USN-7234-1

Details

Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-21400)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

TTY drivers;
Netfilter;
Network traffic control;
VMware vSockets driver; (CVE-2024-53141, CVE-2024-53103, CVE-2024-40967, CVE-2024-53164)

Affected Packages

Ubuntu:20.04:LTSlinux

Fixed in:

5.4.0-205.225

Ubuntu:20.04:LTSlinux-bluefield

Fixed in:

5.4.0-1098.105

Ubuntu:20.04:LTSlinux-gcp

Fixed in:

5.4.0-1142.151

Ubuntu:20.04:LTSlinux-ibm

Fixed in:

5.4.0-1085.90

Ubuntu:20.04:LTSlinux-kvm

Fixed in:

5.4.0-1126.134

Ubuntu:20.04:LTSlinux-oracle

Fixed in:

5.4.0-1137.146

Ubuntu:20.04:LTSlinux-raspi

Fixed in:

5.4.0-1122.134

Ubuntu:Pro:18.04:LTSlinux-gcp-5.4

Fixed in:

5.4.0-1142.151~18.04.1

Ubuntu:Pro:18.04:LTSlinux-ibm-5.4

Fixed in:

5.4.0-1085.90~18.04.1

Ubuntu:Pro:18.04:LTSlinux-oracle-5.4

Fixed in:

5.4.0-1137.146~18.04.1

References

REPORThttps://ubuntu.com/security/CVE-2023-21400 REPORThttps://ubuntu.com/security/CVE-2024-40967 REPORThttps://ubuntu.com/security/CVE-2024-53103 REPORThttps://ubuntu.com/security/CVE-2024-53141 REPORThttps://ubuntu.com/security/CVE-2024-53164 ADVISORYhttps://ubuntu.com/security/notices/USN-7234-1

USN-7234-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline