Kernel Live Patch Security Notice

2024-07-1600:00:00

ubuntu.com

linux kernel

ata over ethernet

netfilter

race condition

use-after-free

denial of service

arbitrary code

memory exhaustion

reference counting

nf_tables

cifs

underflow

nft_set_pipapo

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

JSON

Details

It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code.(CVE-2023-6270)

It was discovered that the netfilter connection tracker for netlink in the
Linux kernel did not properly perform reference counting in some error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion).(CVE-2023-7192)

In the Linux kernel, the following vulnerability has been
resolved: netfilter: nf_tables: disallow anonymous set with timeout flag
Anonymous sets are never used with timeout from userspace, reject this.
Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.(CVE-2024-26642)

In the Linux kernel, the following vulnerability has been
resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we
step through the buffer and after each item we check if the size_left is
greater than the minimum size we need. However, the problem is that
‘bytes_left’ is type ssize_t while sizeof() is type size_t. That means that
because of type promotion, the comparison is done as an unsigned and if we
have negative bytes left the loop continues instead of ending.(CVE-2024-26828)

In the Linux kernel, the following vulnerability has been
resolved: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)