070.68

Ubuntu 20.04

• linux-image-5.15.0-1070-azure - 5.15.0-1070.79~20.04.1
• linux-image-5.15.0-1070-azure-fde - 5.15.0-1070.79~20.04.1.1
• linux-image-azure - 5.15.0.1070.79~20.04.1
• linux-image-azure-cvm - 5.15.0.1070.79~20.04.1
• linux-image-azure-fde - 5.15.0.1070.79~20.04.1.47

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

• CVE-2024-36905
• CVE-2024-27398
• CVE-2024-36937
• CVE-2024-36938
• CVE-2024-26900
• CVE-2024-26980
• CVE-2024-35848
• CVE-2024-36946
• CVE-2024-36960
• CVE-2024-36955
• CVE-2024-27401
• CVE-2023-52882
• CVE-2024-36889
• CVE-2024-36883
• CVE-2024-36919
• CVE-2024-36947
• CVE-2024-36965
• CVE-2024-36016
• CVE-2024-25742
• CVE-2024-36906
• CVE-2024-36953
• CVE-2024-36941
• CVE-2024-36931
• CVE-2024-36928
• CVE-2024-36940
• CVE-2024-36902
• CVE-2024-36952
• CVE-2024-36929
• CVE-2024-26952
• CVE-2024-36944
• CVE-2023-52585
• CVE-2024-26886
• CVE-2024-36897
• CVE-2024-36959
• CVE-2024-36939
• CVE-2024-36969
• CVE-2024-36886
• CVE-2024-36880
• CVE-2024-36950
• CVE-2023-52752
• CVE-2024-36954
• CVE-2024-36957
• CVE-2024-27017
• CVE-2024-36904
• CVE-2024-36967
• CVE-2024-38600
• CVE-2024-36964
• CVE-2024-26936
• CVE-2024-36934
• CVE-2024-36916
• CVE-2024-36975
• CVE-2024-36017
• CVE-2024-27399
• CVE-2024-35947
• CVE-2024-36933

Related notices

• USN-6949-1
• USN-6953-1
• USN-6950-1
• USN-6951-1
• USN-6952-1
• USN-6955-1
• USN-6950-2
• USN-6957-1
• USN-6950-3
• USN-6949-2
• USN-6951-2
• USN-6951-3
• USN-6950-4
• USN-6951-4
• USN-6979-1
• USN-7019-1
• USN-7028-1
• USN-7028-2
• LSN-0107-1
• USN-6816-1
• USN-6817-1
• USN-6817-2
• USN-6817-3
• USN-6878-1
• USN-6893-1
• USN-6893-2
• USN-6893-3
• USN-6918-1
• USN-7088-1
• USN-7088-2
• USN-7088-3
• USN-7088-4
• USN-7088-5
• USN-7119-1
• USN-6923-1
• USN-6924-1
• USN-6926-1
• USN-6921-1
• USN-6921-2
• USN-6924-2
• USN-6927-1
• USN-6923-2
• USN-6938-1
• USN-6926-2
• USN-6926-3
• LSN-0106-1
• USN-7121-1
• USN-7121-2
• USN-7121-3
• USN-6972-1
• USN-6972-2
• USN-6972-3
• USN-6972-4