USN-6774-1

Details

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233)

Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability (CVE-2022-0001) were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information. (CVE-2024-2201)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

Hardware random number generator core;
Ext4 file system;
JFS file system;
Bluetooth subsystem;
Networking core;
IPv4 networking;
Logical Link layer;
Netlink;
Tomoyo security module; (CVE-2024-26704, CVE-2023-52615, CVE-2024-26805, CVE-2023-52604, CVE-2024-26614, CVE-2023-52602, CVE-2024-26635, CVE-2024-26622, CVE-2023-52601, CVE-2024-26801)

Affected Packages

Ubuntu:22.04:LTSlinux-aws-6.5

Fixed in:

6.5.0-1020.20~22.04.1

Ubuntu:22.04:LTSlinux-azure-6.5

Fixed in:

6.5.0-1021.22~22.04.1

Ubuntu:22.04:LTSlinux-gcp-6.5

Fixed in:

6.5.0-1020.20~22.04.1

Ubuntu:22.04:LTSlinux-hwe-6.5

Fixed in:

6.5.0-35.35~22.04.1

Ubuntu:22.04:LTSlinux-lowlatency-hwe-6.5

Fixed in:

6.5.0-35.35.1~22.04.1

Ubuntu:22.04:LTSlinux-nvidia-6.5

Fixed in:

6.5.0-1019.19

Ubuntu:22.04:LTSlinux-oem-6.5

Fixed in:

6.5.0-1023.24

Ubuntu:22.04:LTSlinux-oracle-6.5

Fixed in:

6.5.0-1023.23~22.04.1

Ubuntu:22.04:LTSlinux-starfive-6.5

Fixed in:

6.5.0-1014.15~22.04.1

References

USN-6774-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline