ClickCease Addressing Linux Kernel HWE Vulnerabilities in Ubuntu

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Addressing Linux Kernel HWE Vulnerabilities in Ubuntu

Rohan Timalsina

July 2, 2024 - TuxCare expert team

The Linux Hardware Enablement (HWE) kernel plays a vital role in ensuring that LTS releases of Ubuntu can run on newer hardware. However, recent discoveries have highlighted several security issues within this kernel. The Ubuntu security team has addressed the Linux kernel HWE vulnerabilities in Ubuntu 22.04 LTS.

 

Linux Kernel HWE Vulnerabilities Fixed in Ubuntu

 

NVMe Driver Vulnerabilities

Researcher Ilon Zahavi identified critical issues within the NVMe-oF/TCP subsystem of the Linux kernel. The subsystem failed to properly validate Host-to-Controller (H2C) PDU data, resulting in null pointer dereference vulnerabilities. These vulnerabilities, identified as CVE-2023-6356, CVE-2023-6535, and CVE-2023-6536, could be exploited by remote attackers to cause a denial of service (DoS) by crashing the system.

 

CVE-2024-21823

Another vulnerability was found in the Intel Data Streaming and Intel Analytics Accelerator drivers. This flaw allowed unprivileged users and virtual machines direct access to the devices, posing a risk for local attackers to cause a denial of service.

 

CVE-2024-23849

An out-of-bounds read vulnerability was discovered in the Linux kernel’s RDS Protocol implementation. This issue could be exploited to cause a system crash, potentially leading to a denial of service.

 

CVE-2024-24860

A race condition in the Bluetooth subsystem of the Linux kernel was discovered, leading to a null pointer dereference vulnerability. A privileged local attacker could exploit this to crash the system, resulting in a denial of service.

 

Additional Vulnerabilities and Subsystem Updates

Several security issues were found across various Linux kernel components, which could potentially allow attackers to compromise the system. These include ARM64 architecture, PowerPC architecture, RISC-V architecture, S390 architecture, Core kernel, x86 architecture, Block layer subsystem, Cryptographic API, ACPI drivers, and more.

 

Patching Linux Kernel Vulnerabilities

 

To address these vulnerabilities, it is highly recommended to update your system’s kernel to the latest package versions provided by the Ubuntu security team. Updating the Linux kernel requires a reboot to apply the necessary changes. This can lead to downtime, which might not be feasible for all environments.

For environments requiring continuous uptime, consider live patching solutions like KernelCare Enterprise. Its live patching allows you to apply security updates to a running kernel without needing a reboot. This is especially useful for critical servers that can’t afford any interruptions. KernelCare supports all major Linux distributions, including Ubuntu, Debian, RHEL, AlmaLinux, CloudLinux, Amazon Linux, and more.

The KernelCare team has already released patches for the above vulnerabilities. You can track the release status for all vulnerabilities and operating systems in the TuxCare CVE tracker.

 

Conclusion

 

The recent discoveries of Linux kernel HWE vulnerabilities highlight the importance of timely updates and effective mitigation strategies. By utilizing KernelCare Enterprise, you can safeguard your Linux systems against these vulnerabilities and ensure uninterrupted operation.

Learn more about Linux live patching here.

 

Source: USN-6818-4

Summary
Addressing Linux Kernel HWE Vulnerabilities in Ubuntu
Article Name
Addressing Linux Kernel HWE Vulnerabilities in Ubuntu
Description
Discover the Linux kernel HWE vulnerabilities affecting Ubuntu 22.04 LTS. Learn how Linux live patching protects systems without downtime.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter