ClickCease Multiple Linux Kernel Vulnerabilities Lead to Denial of Service

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Multiple Linux Kernel Vulnerabilities Lead to Denial of Service

by Rohan Timalsina

June 27, 2024 - TuxCare expert team

Several vulnerabilities have been identified in the Linux kernel, potentially leading to denial of service or privilege escalation. However, the good news is the patches are already available for them. Ubuntu and Debian have already released them in the new Linux kernel security update.

 

Recent Linux Kernel Vulnerabilities and Fixes

 

Below are some of the notable vulnerabilities that have been patched:

 

CVE-2023-6270 (Cvss 3 Severity Score: 7.0 High)

A race condition was found in the Linux kernel’s ATA over Ethernet (AoE) driver. The issue lies in the aoecmd_cfg_pkts() function which improperly updates the reference count on struct net_device, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

 

CVE-2023-7042 (Cvss 3 Severity Score: 5.5 Medium)

Atheros 802.11ac wireless driver in the Linux kernel failed to properly validate certain data structures, causing a NULL pointer dereference. An attacker could exploit this to cause a denial of service.

 

CVE-2024-0841 (Cvss 3 Severity Score: 7.8 High)

A null pointer dereference vulnerability was found in the HugeTLB file system component of the Linux kernel. A local user could use this to crash the system or potentially escalate privileges.

 

CVE-2024-22099 (Cvss 3 Severity Score: 5.5 Medium)

Another NULL pointer dereference flaw was discovered in the Linux kernel’s Bluetooth RFCOMM protocol driver. The issue relates to overflow buffers in the net/bluetooth/rfcomm/core.c file. An attacker could possibly use this to cause a denial of service.

 

CVE-2024-27432

It was found that the Linux kernel’s MediaTek SoC Gigabit Ethernet driver had a race condition when stopping the device. A local attacker could potentially exploit this to cause a denial of service, leading to device unavailability.

 

Patching Linux Kernel Vulnerabilities

 

It is crucial to update your Linux kernel to the latest kernel version where these vulnerabilities have been fixed. Here are the steps to follow:

Perform a standard system update. On Ubuntu, you can do this by running these commands:

$ sudo apt update

$ sudo apt upgrade

After this, reboot your computer to complete the update. This is crucial for kernel updates to take effect.

For critical systems where rebooting is not feasible, consider using live patching. Live patching allows you to apply security updates to a running kernel without rebooting the system. KernelCare Enterprise offers automated live patching for all popular Linux distributions, including Ubuntu, Debian, AlmaLinux, RHEL, CentOS, CloudLinux, Amazon Linux, Oracle Linux, and more.

 

Conclusion

 

Regular updates and monitoring security advisories are key to maintaining a secure Linux environment. By staying informed about Linux kernel vulnerabilities and promptly applying security updates, you can protect your systems from potential exploits.

Send patching-related questions to a TuxCare security expert to learn about modernizing your Linux patching strategy with automated and rebootless patching.

 

Source: USN-6821-2

Summary
Multiple Linux Kernel Vulnerabilities Lead to Denial of Service
Article Name
Multiple Linux Kernel Vulnerabilities Lead to Denial of Service
Description
Stay informed about the latest Linux kernel vulnerabilities and their fixes. Learn how to protect your system from denial-of-service attacks.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!