LSN-0104-1: Kernel Live Patch Security Notice

10 June 2024

Several security issues were fixed in the kernel.

Releases

Software Description

  • aws - Linux kernel for Amazon Web Services (AWS) systems - (>= 5.4.0-1009, >= 5.4.0-1061, >= 5.15.0-1000, >= 6.8.0-1008)
  • aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
  • aws-6.5 - Linux kernel for Amazon Web Services (AWS) systems - (>= 6.5.0-1007)
  • azure - Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 5.15.0-1000)
  • azure-6.5 - Linux kernel for Microsoft Azure cloud systems - (>= 6.5.0-1000)
  • gcp - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009, >= 5.15.0-1000, >= 6.8.0-1007)
  • gcp-5.15 - Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000)
  • gcp-6.5 - Linux kernel for Google Cloud Platform (GCP) systems - (>= 6.5.0-1000)
  • generic-5.15 - Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
  • generic-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-150, >= 5.4.0-26)
  • gke - Linux kernel for Google Container Engine (GKE) systems - (>= 5.15.0-1000)
  • gke-5.15 - Linux kernel for Google Container Engine (GKE) systems - (>= 5.15.0-1000)
  • gkeop - Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
  • hwe-6.5 - Linux hardware enablement (HWE) kernel - (>= 6.5.0-5)
  • ibm - Linux kernel for IBM cloud systems - (>= 5.4.0-1009, >= 5.15.0-1000, >= 6.8.0-1005)
  • ibm-5.15 - Linux kernel for IBM cloud systems - (>= 5.15.0-1000)
  • linux - Linux kernel - (>= 5.15.0-71, >= 5.15.0-24, >= 6.8.0-1)
  • lowlatency - Linux low latency kernel - (>= 5.15.0-25)
  • lowlatency-5.15 - Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
  • lowlatency-5.4 - Linux kernel - (>= 5.4.0-26, >= 5.4.0-150, >= 5.4.0-26)
  • oracle - Linux kernel for Oracle Cloud systems - (>= 5.4.0-1121, >= 5.15.0-1055)
  • oracle-5.15 - Linux kernel for Oracle Cloud systems - (>= 5.15.0-1055)

Details

It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code.(CVE-2023-6270)

It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-51781)

In the Linux kernel, the following vulnerability has been
resolved: netfilter: nft_set_rbtree: skip end interval element from gc
rbtree lazy gc on insert might collect an end interval element that has
been just added in this transactions, skip end interval elements that are
not yet active.(CVE-2024-26581)

In the Linux kernel, the following vulnerability has been
resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable
rmnet_link_ops assign a bigger maxtype which leads to a global out-of-
bounds read when parsing the netlink attributes.(CVE-2024-26597)

Checking update status

The problem can be corrected in these Livepatch versions:

Kernel type 24.04 22.04 20.04 18.04
aws 104.1 104.1 104.1
aws-5.15 104.1
aws-6.5 104.1
azure 104.1 104.1
azure-6.5 104.1
gcp 104.1 104.1 104.1
gcp-5.15 104.1
gcp-6.5 104.1
generic-5.15 104.1
generic-5.4 104.1 104.1
gke 104.1
gke-5.15 104.1
gkeop 104.1
hwe-6.5 104.1
ibm 104.1 104.1 104.1
ibm-5.15 104.1
linux 104.1 104.1
lowlatency 104.1
lowlatency-5.15 104.1
lowlatency-5.4 104.1 104.1
oracle 104.1 104.1
oracle-5.15 104.1

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status