Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 24.04 LTS - Ubuntu 16.04 LTS - Ubuntu 22.04 LTS Summary Several security issues were fixed in the kernel. Software Description - linux - Linux kernel - linux-aws - Linux kernel for Amazon Web Services (AWS) systems - linux-azure - Linux kernel for Microsoft Azure Cloud systems - linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems - linux-gke - Linux kernel for Google Container Engine (GKE) systems - linux-ibm - Linux kernel for IBM cloud systems - linux-oracle - Linux kernel for Oracle Cloud systems Details In the Linux kernel, the following vulnerability has been resolved: btrfs: ref-verify: fix use-after-free after invalid ref action At btrfs_ref_tree_mod() after we successfully inserted the new ref entry (local variable ‘ref’) into the respective block entry’s rbtree (local variable ‘be’), if we find an unexpected action of BTRFS_DROP_DELAYED_REF, we error out and free the ref entry without removing it from the block entry’s rbtree. (CVE-2024-56581) In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high ‘sd_sgentry_align’ value applies (e.g. 512) and a lot of queued SKBs are sent from the pkt queue. (CVE-2024-56593) In the Linux kernel, the following vulnerability has been resolved: net/smc: fix LGR and link use-after-free issue We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the clear process, making resource access unsafe. (CVE-2024-56640) In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification, we can’t calculate an expected_size. (CVE-2025-21704) In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table().. (CVE-2025-21780) In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate() and compared to what is logically required. nft_map_catchall_activate() is called from the abort path to re-activate catchall map elements that were deactivated during a failed transaction. (CVE-2026-23111) Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (CVE-2026-23268) Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (CVE-2026-23269) Update instructions The problem can be corrected by updating your kernel livepatch to the following versions: Ubuntu 20.04 LTS aws - 119.1 azure - 119.1 gcp - 119.1 generic - 119.1 ibm - 119.1 lowlatency - 119.1 oracle - 119.1 Ubuntu 18.04 LTS aws - 119.1 azure - 119.1 gcp - 119.1 generic - 119.1 lowlatency - 119.1 oracle - 119.1 Ubuntu 24.04 LTS aws - 119.1 azure - 119.1 gcp - 119.1 generic - 119.1 ibm - 119.1 oracle - 119.1 Ubuntu 16.04 LTS aws - 119.1 azure - 119.1 generic - 119.1 lowlatency - 119.1 Ubuntu 22.04 LTS aws - 119.1 azure - 119.1 gcp - 119.1 generic - 119.1 gke - 119.1 ibm - 119.1 oracle - 119.1 Support Information Livepatches for supported LTS kernels will receive upgrades for a period of up to 13 months after the build date of the kernel. Livepatches for supported HWE kernels which are not based on an LTS kernel version will receive upgrades for a period of up to 9 months after the build date of the kernel, or until the end of support for that kernel’s non-LTS distro release version, whichever is sooner. References - CVE-2024-56581 - CVE-2024-56593 - CVE-2024-56640 - CVE-2025-21704 - CVE-2025-21780 - CVE-2026-23111 - CVE-2026-23268 - CVE-2026-23269
No comments:
Post a Comment