LSN-0104-1: Kernel Live Patch Security Notice
10 June 2024
Several security issues were fixed in the kernel.
Releases
Software Description
- aws - Linux kernel for Amazon Web Services (AWS) systems - (>= 5.4.0-1009, >= 5.4.0-1061, >= 5.15.0-1000, >= 6.8.0-1008)
- aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
- aws-6.5 - Linux kernel for Amazon Web Services (AWS) systems - (>= 6.5.0-1007)
- azure - Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 5.15.0-1000)
- azure-6.5 - Linux kernel for Microsoft Azure cloud systems - (>= 6.5.0-1000)
- gcp - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009, >= 5.15.0-1000, >= 6.8.0-1007)
- gcp-5.15 - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000)
- gcp-6.5 - Linux kernel for Google Cloud Platform (GCP) systems - (>= 6.5.0-1000)
- generic-5.15 - Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
- generic-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-150, >= 5.4.0-26)
- gke - Linux kernel for Google Container Engine (GKE) systems - (>= 5.15.0-1000)
- gke-5.15 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.15.0-1000)
- gkeop - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
- hwe-6.5 - Linux hardware enablement (HWE) kernel - (>= 6.5.0-5)
- ibm - Linux kernel for IBM cloud systems - (>= 5.4.0-1009, >= 5.15.0-1000, >= 6.8.0-1005)
- ibm-5.15 - Linux kernel for IBM cloud systems - (>= 5.15.0-1000)
- linux - Linux kernel - (>= 5.15.0-71, >= 5.15.0-24, >= 6.8.0-1)
- lowlatency - Linux low latency kernel - (>= 5.15.0-25)
- lowlatency-5.15 - Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
- lowlatency-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-150, >= 5.4.0-26)
- oracle - Linux kernel for Oracle Cloud systems - (>= 5.4.0-1121, >= 5.15.0-1055)
- oracle-5.15 - Linux kernel for Oracle Cloud systems - (>= 5.15.0-1055)
Details
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code.(CVE-2023-6270)
It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-51781)
In the Linux kernel, the following vulnerability has been
resolved: netfilter: nft_set_rbtree: skip end interval element from gc
rbtree lazy gc on insert might collect an end interval element that has
been just added in this transactions, skip end interval elements that are
not yet active.(CVE-2024-26581)
In the Linux kernel, the following vulnerability has been
resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable
rmnet_link_ops assign a bigger maxtype which leads to a global out-of-
bounds read when parsing the netlink attributes.(CVE-2024-26597)
Checking update status
The problem can be corrected in these Livepatch versions:
| Kernel type | 24.04 | 22.04 | 20.04 | 18.04 |
|---|---|---|---|---|
| aws | 104.1 | 104.1 | 104.1 | — |
| aws-5.15 | — | — | 104.1 | — |
| aws-6.5 | — | 104.1 | — | — |
| azure | — | 104.1 | 104.1 | — |
| azure-6.5 | — | 104.1 | — | — |
| gcp | 104.1 | 104.1 | 104.1 | — |
| gcp-5.15 | — | — | 104.1 | — |
| gcp-6.5 | — | 104.1 | — | — |
| generic-5.15 | — | — | 104.1 | — |
| generic-5.4 | — | — | 104.1 | 104.1 |
| gke | — | 104.1 | — | — |
| gke-5.15 | — | — | 104.1 | — |
| gkeop | — | — | 104.1 | — |
| hwe-6.5 | — | 104.1 | — | — |
| ibm | 104.1 | 104.1 | 104.1 | — |
| ibm-5.15 | — | — | 104.1 | — |
| linux | 104.1 | 104.1 | — | — |
| lowlatency | — | 104.1 | — | — |
| lowlatency-5.15 | — | — | 104.1 | — |
| lowlatency-5.4 | — | — | 104.1 | 104.1 |
| oracle | — | 104.1 | 104.1 | — |
| oracle-5.15 | — | — | 104.1 | — |
To check your kernel type and Livepatch version, enter this command:
canonical-livepatch status