USN-6923-2

Details

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. (CVE-2024-25742)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

TTY drivers;
SMB network file system;
Netfilter;
Bluetooth subsystem; (CVE-2024-26886, CVE-2023-52752, CVE-2024-36016, CVE-2024-26952, CVE-2024-27017)

Affected Packages

Ubuntu:20.04:LTSlinux-aws-5.15

Fixed in:

5.15.0-1066.72~20.04.1

Ubuntu:20.04:LTSlinux-ibm-5.15

Fixed in:

5.15.0-1059.62~20.04.1

Ubuntu:22.04:LTSlinux-ibm

Fixed in:

5.15.0-1059.62

Ubuntu:22.04:LTSlinux-raspi

Fixed in:

5.15.0-1059.62

References

REPORThttps://ubuntu.com/security/CVE-2023-52752 REPORThttps://ubuntu.com/security/CVE-2024-25742 REPORThttps://ubuntu.com/security/CVE-2024-26886 REPORThttps://ubuntu.com/security/CVE-2024-26952 REPORThttps://ubuntu.com/security/CVE-2024-27017 REPORThttps://ubuntu.com/security/CVE-2024-36016 ADVISORYhttps://ubuntu.com/security/notices/USN-6923-2

USN-6923-2

Details

Affected Packages

References

Upstream

Ecosystems

Timeline