USN-6702-1

Description

linux, linux-bluefield, linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) It was discovered that the ARM Mali Display Processor driver implementation in the Linux kernel did not properly handle certain error conditions. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-23004) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855)

Affected Systems

• ubuntu•linux

  < 5.4.0-174.193

• ubuntu•linux-bluefield

  < 5.4.0-1081.88

• ubuntu•linux-gcp

  < 5.4.0-1125.134

• ubuntu•linux-gkeop

  < 5.4.0-1088.92

• ubuntu•linux-hwe-5.4

  < 5.4.0-174.193~18.04.1

• ubuntu•linux-ibm

  < 5.4.0-1068.73

• ubuntu•linux-ibm-5.4

  < 5.4.0-1068.73~18.04.1

• ubuntu•linux-iot

  < 5.4.0-1033.34

• ubuntu•linux-kvm

  < 5.4.0-1109.116

• ubuntu•linux-oracle

  < 5.4.0-1120.129

• ubuntu•linux-oracle-5.4

  < 5.4.0-1120.129~18.04.1

References (5)

• https://ubuntu.com/security/notices/USN-6702-1
• https://ubuntu.com/security/CVE-2023-23000
• https://ubuntu.com/security/CVE-2023-23004
• https://ubuntu.com/security/CVE-2024-1086
• https://ubuntu.com/security/CVE-2024-24855