ClickCease New Ubuntu Kernel Security Updates Patch 3 Vulnerabilities

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

New Ubuntu Kernel Security Updates Patch 3 Vulnerabilities

Rohan Timalsina

July 10, 2023 - TuxCare expert team

Canonical has announced the release of new Ubuntu kernel security updates to address three vulnerabilities that security researchers have found. The Ubuntu kernel security updates are available for several Ubuntu releases, which include:

  • Ubuntu 23.04 (Lunar Lobster) running Linux kernel 6.2
  • Ubuntu 22.10 (Kinetic Kudu) running Linux kernel 5.19
  • Ubuntu 22.04 LTS (Jammy Jellyfish) running Linux kernel 5.15 LTS or 5.19 HWE
  • Ubuntu 20.04 LTS (Focal Fossa) running Linux kernel 5.4 or 5.14 HWE
  • Ubuntu 18.04 ESM running Linux kernel 5.4 HWE

 

Patched Vulnerabilities in Ubuntu Kernel

Following are the security vulnerabilities patched by the latest Ubuntu kernel security updates:

CVE-2023-35788

This is an out-of-bounds write vulnerability that was found by Hangyu Hua in the Linux kernel’s Flower classifier code (fl_set_geneve_opt in net/sched/cls_flower.c). As a result, a local attacker can use this flaw to cause a denial of service or escalate their privileges.

It has a CVSS 3 Severity score of 7.8.

CVE-2023-2430

Xingyuan Mo and Gengjia Chen found a new vulnerability in the Linux kernel’s io_uring subsystem implementation. It was caused due to improper handle locking of the io_uring subsystem when IOPOLL mode is being used. A local attacker can use this flaw to cause a denial of service.

Intel Processors Vulnerability

Furthermore, the Ubuntu kernel security updates address a flaw affecting Intel processors that arises from the INVLPG instruction implementation. Specifically, when PCIDs (Process-Context Identifiers) are enabled, the global Translation Lookaside Buffer (TLB) entries are not properly flushed. This flaw could potentially allow an attacker to expose sensitive information, such as kernel memory, or lead to unauthorized system behaviors.

Therefore, Ubuntu system admins are strongly recommended to update their installations with the new kernel packages available in the stable software repositories.

More details on packages and update instructions are available on the Ubuntu Security Notice page.

 

The sources for this article include a story from 9to5Linux.

Summary
New Ubuntu Kernel Security Updates Patch 3 Vulnerabilities
Article Name
New Ubuntu Kernel Security Updates Patch 3 Vulnerabilities
Description
Canonical has released new Ubuntu kernel security patches for three vulnerabilities found in the Linux kernel.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter