USN-7234-5

Details

Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-21400)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

TTY drivers;
Netfilter;
Network traffic control;
VMware vSockets driver; (CVE-2024-53141, CVE-2024-53103, CVE-2024-40967, CVE-2024-53164)

Affected Packages

Ubuntu:Pro:18.04:LTSlinux-aws-5.4

Fixed in:

5.4.0-1139.149~18.04.1

Ubuntu:Pro:18.04:LTSlinux-raspi-5.4

Fixed in:

5.4.0-1122.134~18.04.1

References

REPORThttps://ubuntu.com/security/CVE-2023-21400 REPORThttps://ubuntu.com/security/CVE-2024-40967 REPORThttps://ubuntu.com/security/CVE-2024-53103 REPORThttps://ubuntu.com/security/CVE-2024-53141 REPORThttps://ubuntu.com/security/CVE-2024-53164 ADVISORYhttps://ubuntu.com/security/notices/USN-7234-5

USN-7234-5

Details

Affected Packages

References

Upstream

Ecosystems

Timeline