ADVISORY!
TLP : CLEAR
Date : 07/03/2024
REF NO : CERT / 2024/03/18
Ubuntu Linux Kernel Multiple Vulnerabilities
Severity Level: Medium
Components Affected
- Ubuntu 14.04 ESM
- Ubuntu 18.04 ESM
- Ubuntu 20.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 23.10
Overview
Multiple vulnerabilities were identified in Ubuntu Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution and sensitive information disclosure on the targeted system.
Description
Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service (guest crash) or possibly execute arbitrary code.
The netfilter subsystem in the Linux kernel did not store data in properly sized memory locations. A local user could use this to cause a denial of service (system crash).
VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information (kernel memory).
Race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Impact
- Denial of Service
- Remote Code Execution
- Information Disclosure
Solution/ Workarounds
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://ubuntu.com/security/notices/USN-6647-2
- https://ubuntu.com/security/notices/USN-6648-2
- https://ubuntu.com/security/notices/USN-6651-2
- https://ubuntu.com/security/notices/USN-6651-3
- https://ubuntu.com/security/notices/USN-6653-2
- https://ubuntu.com/security/notices/USN-6653-3
- https://ubuntu.com/security/notices/USN-6653-4
- https://ubuntu.com/security/notices/USN-6680-1
- https://ubuntu.com/security/notices/USN-6681-1
Reference
- https://ubuntu.com/security/notices/USN-6647-2
- https://ubuntu.com/security/notices/USN-6648-2
- https://ubuntu.com/security/notices/USN-6651-2
- https://ubuntu.com/security/notices/USN-6651-3
- https://ubuntu.com/security/notices/USN-6653-2
- https://ubuntu.com/security/notices/USN-6653-3
- https://ubuntu.com/security/notices/USN-6653-4
- https://ubuntu.com/security/notices/USN-6680-1
- https://ubuntu.com/security/notices/USN-6681-1
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
