Linux Kernel Vulnerabilities Addressed in EOL Ubuntu Systems
The year 2023 is coming near to end and by far, 271 vulnerabilities have been discovered in the Linux kernel. Recently, the three end-of-life Ubuntu systems, Ubuntu 18.04, Ubuntu 16.04, and Ubuntu 14.04, have received security patches for several Linux kernel packages.
Also, it is important to note that these security updates are available for Ubuntu Pro users only. Since these versions have already hit the end of the road, no official fixes or updates are provided for normal users.
As many users still use these systems, the alternative solution for ensuring a secure computing environment is TuxCare’s Extended Lifecycle Support. TuxCare offers an additional four years of vendor-grade support with automated security patches after the EOL period.
Ubuntu Kernel Vulnerabilities Fixed
1. CVE-2023-31085 (Cvss 3 Severity Score 5.5)
One of the vulnerabilities lies within the UBI driver, posing a risk to system stability. A local privileged attacker can exploit improper checks during device attachment, triggering a denial of service (system crash). Understanding and addressing this flaw is crucial to maintaining a secure Linux environment.
2. Netfilter Subsystem Vulnerabilities
The netfilter subsystem, a critical component for packet filtering in the Linux kernel, faces multiple vulnerabilities:
a. Improper validation of user-supplied attributes (CVE-2023-39189).
b. Inadequate validation of u32 packets content, leading to an out-of-bounds read vulnerability (CVE-2023-39192).
c. Insufficient validation of SCTP data, resulting in an out-of-bounds read vulnerability (CVE-2023-39193).
d. Netlink Transformation (XFRM) subsystem vulnerability due to improper handling of state filters, risking a denial-of-service (CVE-2023-39194).
Understanding the nuances of these vulnerabilities is essential for administrators to fortify their systems against potential exploits.
3. CVE-2023-42754 (Cvss 3 Severity Score 5.5)
The IPv4 implementation in the Linux kernel harbors a vulnerability where improper handling of socket buffers during IP routing can lead to a null pointer dereference. This flaw, if exploited by a privileged attacker, can result in a denial of service. System administrators need to be vigilant in addressing this specific weakness to ensure the robustness of their Linux environments.
4. CVE-2023-45862 (Cvss 3 Severity Score 7.5)
The USB ENE card reader driver flaw exposes a vulnerability that allows a local attacker to trigger a denial of service. This occurs through the exploitation of insufficient memory allocation during the processing of storage device boot blocks. Mitigating this risk requires a comprehensive understanding of the flaw’s intricacies and diligent system patching.
5. CVE-2023-45871 (Cvss 3 Severity Score 9.8)
Discovered by Manfred Rudigier, the buffer overflow vulnerability in the Intel(R) PCI-Express Gigabit (igb) Ethernet driver poses a significant threat. An attacker can cause a denial-of-service or potentially execute arbitrary code by improperly validating received frames larger than the set MTU size. System administrators should prioritize updating affected systems to reduce the risks of potential exploitation.
6. CVE-2023-5717 (Cvss 3 Severity Score 7.8)
Budimir Markovic uncovered a vulnerability in the perf subsystem where inadequate handling of event groups leads to an out-of-bounds write vulnerability. This enables a local attacker to cause a denial of service or potentially execute arbitrary code. Staying informed about this flaw and promptly applying patches is crucial for maintaining a secure Linux environment.
In the dynamic landscape of cybersecurity, understanding and addressing Linux kernel vulnerabilities is paramount. Without security fixes, the EOL systems become more vulnerable and easier targets for cybercriminals. TuxCare fills the gap in security updates in EOL Ubuntu systems by releasing security patches for high and critical vulnerabilities. It is crucial to stay informed about potential threats, monitor security advisories actively, and promptly apply patches to ensure the resilience of the Linux systems against emerging risks.
The sources for this article can be found on USN-6494-2.