USN-6725-1

Description

linux, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1194) Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32254) It was discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling session connections, leading to a use- after-free vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32258) It was discovered that the KSMBD implementation in the Linux kernel did not properly validate buffer sizes in certain operations, leading to an integer underflow and out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-38427) Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate SMB request protocol IDs, leading to a out-of- bounds read vulnerability. A remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-38430) Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate packet header sizes in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-38431) It was discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information. (CVE-2023-3867) Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838) It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-52340) It was discovered that the device mapper driver in the Linux kernel did not properly validate target size during certain memory allocations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-52429, CVE-2024-23851) Yang Chaoming discovered that the KSMBD implementation in the Linux kernel did not properly validate request buffer sizes, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2024-22705) Chenyuan Yang discovered that the btrfs file system in the Linux kernel did not properly handle read operations on newly created subvolumes in certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-23850) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-24860) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Architecture specifics; - Block layer; - Cryptographic API; - Android drivers; - EDAC drivers; - GPU drivers; - Media drivers; - Multifunction device drivers; - MTD block device drivers; - Network drivers; - NVME drivers; - TTY drivers; - Userspace I/O drivers; - EFI Variable file system; - F2FS file system; - GFS2 file system; - SMB network file system; - BPF subsystem; - IPv6 Networking; - Network Traffic Control; - AppArmor security module; (CVE-2023-52463, CVE-2023-52445, CVE-2023-52462, CVE-2023-52609, CVE-2023-52448, CVE-2023-52457, CVE-2023-52464, CVE-2023-52456, CVE-2023-52454, CVE-2023-52438, CVE-2023-52480, CVE-2023-52443, CVE-2023-52442, CVE-2024-26631, CVE-2023-52439, CVE-2023-52612, CVE-2024-26598, CVE-2024-26586, CVE-2024-26589, CVE-2023-52444, CVE-2023-52436, CVE-2024-26633, CVE-2024-26597, CVE-2023-52458, CVE-2024-26591, CVE-2023-52449, CVE-2023-52467, CVE-2023-52441, CVE-2023-52610, CVE-2023-52451, CVE-2023-52469, CVE-2023-52470)

Affected Systems

• ubuntu•linux

  < 5.15.0-102.112

• ubuntu•linux-azure

  < 5.15.0-1060.69

• ubuntu•linux-azure-5.15

  < 5.15.0-1060.69~20.04.1

• ubuntu•linux-azure-fde

  < 5.15.0-1060.69.1

• ubuntu•linux-azure-fde-5.15

  < 5.15.0-1060.69~20.04.1.1

• ubuntu•linux-gcp

  < 5.15.0-1055.63

• ubuntu•linux-gcp-5.15

  < 5.15.0-1055.63~20.04.1

• ubuntu•linux-gke

  < 5.15.0-1054.59

• ubuntu•linux-gkeop

  < 5.15.0-1040.46

• ubuntu•linux-gkeop-5.15

  < 5.15.0-1040.46~20.04.1

• ubuntu•linux-hwe-5.15

  < 5.15.0-102.112~20.04.1

• ubuntu•linux-ibm

  < 5.15.0-1050.53

• ubuntu•linux-ibm-5.15

  < 5.15.0-1050.53~20.04.1

• ubuntu•linux-intel-iotg

  < 5.15.0-1052.58

• ubuntu•linux-intel-iotg-5.15

  < 5.15.0-1052.58~20.04.1

• ubuntu•linux-kvm

  < 5.15.0-1054.59

• ubuntu•linux-lowlatency

  < 5.15.0-102.112

• ubuntu•linux-lowlatency-hwe-5.15

  < 5.15.0-102.112~20.04.1

• ubuntu•linux-nvidia

  < 5.15.0-1048.48

• ubuntu•linux-oracle

  < 5.15.0-1055.61

• ubuntu•linux-oracle-5.15

  < 5.15.0-1055.61~20.04.1

• ubuntu•linux-raspi

  < 5.15.0-1050.53

References (47)

• https://ubuntu.com/security/notices/USN-6725-1
• https://ubuntu.com/security/CVE-2023-1194
• https://ubuntu.com/security/CVE-2023-3867
• https://ubuntu.com/security/CVE-2023-32254
• https://ubuntu.com/security/CVE-2023-32258
• https://ubuntu.com/security/CVE-2023-38427
• https://ubuntu.com/security/CVE-2023-38430
• https://ubuntu.com/security/CVE-2023-38431
• https://ubuntu.com/security/CVE-2023-46838
• https://ubuntu.com/security/CVE-2023-52340
• https://ubuntu.com/security/CVE-2023-52429
• https://ubuntu.com/security/CVE-2023-52436
• https://ubuntu.com/security/CVE-2023-52438
• https://ubuntu.com/security/CVE-2023-52439
• https://ubuntu.com/security/CVE-2023-52441
• https://ubuntu.com/security/CVE-2023-52442
• https://ubuntu.com/security/CVE-2023-52443
• https://ubuntu.com/security/CVE-2023-52444
• https://ubuntu.com/security/CVE-2023-52445
• https://ubuntu.com/security/CVE-2023-52448
• https://ubuntu.com/security/CVE-2023-52449
• https://ubuntu.com/security/CVE-2023-52451
• https://ubuntu.com/security/CVE-2023-52454
• https://ubuntu.com/security/CVE-2023-52456
• https://ubuntu.com/security/CVE-2023-52457
• https://ubuntu.com/security/CVE-2023-52458
• https://ubuntu.com/security/CVE-2023-52462
• https://ubuntu.com/security/CVE-2023-52463
• https://ubuntu.com/security/CVE-2023-52464
• https://ubuntu.com/security/CVE-2023-52467
• https://ubuntu.com/security/CVE-2023-52469
• https://ubuntu.com/security/CVE-2023-52470
• https://ubuntu.com/security/CVE-2023-52480
• https://ubuntu.com/security/CVE-2023-52609
• https://ubuntu.com/security/CVE-2023-52610
• https://ubuntu.com/security/CVE-2023-52612
• https://ubuntu.com/security/CVE-2024-22705
• https://ubuntu.com/security/CVE-2024-23850
• https://ubuntu.com/security/CVE-2024-23851
• https://ubuntu.com/security/CVE-2024-24860
• https://ubuntu.com/security/CVE-2024-26586
• https://ubuntu.com/security/CVE-2024-26589
• https://ubuntu.com/security/CVE-2024-26591
• https://ubuntu.com/security/CVE-2024-26597
• https://ubuntu.com/security/CVE-2024-26598
• https://ubuntu.com/security/CVE-2024-26631
• https://ubuntu.com/security/CVE-2024-26633