1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-6700-2

[USN-6700-2] Linux kernel (AWS) vulnerabilities

Severity High
Affected Packages 15
CVEs 7
Info Packages Vulnerabilities

Several security issues were fixed in the Linux kernel.

It was discovered that the Layer 2 Tunneling Protocol (L2TP) implementation
in the Linux kernel contained a race condition when releasing PPPoL2TP
sockets in certain conditions, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2022-20567)

It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle block device modification while it is
mounted. A privileged attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-34256)

Eric Dumazet discovered that the netfilter subsystem in the Linux kernel
did not properly handle DCCP conntrack buffers in certain situations,
leading to an out-of-bounds read vulnerability. An attacker could possibly
use this to expose sensitive information (kernel memory). (CVE-2023-39197)

It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-51781)

It was discovered that the ext4 file system implementation in the Linux
kernel did not properly handle the remount operation in certain cases,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2024-0775)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2024-1086)

It was discovered that a race condition existed in the SCSI Emulex
LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF
and re-scanning an HBA FCF table, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-24855)

Package Affected Version
pkg:deb/ubuntu/linux-tools-aws?distro=xenial < 4.4.0.1167.171
pkg:deb/ubuntu/linux-tools-4.4.0-1167-aws?distro=xenial < 4.4.0-1167.182
pkg:deb/ubuntu/linux-modules-extra-aws?distro=xenial < 4.4.0.1167.171
pkg:deb/ubuntu/linux-modules-extra-4.4.0-1167-aws?distro=xenial < 4.4.0-1167.182
pkg:deb/ubuntu/linux-modules-4.4.0-1167-aws?distro=xenial < 4.4.0-1167.182
pkg:deb/ubuntu/linux-image-aws?distro=xenial < 4.4.0.1167.171
pkg:deb/ubuntu/linux-image-4.4.0-1167-aws?distro=xenial < 4.4.0-1167.182
pkg:deb/ubuntu/linux-headers-aws?distro=xenial < 4.4.0.1167.171
pkg:deb/ubuntu/linux-headers-4.4.0-1167-aws?distro=xenial < 4.4.0-1167.182
pkg:deb/ubuntu/linux-cloud-tools-4.4.0-1167-aws?distro=xenial < 4.4.0-1167.182
pkg:deb/ubuntu/linux-buildinfo-4.4.0-1167-aws?distro=xenial < 4.4.0-1167.182
pkg:deb/ubuntu/linux-aws?distro=xenial < 4.4.0.1167.171
pkg:deb/ubuntu/linux-aws-tools-4.4.0-1167?distro=xenial < 4.4.0-1167.182
pkg:deb/ubuntu/linux-aws-headers-4.4.0-1167?distro=xenial < 4.4.0-1167.182
pkg:deb/ubuntu/linux-aws-cloud-tools-4.4.0-1167?distro=xenial < 4.4.0-1167.182
ID
USN-6700-2
Severity
high
Severity from
CVE-2024-1086
URL
https://ubuntu.com/security/notices/USN-6700-2
Published
2024-03-21T20:19:05
(5 months ago)
Modified
2024-03-21T20:19:05
(5 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/linux-tools-aws?distro=xenial ubuntu linux-tools-aws < 4.4.0.1167.171 xenial
Affected pkg:deb/ubuntu/linux-tools-4.4.0-1167-aws?distro=xenial ubuntu linux-tools-4.4.0-1167-aws < 4.4.0-1167.182 xenial
Affected pkg:deb/ubuntu/linux-modules-extra-aws?distro=xenial ubuntu linux-modules-extra-aws < 4.4.0.1167.171 xenial
Affected pkg:deb/ubuntu/linux-modules-extra-4.4.0-1167-aws?distro=xenial ubuntu linux-modules-extra-4.4.0-1167-aws < 4.4.0-1167.182 xenial
Affected pkg:deb/ubuntu/linux-modules-4.4.0-1167-aws?distro=xenial ubuntu linux-modules-4.4.0-1167-aws < 4.4.0-1167.182 xenial
Affected pkg:deb/ubuntu/linux-image-aws?distro=xenial ubuntu linux-image-aws < 4.4.0.1167.171 xenial
Affected pkg:deb/ubuntu/linux-image-4.4.0-1167-aws?distro=xenial ubuntu linux-image-4.4.0-1167-aws < 4.4.0-1167.182 xenial
Affected pkg:deb/ubuntu/linux-headers-aws?distro=xenial ubuntu linux-headers-aws < 4.4.0.1167.171 xenial
Affected pkg:deb/ubuntu/linux-headers-4.4.0-1167-aws?distro=xenial ubuntu linux-headers-4.4.0-1167-aws < 4.4.0-1167.182 xenial
Affected pkg:deb/ubuntu/linux-cloud-tools-4.4.0-1167-aws?distro=xenial ubuntu linux-cloud-tools-4.4.0-1167-aws < 4.4.0-1167.182 xenial
Affected pkg:deb/ubuntu/linux-buildinfo-4.4.0-1167-aws?distro=xenial ubuntu linux-buildinfo-4.4.0-1167-aws < 4.4.0-1167.182 xenial
Affected pkg:deb/ubuntu/linux-aws?distro=xenial ubuntu linux-aws < 4.4.0.1167.171 xenial
Affected pkg:deb/ubuntu/linux-aws-tools-4.4.0-1167?distro=xenial ubuntu linux-aws-tools-4.4.0-1167 < 4.4.0-1167.182 xenial
Affected pkg:deb/ubuntu/linux-aws-headers-4.4.0-1167?distro=xenial ubuntu linux-aws-headers-4.4.0-1167 < 4.4.0-1167.182 xenial
Affected pkg:deb/ubuntu/linux-aws-cloud-tools-4.4.0-1167?distro=xenial ubuntu linux-aws-cloud-tools-4.4.0-1167 < 4.4.0-1167.182 xenial
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date