USN-6818-1: Linux kernel vulnerabilities

Releases

• Ubuntu 23.10
• Ubuntu 22.04 LTS

Packages

• linux - Linux kernel
• linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
• linux-gcp-6.5 - Linux kernel for Google Cloud Platform (GCP) systems
• linux-lowlatency - Linux low latency kernel
• linux-lowlatency-hwe-6.5 - Linux low latency kernel
• linux-raspi - Linux kernel for Raspberry Pi systems

Details

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly validate H2C PDU data, leading to a null pointer
dereference vulnerability. A remote attacker could use this to cause a
denial of service (system crash). (CVE-2023-6356, CVE-2023-6535,
CVE-2023-6536)

It was discovered that the Intel Data Streaming and Intel Analytics
Accelerator drivers in the Linux kernel allowed direct access to the
devices for unprivileged users and virtual machines. A local attacker could
use this to cause a denial of service. (CVE-2024-21823)

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux
kernel contained an out-of-bounds read vulnerability. An attacker could use
this to possibly cause a denial of service (system crash). (CVE-2024-23849)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

• ARM64 architecture;
• PowerPC architecture;
• RISC-V architecture;
• S390 architecture;
• Core kernel;
• x86 architecture;
• Block layer subsystem;
• Cryptographic API;
• ACPI drivers;
• Android drivers;
• Drivers core;
• Power management core;
• Bus devices;
• Device frequency scaling framework;
• DMA engine subsystem;
• EDAC drivers;
• ARM SCMI message protocol;
• GPU drivers;
• IIO ADC drivers;
• InfiniBand drivers;
• IOMMU subsystem;
• Media drivers;
• Multifunction device drivers;
• MTD block device drivers;
• Network drivers;
• NVME drivers;
• Device tree and open firmware driver;
• PCI driver for MicroSemi Switchtec;
• Power supply drivers;
• RPMSG subsystem;
• SCSI drivers;
• QCOM SoC drivers;
• SPMI drivers;
• Thermal drivers;
• TTY drivers;
• VFIO drivers;
• BTRFS file system;
• Ceph distributed file system;
• EFI Variable file system;
• EROFS file system;
• Ext4 file system;
• F2FS file system;
• GFS2 file system;
• JFS file system;
• Network file systems library;
• Network file system server daemon;
• File systems infrastructure;
• Pstore file system;
• ReiserFS file system;
• SMB network file system;
• BPF subsystem;
• Memory management;
• TLS protocol;
• Ethernet bridge;
• Networking core;
• IPv4 networking;
• IPv6 networking;
• Logical Link layer;
• MAC80211 subsystem;
• Multipath TCP;
• Netfilter;
• NetLabel subsystem;
• Network traffic control;
• SMC sockets;
• Sun RPC protocol;
• AppArmor security module;
• Intel ASoC drivers;
• MediaTek ASoC drivers;
• USB sound devices;
  (CVE-2023-52598, CVE-2023-52676, CVE-2023-52609, CVE-2024-26620,
  CVE-2023-52487, CVE-2023-52465, CVE-2023-52473, CVE-2023-52467,
  CVE-2024-26583, CVE-2023-52669, CVE-2023-52664, CVE-2023-52449,
  CVE-2023-52614, CVE-2024-26595, CVE-2023-52611, CVE-2023-52696,
  CVE-2023-52591, CVE-2023-52491, CVE-2024-35839, CVE-2023-52679,
  CVE-2024-26607, CVE-2023-52587, CVE-2023-52469, CVE-2023-52608,
  CVE-2023-52617, CVE-2023-52698, CVE-2024-26673, CVE-2024-35835,
  CVE-2024-26808, CVE-2024-26668, CVE-2023-52626, CVE-2023-52621,
  CVE-2024-35837, CVE-2023-52489, CVE-2023-52597, CVE-2024-26649,
  CVE-2024-26615, CVE-2024-35838, CVE-2023-52693, CVE-2023-52497,
  CVE-2024-35842, CVE-2024-26618, CVE-2024-26610, CVE-2024-26631,
  CVE-2024-26644, CVE-2024-26627, CVE-2023-52677, CVE-2023-52472,
  CVE-2023-52627, CVE-2023-52486, CVE-2023-52632, CVE-2023-52494,
  CVE-2023-52468, CVE-2024-26634, CVE-2023-52588, CVE-2024-26646,
  CVE-2024-26584, CVE-2023-52443, CVE-2023-52691, CVE-2024-26612,
  CVE-2023-52595, CVE-2024-26592, CVE-2024-26623, CVE-2023-52492,
  CVE-2024-26670, CVE-2023-52583, CVE-2023-52681, CVE-2023-52635,
  CVE-2023-52457, CVE-2023-52445, CVE-2024-26629, CVE-2024-26594,
  CVE-2023-52675, CVE-2023-52488, CVE-2023-52446, CVE-2024-26625,
  CVE-2023-52697, CVE-2023-52453, CVE-2023-52498, CVE-2023-52686,
  CVE-2023-52593, CVE-2023-52612, CVE-2023-52687, CVE-2023-52470,
  CVE-2023-52455, CVE-2023-52444, CVE-2024-26608, CVE-2024-26633,
  CVE-2024-26645, CVE-2023-52451, CVE-2023-52456, CVE-2024-26640,
  CVE-2023-52670, CVE-2023-52589, CVE-2024-26598, CVE-2024-35841,
  CVE-2024-26647, CVE-2024-26636, CVE-2023-52680, CVE-2023-52616,
  CVE-2023-52685, CVE-2024-26582, CVE-2024-26638, CVE-2023-52694,
  CVE-2024-35840, CVE-2023-52448, CVE-2023-52623, CVE-2023-52462,
  CVE-2023-52452, CVE-2024-26641, CVE-2023-52683, CVE-2023-52682,
  CVE-2023-52594, CVE-2023-52490, CVE-2023-52493, CVE-2023-52633,
  CVE-2023-52606, CVE-2024-26669, CVE-2023-52584, CVE-2024-26585,
  CVE-2023-52610, CVE-2023-52672, CVE-2023-52450, CVE-2023-52666,
  CVE-2023-52458, CVE-2023-52622, CVE-2023-52674, CVE-2023-52619,
  CVE-2024-26586, CVE-2023-52667, CVE-2024-26616, CVE-2023-52463,
  CVE-2024-26632, CVE-2023-52447, CVE-2023-52692, CVE-2023-52678,
  CVE-2023-52607, CVE-2023-52618, CVE-2023-52464, CVE-2024-26671,
  CVE-2023-52599, CVE-2023-52454, CVE-2023-52495, CVE-2023-52690)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.10

• linux-image-6.5.0-1018-raspi - 6.5.0-1018.21
• linux-image-6.5.0-1022-gcp - 6.5.0-1022.24
• linux-image-6.5.0-41-generic - 6.5.0-41.41
• linux-image-6.5.0-41-generic-64k - 6.5.0-41.41
• linux-image-6.5.0-41-lowlatency - 6.5.0-41.41.1
• linux-image-6.5.0-41-lowlatency-64k - 6.5.0-41.41.1
• linux-image-gcp - 6.5.0.1022.24
• linux-image-generic - 6.5.0.41.41
• linux-image-generic-64k - 6.5.0.41.41
• linux-image-generic-lpae - 6.5.0.41.41
• linux-image-kvm - 6.5.0.41.41
• linux-image-lowlatency - 6.5.0.41.41.1
• linux-image-lowlatency-64k - 6.5.0.41.41.1
• linux-image-raspi - 6.5.0.1018.19
• linux-image-raspi-nolpae - 6.5.0.1018.19
• linux-image-virtual - 6.5.0.41.41

Ubuntu 22.04

• linux-image-6.5.0-1022-gcp - 6.5.0-1022.24~22.04.1
• linux-image-6.5.0-41-lowlatency - 6.5.0-41.41.1~22.04.1
• linux-image-6.5.0-41-lowlatency-64k - 6.5.0-41.41.1~22.04.1
• linux-image-gcp - 6.5.0.1022.24~22.04.1
• linux-image-lowlatency-64k-hwe-22.04 - 6.5.0.41.41.1~22.04.1
• linux-image-lowlatency-hwe-22.04 - 6.5.0.41.41.1~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

• CVE-2024-26631
• CVE-2023-52467
• CVE-2023-52690
• CVE-2024-26671
• CVE-2024-26636
• CVE-2024-26618
• CVE-2023-52587
• CVE-2024-35839
• CVE-2023-52669
• CVE-2024-26673
• CVE-2023-52495
• CVE-2023-52676
• CVE-2023-52672
• CVE-2023-52687
• CVE-2024-26625
• CVE-2024-35838
• CVE-2023-52698
• CVE-2023-52679
• CVE-2023-52451
• CVE-2023-52691
• CVE-2023-52449
• CVE-2023-52469
• CVE-2023-52683
• CVE-2023-52696
• CVE-2024-23849
• CVE-2023-52463
• CVE-2024-26586
• CVE-2023-52685
• CVE-2024-26644
• CVE-2023-52666
• CVE-2024-26598
• CVE-2023-52443
• CVE-2024-26629
• CVE-2023-52667
• CVE-2023-52595
• CVE-2023-6535
• CVE-2023-52444
• CVE-2024-26646
• CVE-2023-52616
• CVE-2024-26669
• CVE-2023-6536
• CVE-2023-52456
• CVE-2023-52458
• CVE-2023-52453
• CVE-2023-52472
• CVE-2023-52635
• CVE-2023-52494
• CVE-2023-52493
• CVE-2023-52464
• CVE-2023-52686
• CVE-2023-52497
• CVE-2023-52446
• CVE-2023-52490
• CVE-2023-52697
• CVE-2024-26808
• CVE-2024-26585
• CVE-2024-26620
• CVE-2023-52682
• CVE-2024-26608
• CVE-2023-52681
• CVE-2023-52607
• CVE-2023-52591
• CVE-2024-26640
• CVE-2024-26612
• CVE-2023-52621
• CVE-2023-52589
• CVE-2023-52597
• CVE-2024-26592
• CVE-2024-35840
• CVE-2023-6356
• CVE-2024-26607
• CVE-2024-26638
• CVE-2023-52617
• CVE-2023-52489
• CVE-2023-52675
• CVE-2023-52452
• CVE-2023-52594
• CVE-2024-26641
• CVE-2023-52633
• CVE-2024-26616
• CVE-2024-26610
• CVE-2023-52670
• CVE-2023-52445
• CVE-2023-52447
• CVE-2023-52450
• CVE-2024-35837
• CVE-2023-52618
• CVE-2023-52473
• CVE-2024-26583
• CVE-2023-52612
• CVE-2023-52488
• CVE-2023-52583
• CVE-2023-52623
• CVE-2024-26645
• CVE-2023-52611
• CVE-2024-26632
• CVE-2024-26647
• CVE-2024-26623
• CVE-2023-52457
• CVE-2023-52619
• CVE-2023-52627
• CVE-2023-52462
• CVE-2024-26594
• CVE-2023-52606
• CVE-2023-52678
• CVE-2023-52487
• CVE-2023-52614
• CVE-2024-26668
• CVE-2023-52498
• CVE-2023-52693
• CVE-2023-52680
• CVE-2023-52486
• CVE-2023-52664
• CVE-2024-35841
• CVE-2023-52492
• CVE-2023-52588
• CVE-2023-52608
• CVE-2023-52491
• CVE-2023-52470
• CVE-2023-52455
• CVE-2023-52599
• CVE-2023-52609
• CVE-2024-35835
• CVE-2023-52593
• CVE-2024-26649
• CVE-2024-26633
• CVE-2023-52448
• CVE-2024-26584
• CVE-2023-52584
• CVE-2023-52674
• CVE-2023-52694
• CVE-2023-52454
• CVE-2023-52692
• CVE-2023-52468
• CVE-2023-52598
• CVE-2024-26634
• CVE-2023-52465
• CVE-2024-26627
• CVE-2023-52632
• CVE-2023-52626
• CVE-2024-35842
• CVE-2024-24860
• CVE-2023-52677
• CVE-2024-21823
• CVE-2023-52610
• CVE-2024-26615
• CVE-2024-26595
• CVE-2024-26582
• CVE-2023-52622
• CVE-2024-26670

Related notices

• USN-6725-1
• USN-6725-2
• USN-6819-1
• USN-6818-2
• USN-6819-2
• USN-6819-3
• USN-6818-3
• USN-6818-4
• USN-6819-4
• USN-6688-1
• USN-6766-1
• USN-6767-1
• USN-6767-2
• USN-6766-2
• USN-6766-3
• USN-6795-1
• USN-6828-1
• USN-7121-1
• USN-7121-2
• USN-7121-3
• USN-7148-1
• USN-6726-1
• USN-6726-2
• USN-6726-3
• USN-6739-1
• USN-6740-1
• USN-6926-1
• USN-6938-1
• USN-6926-2
• USN-6926-3
• USN-6896-1
• USN-6896-2
• USN-6896-3
• USN-6896-4
• USN-6896-5
• USN-6898-1
• USN-6898-2
• USN-6898-3
• USN-6898-4
• USN-6917-1
• USN-6919-1
• USN-6927-1
• USN-7019-1
• USN-7088-1
• USN-7088-2
• USN-7088-3
• USN-7088-4
• USN-7100-1
• USN-7100-2
• USN-7088-5
• USN-7119-1
• USN-7123-1
• USN-7144-1
• USN-6820-1
• USN-6821-1
• USN-6821-2
• USN-6820-2
• USN-6821-3
• USN-6821-4
• USN-6871-1
• USN-6892-1
• USN-7159-1
• USN-6924-1
• USN-6924-2
• USN-6953-1
• USN-6979-1
• LSN-0106-1
• USN-7069-1
• USN-7069-2
• USN-6777-1
• USN-6777-2
• USN-6777-3
• USN-6777-4
• USN-6972-1
• USN-6972-2
• USN-6972-3
• USN-6972-4
• USN-6973-1
• USN-6973-2
• USN-6973-3
• USN-6973-4
• USN-7006-1
• USN-6816-1
• USN-6870-1
• USN-6873-1
• USN-6874-1
• USN-6875-1
• USN-6864-1
• USN-6878-1
• USN-6864-2
• USN-6873-2
• USN-6870-2
• USN-6864-3