Ubuntu 6614 Published by

The following Linux kernel updates have been released for Ubuntu Linux:

[USN-6873-1] Linux kernel vulnerabilities
[USN-6863-1] Linux kernel vulnerability
[USN-6871-1] Linux kernel (HWE) vulnerabilities
[USN-6872-1] Linux kernel vulnerabilities
[USN-6874-1] Linux kernel (Azure) vulnerabilities
[USN-6870-1] Linux kernel vulnerabilities
[USN-6875-1] Linux kernel (Azure) vulnerabilities
[USN-6864-1] Linux kernel vulnerabilities
[USN-6869-1] Linux kernel vulnerabilities
[USN-6866-1] Linux kernel vulnerabilities
[USN-6865-1] Linux kernel vulnerabilities
[USN-6868-1] Linux kernel vulnerabilities
[USN-6867-1] Linux kernel vulnerabilities




[USN-6873-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6873-1
July 04, 2024

linux-aws, linux-aws-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5,
linux-starfive vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-starfive: Linux kernel for StarFive processors
- linux-aws-6.5: Linux kernel for Amazon Web Services (AWS) systems
- linux-oem-6.5: Linux kernel for OEM systems
- linux-oracle-6.5: Linux kernel for Oracle Cloud systems

Details:

It was discovered that the Intel Data Streaming and Intel Analytics
Accelerator drivers in the Linux kernel allowed direct access to the
devices for unprivileged users and virtual machines. A local attacker could
use this to cause a denial of service. (CVE-2024-21823)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystem:
- Netfilter;
(CVE-2024-26643, CVE-2024-26925, CVE-2024-26924, CVE-2024-26809)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10
linux-image-6.5.0-1016-starfive 6.5.0-1016.17
linux-image-6.5.0-1022-aws 6.5.0-1022.22
linux-image-6.5.0-1025-oracle 6.5.0-1025.25
linux-image-6.5.0-1025-oracle-64k 6.5.0-1025.25
linux-image-aws 6.5.0.1022.22
linux-image-oracle 6.5.0.1025.27
linux-image-oracle-64k 6.5.0.1025.27
linux-image-starfive 6.5.0.1016.18

Ubuntu 22.04 LTS
linux-image-6.5.0-1022-aws 6.5.0-1022.22~22.04.1
linux-image-6.5.0-1025-oem 6.5.0-1025.26
linux-image-6.5.0-1025-oracle 6.5.0-1025.25~22.04.1
linux-image-6.5.0-1025-oracle-64k 6.5.0-1025.25~22.04.1
linux-image-aws 6.5.0.1022.22~22.04.1
linux-image-oem-22.04 6.5.0.1025.27
linux-image-oem-22.04a 6.5.0.1025.27
linux-image-oem-22.04b 6.5.0.1025.27
linux-image-oem-22.04c 6.5.0.1025.27
linux-image-oem-22.04d 6.5.0.1025.27
linux-image-oracle 6.5.0.1025.25~22.04.1
linux-image-oracle-64k 6.5.0.1025.25~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6873-1
CVE-2024-21823, CVE-2024-26643, CVE-2024-26809, CVE-2024-26924,
CVE-2024-26925

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/6.5.0-1022.22
https://launchpad.net/ubuntu/+source/linux-oracle/6.5.0-1025.25
https://launchpad.net/ubuntu/+source/linux-starfive/6.5.0-1016.17
https://launchpad.net/ubuntu/+source/linux-aws-6.5/6.5.0-1022.22~22.04.1
https://launchpad.net/ubuntu/+source/linux-oem-6.5/6.5.0-1025.26
https://launchpad.net/ubuntu/+source/linux-oracle-6.5/6.5.0-1025.25~22.04.1



[USN-6863-1] Linux kernel vulnerability


==========================================================================
Ubuntu Security Notice USN-6863-1
July 04, 2024

linux, linux-ibm, linux-lowlatency, linux-nvidia, linux-raspi
vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
- linux: Linux kernel
- linux-ibm: Linux kernel for IBM cloud systems
- linux-lowlatency: Linux low latency kernel
- linux-nvidia: Linux kernel for NVIDIA systems
- linux-raspi: Linux kernel for Raspberry Pi systems

Details:

A security issue was discovered in the Linux kernel.
An attacker could possibly use it to compromise the system.
This update corrects flaws in the following subsystem:
- Netfilter;
(CVE-2024-26924)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1006-raspi 6.8.0-1006.6
linux-image-6.8.0-1007-ibm 6.8.0-1007.7
linux-image-6.8.0-1008-nvidia 6.8.0-1008.8
linux-image-6.8.0-1008-nvidia-64k 6.8.0-1008.8
linux-image-6.8.0-36-generic 6.8.0-36.36
linux-image-6.8.0-36-generic-64k 6.8.0-36.36
linux-image-6.8.0-36-lowlatency 6.8.0-36.36.1
linux-image-6.8.0-36-lowlatency-64k 6.8.0-36.36.1
linux-image-generic 6.8.0-36.36
linux-image-generic-64k 6.8.0-36.36
linux-image-generic-64k-hwe-24.04 6.8.0-36.36
linux-image-generic-hwe-24.04 6.8.0-36.36
linux-image-generic-lpae 6.8.0-36.36
linux-image-ibm 6.8.0-1007.7
linux-image-ibm-classic 6.8.0-1007.7
linux-image-ibm-lts-24.04 6.8.0-1007.7
linux-image-kvm 6.8.0-36.36
linux-image-lowlatency 6.8.0-36.36.1
linux-image-lowlatency-64k 6.8.0-36.36.1
linux-image-nvidia 6.8.0-1008.8
linux-image-nvidia-64k 6.8.0-1008.8
linux-image-raspi 6.8.0-1006.6
linux-image-virtual 6.8.0-36.36
linux-image-virtual-hwe-24.04 6.8.0-36.36

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6863-1
CVE-2024-26924

Package Information:
https://launchpad.net/ubuntu/+source/linux/6.8.0-36.36
https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1007.7
https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8.0-36.36.1
https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1008.8
https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1006.6



[USN-6871-1] Linux kernel (HWE) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6871-1
July 04, 2024

linux-hwe-5.15 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-hwe-5.15: Linux hardware enablement (HWE) kernel

Details:

It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)

It was discovered that the Atheros 802.11ac wireless driver did not
properly validate certain data structures, leading to a NULL pointer
dereference. An attacker could possibly use this to cause a denial of
service. (CVE-2023-7042)

It was discovered that the HugeTLB file system component of the Linux
Kernel contained a NULL pointer dereference vulnerability. A privileged
attacker could possibly use this to to cause a denial of service.
(CVE-2024-0841)

It was discovered that the Intel Data Streaming and Intel Analytics
Accelerator drivers in the Linux kernel allowed direct access to the
devices for unprivileged users and virtual machines. A local attacker could
use this to cause a denial of service. (CVE-2024-21823)

Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux
Kernel contained a race condition, leading to a NULL pointer dereference.
An attacker could possibly use this to cause a denial of service (system
crash). (CVE-2024-22099)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- RISC-V architecture;
- x86 architecture;
- ACPI drivers;
- Block layer subsystem;
- Clock framework and drivers;
- CPU frequency scaling framework;
- Cryptographic API;
- DMA engine subsystem;
- EFI core;
- GPU drivers;
- InfiniBand drivers;
- IOMMU subsystem;
- Multiple devices driver;
- Media drivers;
- MMC subsystem;
- Network drivers;
- NTB driver;
- NVME drivers;
- PCI subsystem;
- MediaTek PM domains;
- Power supply drivers;
- SPI subsystem;
- Media staging drivers;
- TCM subsystem;
- USB subsystem;
- Framebuffer layer;
- AFS file system;
- File systems infrastructure;
- BTRFS file system;
- EROFS file system;
- Ext4 file system;
- F2FS file system;
- Network file system client;
- NTFS3 file system;
- Diskquota system;
- SMB network file system;
- BPF subsystem;
- Netfilter;
- TLS protocol;
- io_uring subsystem;
- Bluetooth subsystem;
- Memory management;
- Ethernet bridge;
- Networking core;
- HSR network protocol;
- IPv4 networking;
- IPv6 networking;
- L2TP protocol;
- MAC80211 subsystem;
- Multipath TCP;
- Netlink;
- NET/ROM layer;
- Packet sockets;
- RDS protocol;
- Sun RPC protocol;
- Unix domain sockets;
- Wireless networking;
- USB sound devices;
(CVE-2024-26901, CVE-2024-35844, CVE-2024-27024, CVE-2024-26835,
CVE-2024-26879, CVE-2024-26846, CVE-2024-35829, CVE-2024-26804,
CVE-2024-26802, CVE-2024-27039, CVE-2024-27075, CVE-2024-27076,
CVE-2024-26863, CVE-2024-27046, CVE-2024-26776, CVE-2024-26875,
CVE-2024-26885, CVE-2024-26583, CVE-2024-26777, CVE-2024-26803,
CVE-2024-27047, CVE-2024-26748, CVE-2024-27044, CVE-2024-27416,
CVE-2024-26906, CVE-2024-27405, CVE-2024-26749, CVE-2024-27436,
CVE-2024-26895, CVE-2023-52662, CVE-2024-26772, CVE-2023-52645,
CVE-2024-26787, CVE-2024-26788, CVE-2023-52497, CVE-2024-26795,
CVE-2024-26763, CVE-2024-27414, CVE-2024-26870, CVE-2024-27412,
CVE-2024-27078, CVE-2024-27388, CVE-2024-26894, CVE-2023-52641,
CVE-2024-27053, CVE-2024-26584, CVE-2024-26752, CVE-2024-35845,
CVE-2024-26884, CVE-2024-26782, CVE-2024-26859, CVE-2024-26809,
CVE-2024-27038, CVE-2024-26897, CVE-2024-26750, CVE-2023-52644,
CVE-2024-26848, CVE-2024-26833, CVE-2024-26801, CVE-2024-26872,
CVE-2023-52620, CVE-2023-52652, CVE-2024-26839, CVE-2024-26851,
CVE-2024-26805, CVE-2024-26659, CVE-2024-26791, CVE-2023-52640,
CVE-2024-26883, CVE-2024-26737, CVE-2024-27028, CVE-2024-26603,
CVE-2024-27073, CVE-2024-26792, CVE-2024-35830, CVE-2024-26585,
CVE-2024-27045, CVE-2024-26880, CVE-2024-27074, CVE-2023-52434,
CVE-2024-26778, CVE-2024-26754, CVE-2024-27034, CVE-2024-35828,
CVE-2024-26643, CVE-2024-26774, CVE-2024-26878, CVE-2024-26733,
CVE-2024-27043, CVE-2023-52656, CVE-2024-26816, CVE-2024-26907,
CVE-2024-26838, CVE-2024-26651, CVE-2024-26790, CVE-2024-26840,
CVE-2024-26751, CVE-2024-27410, CVE-2023-52447, CVE-2024-27431,
CVE-2024-26861, CVE-2024-27077, CVE-2024-26779, CVE-2024-27054,
CVE-2024-26601, CVE-2024-26874, CVE-2024-26764, CVE-2023-52650,
CVE-2024-26843, CVE-2024-26856, CVE-2024-26820, CVE-2024-26903,
CVE-2024-27037, CVE-2024-26798, CVE-2024-27415, CVE-2024-27419,
CVE-2024-26736, CVE-2024-27403, CVE-2024-27432, CVE-2024-26735,
CVE-2024-26793, CVE-2024-26881, CVE-2024-26889, CVE-2024-27052,
CVE-2024-26766, CVE-2024-26882, CVE-2024-27417, CVE-2024-26688,
CVE-2024-26747, CVE-2024-26877, CVE-2024-26744, CVE-2024-27051,
CVE-2024-26743, CVE-2024-26857, CVE-2024-26855, CVE-2024-26852,
CVE-2024-26771, CVE-2024-26891, CVE-2024-27030, CVE-2024-26769,
CVE-2024-27413, CVE-2024-26898, CVE-2024-26915, CVE-2024-26845,
CVE-2024-27065, CVE-2024-26924, CVE-2024-26862, CVE-2024-27390,
CVE-2024-26773)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.15.0-113-generic 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-lpae 5.15.0-113.123~20.04.1
linux-image-generic-64k-hwe-20.04 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 5.15.0.113.123~20.04.1
linux-image-oem-20.04 5.15.0.113.123~20.04.1
linux-image-oem-20.04b 5.15.0.113.123~20.04.1
linux-image-oem-20.04c 5.15.0.113.123~20.04.1
linux-image-oem-20.04d 5.15.0.113.123~20.04.1
linux-image-virtual-hwe-20.04 5.15.0.113.123~20.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6871-1
CVE-2023-52434, CVE-2023-52447, CVE-2023-52497, CVE-2023-52620,
CVE-2023-52640, CVE-2023-52641, CVE-2023-52644, CVE-2023-52645,
CVE-2023-52650, CVE-2023-52652, CVE-2023-52656, CVE-2023-52662,
CVE-2023-6270, CVE-2023-7042, CVE-2024-0841, CVE-2024-21823,
CVE-2024-22099, CVE-2024-26583, CVE-2024-26584, CVE-2024-26585,
CVE-2024-26601, CVE-2024-26603, CVE-2024-26643, CVE-2024-26651,
CVE-2024-26659, CVE-2024-26688, CVE-2024-26733, CVE-2024-26735,
CVE-2024-26736, CVE-2024-26737, CVE-2024-26743, CVE-2024-26744,
CVE-2024-26747, CVE-2024-26748, CVE-2024-26749, CVE-2024-26750,
CVE-2024-26751, CVE-2024-26752, CVE-2024-26754, CVE-2024-26763,
CVE-2024-26764, CVE-2024-26766, CVE-2024-26769, CVE-2024-26771,
CVE-2024-26772, CVE-2024-26773, CVE-2024-26774, CVE-2024-26776,
CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26782,
CVE-2024-26787, CVE-2024-26788, CVE-2024-26790, CVE-2024-26791,
CVE-2024-26792, CVE-2024-26793, CVE-2024-26795, CVE-2024-26798,
CVE-2024-26801, CVE-2024-26802, CVE-2024-26803, CVE-2024-26804,
CVE-2024-26805, CVE-2024-26809, CVE-2024-26816, CVE-2024-26820,
CVE-2024-26833, CVE-2024-26835, CVE-2024-26838, CVE-2024-26839,
CVE-2024-26840, CVE-2024-26843, CVE-2024-26845, CVE-2024-26846,
CVE-2024-26848, CVE-2024-26851, CVE-2024-26852, CVE-2024-26855,
CVE-2024-26856, CVE-2024-26857, CVE-2024-26859, CVE-2024-26861,
CVE-2024-26862, CVE-2024-26863, CVE-2024-26870, CVE-2024-26872,
CVE-2024-26874, CVE-2024-26875, CVE-2024-26877, CVE-2024-26878,
CVE-2024-26879, CVE-2024-26880, CVE-2024-26881, CVE-2024-26882,
CVE-2024-26883, CVE-2024-26884, CVE-2024-26885, CVE-2024-26889,
CVE-2024-26891, CVE-2024-26894, CVE-2024-26895, CVE-2024-26897,
CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26906,
CVE-2024-26907, CVE-2024-26915, CVE-2024-26924, CVE-2024-27024,
CVE-2024-27028, CVE-2024-27030, CVE-2024-27034, CVE-2024-27037,
CVE-2024-27038, CVE-2024-27039, CVE-2024-27043, CVE-2024-27044,
CVE-2024-27045, CVE-2024-27046, CVE-2024-27047, CVE-2024-27051,
CVE-2024-27052, CVE-2024-27053, CVE-2024-27054, CVE-2024-27065,
CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27076,
CVE-2024-27077, CVE-2024-27078, CVE-2024-27388, CVE-2024-27390,
CVE-2024-27403, CVE-2024-27405, CVE-2024-27410, CVE-2024-27412,
CVE-2024-27413, CVE-2024-27414, CVE-2024-27415, CVE-2024-27416,
CVE-2024-27417, CVE-2024-27419, CVE-2024-27431, CVE-2024-27432,
CVE-2024-27436, CVE-2024-35828, CVE-2024-35829, CVE-2024-35830,
CVE-2024-35844, CVE-2024-35845

Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-113.123~20.04.1



[USN-6872-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6872-1
July 04, 2024

linux, linux-gcp, linux-gcp-6.5, linux-laptop, linux-nvidia-6.5,
linux-raspi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-laptop: Linux kernel for Lenovo X13s ARM laptops
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-gcp-6.5: Linux kernel for Google Cloud Platform (GCP) systems
- linux-nvidia-6.5: Linux kernel for NVIDIA systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystem:
- Netfilter;
(CVE-2024-26809, CVE-2024-26643, CVE-2024-26925, CVE-2024-26924)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10
linux-image-6.5.0-1018-laptop 6.5.0-1018.21
linux-image-6.5.0-1019-raspi 6.5.0-1019.22
linux-image-6.5.0-1023-gcp 6.5.0-1023.25
linux-image-6.5.0-42-generic 6.5.0-42.42
linux-image-6.5.0-42-generic-64k 6.5.0-42.42
linux-image-gcp 6.5.0.1023.25
linux-image-generic 6.5.0.42.42
linux-image-generic-64k 6.5.0.42.42
linux-image-generic-lpae 6.5.0.42.42
linux-image-kvm 6.5.0.42.42
linux-image-laptop-23.10 6.5.0.1018.21
linux-image-raspi 6.5.0.1019.20
linux-image-raspi-nolpae 6.5.0.1019.20
linux-image-virtual 6.5.0.42.42

Ubuntu 22.04 LTS
linux-image-6.5.0-1022-nvidia 6.5.0-1022.23
linux-image-6.5.0-1022-nvidia-64k 6.5.0-1022.23
linux-image-6.5.0-1023-gcp 6.5.0-1023.25~22.04.1
linux-image-gcp 6.5.0.1023.25~22.04.1
linux-image-nvidia-6.5 6.5.0.1022.30
linux-image-nvidia-64k-6.5 6.5.0.1022.30
linux-image-nvidia-64k-hwe-22.04 6.5.0.1022.30
linux-image-nvidia-hwe-22.04 6.5.0.1022.30

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6872-1
CVE-2024-26643, CVE-2024-26809, CVE-2024-26924, CVE-2024-26925

Package Information:
https://launchpad.net/ubuntu/+source/linux/6.5.0-42.42
https://launchpad.net/ubuntu/+source/linux-gcp/6.5.0-1023.25
https://launchpad.net/ubuntu/+source/linux-laptop/6.5.0-1018.21
https://launchpad.net/ubuntu/+source/linux-raspi/6.5.0-1019.22
https://launchpad.net/ubuntu/+source/linux-gcp-6.5/6.5.0-1023.25~22.04.1
https://launchpad.net/ubuntu/+source/linux-nvidia-6.5/6.5.0-1022.23



[USN-6874-1] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6874-1
July 04, 2024

linux-azure, linux-azure-6.5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-azure-6.5: Linux kernel for Microsoft Azure cloud systems

Details:

It was discovered that the Intel Data Streaming and Intel Analytics
Accelerator drivers in the Linux kernel allowed direct access to the
devices for unprivileged users and virtual machines. A local attacker could
use this to cause a denial of service. (CVE-2024-21823)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Microsoft Azure Network Adapter (MANA) driver;
- Netfilter;
(CVE-2024-26925, CVE-2024-26924, CVE-2024-26809, CVE-2024-26643,
CVE-2024-35901)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10
linux-image-6.5.0-1023-azure 6.5.0-1023.24
linux-image-6.5.0-1023-azure-fde 6.5.0-1023.24
linux-image-azure 6.5.0.1023.27
linux-image-azure-fde 6.5.0.1023.27

Ubuntu 22.04 LTS
linux-image-6.5.0-1023-azure 6.5.0-1023.24~22.04.1
linux-image-6.5.0-1023-azure-fde 6.5.0-1023.24~22.04.1
linux-image-azure 6.5.0.1023.24~22.04.1
linux-image-azure-fde 6.5.0.1023.24~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6874-1
CVE-2024-21823, CVE-2024-26643, CVE-2024-26809, CVE-2024-26924,
CVE-2024-26925, CVE-2024-35901

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/6.5.0-1023.24
https://launchpad.net/ubuntu/+source/linux-azure-6.5/6.5.0-1023.24~22.04.1



[USN-6870-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6870-1
July 04, 2024

linux-aws, linux-azure, linux-azure-5.15, linux-azure-fde,
linux-azure-fde-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-ibm,
linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-oracle,
linux-oracle-5.15 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems
- linux-gke: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-intel-iotg: Linux kernel for Intel IoT platforms
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems
- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems
- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems
- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms
- linux-oracle-5.15: Linux kernel for Oracle Cloud systems

Details:

It was discovered that the Intel Data Streaming and Intel Analytics
Accelerator drivers in the Linux kernel allowed direct access to the
devices for unprivileged users and virtual machines. A local attacker could
use this to cause a denial of service. (CVE-2024-21823)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystem:
- Netfilter;
(CVE-2024-26643, CVE-2024-26924)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1047-gkeop 5.15.0-1047.54
linux-image-5.15.0-1057-ibm 5.15.0-1057.60
linux-image-5.15.0-1059-intel-iotg 5.15.0-1059.65
linux-image-5.15.0-1061-gke 5.15.0-1061.67
linux-image-5.15.0-1061-kvm 5.15.0-1061.66
linux-image-5.15.0-1062-oracle 5.15.0-1062.68
linux-image-5.15.0-1064-aws 5.15.0-1064.70
linux-image-5.15.0-1067-azure 5.15.0-1067.76
linux-image-5.15.0-1067-azure-fde 5.15.0-1067.76.1
linux-image-aws-lts-22.04 5.15.0.1064.64
linux-image-azure-fde-lts-22.04 5.15.0.1067.76.44
linux-image-azure-lts-22.04 5.15.0.1067.65
linux-image-gke 5.15.0.1061.60
linux-image-gke-5.15 5.15.0.1061.60
linux-image-gkeop 5.15.0.1047.46
linux-image-gkeop-5.15 5.15.0.1047.46
linux-image-ibm 5.15.0.1057.53
linux-image-intel-iotg 5.15.0.1059.59
linux-image-kvm 5.15.0.1061.57
linux-image-oracle-lts-22.04 5.15.0.1062.58

Ubuntu 20.04 LTS
linux-image-5.15.0-1047-gkeop 5.15.0-1047.54~20.04.1
linux-image-5.15.0-1059-intel-iotg 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1062-oracle 5.15.0-1062.68~20.04.1
linux-image-5.15.0-1067-azure 5.15.0-1067.76~20.04.1
linux-image-5.15.0-1067-azure-fde 5.15.0-1067.76~20.04.1.1
linux-image-azure 5.15.0.1067.76~20.04.1
linux-image-azure-cvm 5.15.0.1067.76~20.04.1
linux-image-azure-fde 5.15.0.1067.76~20.04.1.44
linux-image-gkeop-5.15 5.15.0.1047.54~20.04.1
linux-image-intel 5.15.0.1059.65~20.04.1
linux-image-intel-iotg 5.15.0.1059.65~20.04.1
linux-image-oracle 5.15.0.1062.68~20.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6870-1
CVE-2024-21823, CVE-2024-26643, CVE-2024-26924

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1064.70
https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1067.76
https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1067.76.1
https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1061.67
https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1047.54
https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1057.60
https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1059.65
https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1061.66
https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1062.68
https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1067.76~20.04.1

https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1067.76~20.04.1.1
https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1047.54~20.04.1

https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1059.65~20.04.1

https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1062.68~20.04.1



[USN-6875-1] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6875-1
July 04, 2024

linux-azure vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

It was discovered that the Intel Data Streaming and Intel Analytics
Accelerator drivers in the Linux kernel allowed direct access to the
devices for unprivileged users and virtual machines. A local attacker could
use this to cause a denial of service. (CVE-2024-21823)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Microsoft Azure Network Adapter (MANA) driver;
- Netfilter;
(CVE-2024-35901, CVE-2024-26924)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1009-azure 6.8.0-1009.9
linux-image-6.8.0-1009-azure-fde 6.8.0-1009.9
linux-image-azure 6.8.0-1009.9
linux-image-azure-fde 6.8.0-1009.9

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6875-1
CVE-2024-21823, CVE-2024-26924, CVE-2024-35901

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1009.9



[USN-6864-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6864-1
July 04, 2024

linux-gcp, linux-intel vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-intel: Linux kernel for Intel IoT platforms

Details:

It was discovered that the Intel Data Streaming and Intel Analytics
Accelerator drivers in the Linux kernel allowed direct access to the
devices for unprivileged users and virtual machines. A local attacker could
use this to cause a denial of service. (CVE-2024-21823)

A security issue was discovered in the Linux kernel.
An attacker could possibly use it to compromise the system.
This update corrects flaws in the following subsystem:
- Netfilter;
(CVE-2024-26924)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1006-intel 6.8.0-1006.13
linux-image-6.8.0-1009-gcp 6.8.0-1009.10
linux-image-gcp 6.8.0-1009.10
linux-image-intel 6.8.0-1006.13

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6864-1
CVE-2024-21823, CVE-2024-26924

Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1009.10
https://launchpad.net/ubuntu/+source/linux-intel/6.8.0-1006.13



[USN-6869-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6869-1
July 04, 2024

linux, linux-gcp, linux-lowlatency, linux-lowlatency-hwe-5.15,
linux-nvidia, linux-xilinx-zynqmp vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-lowlatency: Linux low latency kernel
- linux-nvidia: Linux kernel for NVIDIA systems
- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors
- linux-lowlatency-hwe-5.15: Linux low latency kernel

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystem:
- Netfilter;
(CVE-2024-26924, CVE-2024-26643)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1031-xilinx-zynqmp 5.15.0-1031.35
linux-image-5.15.0-1059-nvidia 5.15.0-1059.60
linux-image-5.15.0-1059-nvidia-lowlatency 5.15.0-1059.60
linux-image-5.15.0-1063-gcp 5.15.0-1063.71
linux-image-5.15.0-113-generic 5.15.0-113.123
linux-image-5.15.0-113-generic-64k 5.15.0-113.123
linux-image-5.15.0-113-generic-lpae 5.15.0-113.123
linux-image-5.15.0-113-lowlatency 5.15.0-113.123
linux-image-5.15.0-113-lowlatency-64k 5.15.0-113.123
linux-image-gcp-lts-22.04 5.15.0.1063.59
linux-image-generic 5.15.0.113.113
linux-image-generic-64k 5.15.0.113.113
linux-image-generic-lpae 5.15.0.113.113
linux-image-lowlatency 5.15.0.113.104
linux-image-lowlatency-64k 5.15.0.113.104
linux-image-nvidia 5.15.0.1059.59
linux-image-nvidia-lowlatency 5.15.0.1059.59
linux-image-virtual 5.15.0.113.113
linux-image-xilinx-zynqmp 5.15.0.1031.35

Ubuntu 20.04 LTS
linux-image-5.15.0-113-lowlatency 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-lowlatency-64k 5.15.0-113.123~20.04.1
linux-image-lowlatency-64k-hwe-20.04 5.15.0.113.123~20.04.1
linux-image-lowlatency-hwe-20.04 5.15.0.113.123~20.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6869-1
CVE-2024-26643, CVE-2024-26924

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.15.0-113.123
https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1063.71
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-113.123
https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1059.60
https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.15.0-1031.35

https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-113.123~20.04.1



[USN-6866-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6866-1
July 03, 2024

linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-kvm, linux-oracle vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel

Details:

It was discovered that the ext4 file system implementation in the Linux
kernel did not properly validate data state on write operations. An
attacker could use this to construct a malicious ext4 file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2021-33631)

It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)

Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)

Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)

Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Hardware random number generator core;
- GPU drivers;
- AFS file system;
- Memory management;
- Netfilter;
(CVE-2024-26642, CVE-2024-26922, CVE-2024-26720, CVE-2024-26736,
CVE-2024-26898, CVE-2021-47063, CVE-2023-52615)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
linux-image-4.15.0-1132-oracle 4.15.0-1132.143
Available with Ubuntu Pro
linux-image-4.15.0-1153-kvm 4.15.0-1153.158
Available with Ubuntu Pro
linux-image-4.15.0-1163-gcp 4.15.0-1163.180
Available with Ubuntu Pro
linux-image-4.15.0-1169-aws 4.15.0-1169.182
Available with Ubuntu Pro
linux-image-4.15.0-226-generic 4.15.0-226.238
Available with Ubuntu Pro
linux-image-4.15.0-226-lowlatency 4.15.0-226.238
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1169.167
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1163.176
Available with Ubuntu Pro
linux-image-generic 4.15.0.226.210
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1153.144
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.226.210
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1132.137
Available with Ubuntu Pro
linux-image-virtual 4.15.0.226.210
Available with Ubuntu Pro

Ubuntu 16.04 LTS
linux-image-4.15.0-1132-oracle 4.15.0-1132.143~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1163-gcp 4.15.0-1163.180~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1169-aws 4.15.0-1169.182~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-226-generic 4.15.0-226.238~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-226-lowlatency 4.15.0-226.238~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1169.182~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1163.180~16.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.226.238~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1163.180~16.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.226.238~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.226.238~16.04.1
Available with Ubuntu Pro
linux-image-oracle 4.15.0.1132.143~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.226.238~16.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6866-1
CVE-2021-33631, CVE-2021-47063, CVE-2023-52615, CVE-2023-6270,
CVE-2024-2201, CVE-2024-23307, CVE-2024-24861, CVE-2024-26642,
CVE-2024-26720, CVE-2024-26736, CVE-2024-26898, CVE-2024-26922



[USN-6865-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6865-1
July 03, 2024

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

It was discovered that the ext4 file system implementation in the Linux
kernel did not properly validate data state on write operations. An
attacker could use this to construct a malicious ext4 file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2021-33631)

It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)

Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)

Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)

Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Hardware random number generator core;
- Memory management;
- Netfilter;
(CVE-2024-26898, CVE-2023-52615, CVE-2024-26642, CVE-2024-26720)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
linux-image-4.4.0-1134-kvm 4.4.0-1134.144
Available with Ubuntu Pro
linux-image-4.4.0-1171-aws 4.4.0-1171.186
Available with Ubuntu Pro
linux-image-4.4.0-256-generic 4.4.0-256.290
Available with Ubuntu Pro
linux-image-4.4.0-256-lowlatency 4.4.0-256.290
Available with Ubuntu Pro
linux-image-aws 4.4.0.1171.175
Available with Ubuntu Pro
linux-image-generic 4.4.0.256.262
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.256.262
Available with Ubuntu Pro
linux-image-kvm 4.4.0.1134.131
Available with Ubuntu Pro
linux-image-lowlatency 4.4.0.256.262
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.256.262
Available with Ubuntu Pro
linux-image-virtual 4.4.0.256.262
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.256.262
Available with Ubuntu Pro

Ubuntu 14.04 LTS
linux-image-4.4.0-1133-aws 4.4.0-1133.139
Available with Ubuntu Pro
linux-image-4.4.0-256-generic 4.4.0-256.290~14.04.1
Available with Ubuntu Pro
linux-image-4.4.0-256-lowlatency 4.4.0-256.290~14.04.1
Available with Ubuntu Pro
linux-image-aws 4.4.0.1133.130
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.256.290~14.04.1
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.256.290~14.04.1
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.256.290~14.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6865-1
CVE-2021-33631, CVE-2023-52615, CVE-2023-6270, CVE-2024-2201,
CVE-2024-23307, CVE-2024-24861, CVE-2024-26642, CVE-2024-26720,
CVE-2024-26898



[USN-6868-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6868-1
July 03, 2024

linux, linux-aws, linux-azure, linux-azure-5.4, linux-bluefield,
linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,
linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi,
linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-iot: Linux kernel for IoT platforms
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors
- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-ibm-5.4: Linux kernel for IBM cloud systems
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems

Details:

Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Netfilter;
(CVE-2024-26925, CVE-2024-26643)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1039-iot 5.4.0-1039.40
linux-image-5.4.0-1046-xilinx-zynqmp 5.4.0-1046.50
linux-image-5.4.0-1074-ibm 5.4.0-1074.79
linux-image-5.4.0-1087-bluefield 5.4.0-1087.94
linux-image-5.4.0-1094-gkeop 5.4.0-1094.98
linux-image-5.4.0-1111-raspi 5.4.0-1111.123
linux-image-5.4.0-1115-kvm 5.4.0-1115.122
linux-image-5.4.0-1126-oracle 5.4.0-1126.135
linux-image-5.4.0-1127-aws 5.4.0-1127.137
linux-image-5.4.0-1131-gcp 5.4.0-1131.140
linux-image-5.4.0-1132-azure 5.4.0-1132.139
linux-image-5.4.0-187-generic 5.4.0-187.207
linux-image-5.4.0-187-generic-lpae 5.4.0-187.207
linux-image-5.4.0-187-lowlatency 5.4.0-187.207
linux-image-aws-lts-20.04 5.4.0.1127.124
linux-image-azure-lts-20.04 5.4.0.1132.126
linux-image-bluefield 5.4.0.1087.83
linux-image-gcp-lts-20.04 5.4.0.1131.133
linux-image-generic 5.4.0.187.185
linux-image-generic-lpae 5.4.0.187.185
linux-image-gkeop 5.4.0.1094.92
linux-image-gkeop-5.4 5.4.0.1094.92
linux-image-ibm-lts-20.04 5.4.0.1074.103
linux-image-kvm 5.4.0.1115.111
linux-image-lowlatency 5.4.0.187.185
linux-image-oem 5.4.0.187.185
linux-image-oem-osp1 5.4.0.187.185
linux-image-oracle-lts-20.04 5.4.0.1126.119
linux-image-raspi 5.4.0.1111.141
linux-image-raspi2 5.4.0.1111.141
linux-image-virtual 5.4.0.187.185
linux-image-xilinx-zynqmp 5.4.0.1046.46

Ubuntu 18.04 LTS
linux-image-5.4.0-1074-ibm 5.4.0-1074.79~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1111-raspi 5.4.0-1111.123~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1126-oracle 5.4.0-1126.135~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-1132-azure 5.4.0-1132.139~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-187-generic 5.4.0-187.207~18.04.1
Available with Ubuntu Pro
linux-image-5.4.0-187-lowlatency 5.4.0-187.207~18.04.1
Available with Ubuntu Pro
linux-image-azure 5.4.0.1132.139~18.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-18.04 5.4.0.187.207~18.04.1
Available with Ubuntu Pro
linux-image-ibm 5.4.0.1074.79~18.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-18.04 5.4.0.187.207~18.04.1
Available with Ubuntu Pro
linux-image-oem 5.4.0.187.207~18.04.1
Available with Ubuntu Pro
linux-image-oem-osp1 5.4.0.187.207~18.04.1
Available with Ubuntu Pro
linux-image-oracle 5.4.0.1126.135~18.04.1
Available with Ubuntu Pro
linux-image-raspi-hwe-18.04 5.4.0.1111.123~18.04.1
Available with Ubuntu Pro
linux-image-snapdragon-hwe-18.04 5.4.0.187.207~18.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-18.04 5.4.0.187.207~18.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6868-1
CVE-2024-2201, CVE-2024-26643, CVE-2024-26925

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-187.207
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1127.137
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1132.139
https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1087.94
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1131.140
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1094.98
https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1074.79
https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1039.40
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1115.122
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1126.135
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1111.123
https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1046.50



[USN-6867-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6867-1
July 03, 2024

linux-bluefield, linux-iot vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-bluefield: Linux kernel for NVIDIA BlueField platforms
- linux-iot: Linux kernel for IoT platforms

Details:

It was discovered that the HugeTLB file system component of the Linux
Kernel contained a NULL pointer dereference vulnerability. A privileged
attacker could possibly use this to to cause a denial of service.
(CVE-2024-0841)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- PowerPC architecture;
- x86 architecture;
- DMA engine subsystem;
- EFI core;
- GPU drivers;
- InfiniBand drivers;
- Multiple devices driver;
- Network drivers;
- Power supply drivers;
- TCM subsystem;
- Userspace I/O drivers;
- USB subsystem;
- Framebuffer layer;
- AFS file system;
- File systems infrastructure;
- BTRFS file system;
- Ext4 file system;
- Bluetooth subsystem;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- L2TP protocol;
- MAC80211 subsystem;
- Netfilter;
- Netlink;
- Wireless networking;
(CVE-2021-47063, CVE-2024-26751, CVE-2024-26848, CVE-2024-26748,
CVE-2024-26733, CVE-2024-26735, CVE-2024-26805, CVE-2024-26804,
CVE-2024-26793, CVE-2023-52504, CVE-2024-27417, CVE-2024-27405,
CVE-2024-26778, CVE-2024-27414, CVE-2024-26801, CVE-2024-26835,
CVE-2024-27413, CVE-2024-26766, CVE-2024-27410, CVE-2024-27412,
CVE-2024-26773, CVE-2024-26777, CVE-2024-26839, CVE-2024-26764,
CVE-2024-26712, CVE-2024-26788, CVE-2024-26688, CVE-2024-26754,
CVE-2021-47070, CVE-2024-26752, CVE-2024-26845, CVE-2024-26791,
CVE-2024-26763, CVE-2024-27416, CVE-2024-26779, CVE-2024-26749,
CVE-2024-26736, CVE-2024-26840, CVE-2024-26772, CVE-2024-26790)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1038-iot 5.4.0-1038.39
linux-image-5.4.0-1086-bluefield 5.4.0-1086.93
linux-image-bluefield 5.4.0.1086.82

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-6867-1
CVE-2021-47063, CVE-2021-47070, CVE-2023-52504, CVE-2024-0841,
CVE-2024-26688, CVE-2024-26712, CVE-2024-26733, CVE-2024-26735,
CVE-2024-26736, CVE-2024-26748, CVE-2024-26749, CVE-2024-26751,
CVE-2024-26752, CVE-2024-26754, CVE-2024-26763, CVE-2024-26764,
CVE-2024-26766, CVE-2024-26772, CVE-2024-26773, CVE-2024-26777,
CVE-2024-26778, CVE-2024-26779, CVE-2024-26788, CVE-2024-26790,
CVE-2024-26791, CVE-2024-26793, CVE-2024-26801, CVE-2024-26804,
CVE-2024-26805, CVE-2024-26835, CVE-2024-26839, CVE-2024-26840,
CVE-2024-26845, CVE-2024-26848, CVE-2024-27405, CVE-2024-27410,
CVE-2024-27412, CVE-2024-27413, CVE-2024-27414, CVE-2024-27416,
CVE-2024-27417

Package Information:
https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1086.93
https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1038.39