Tech Support
Documentation
Login
Contact Us
Ubuntu Linux Kernel Updates Fixed Several Vulnerabilities
Rohan Timalsina
December 18, 2023 - TuxCare expert team
The recent Ubuntu Linux Kernel security updates have fixed several vulnerabilities found in the Linux kernel. These updates are available for Ubuntu 23.04 and Ubuntu 22.04 LTS operating systems. In this article, we will explore these vulnerabilities, shedding light on their potential impact and the corresponding Common Vulnerabilities and Exposures (CVE) identifiers.
High Severity Ubuntu Linux Kernel Vulnerabilities
CVE-2023-5178
Alon Zahavi found a vulnerability in the Linux kernel’s NVMe-oF/TCP subsystem, where certain situations involving queue initialization failures were not properly handled, resulting in a use-after-free vulnerability. Exploiting this flaw could allow a remote attacker to trigger a denial of service (system crash) or potentially execute arbitrary code.
CVE-2023-5717
Budimir Markovic identified a vulnerability in the Linux kernel’s perf subsystem, where the handling of event groups was inadequate, resulting in an out-of-bounds write vulnerability. This flaw could be exploited by a local attacker to cause a denial of service (system crash) or potentially execute arbitrary code.
Medium Severity Ubuntu Linux Kernel Vulnerabilities
CVE-2023-39189
Lucas Leong identified a vulnerability in the Linux kernel’s netfilter subsystem, where certain attributes received from userspace were not adequately validated. Exploiting this flaw could enable a local attacker to cause a denial of service (resulting in a system crash) or potentially disclose sensitive information from the kernel memory.
CVE-2023-39192
Sunjoo Park identified a flaw in the Linux kernel’s netfilter subsystem, where the validation of u32 packet content was inadequate, resulting in an out-of-bounds read vulnerability. This could be exploited by a local attacker to trigger a denial of service (system crash) or potentially reveal sensitive information.
CVE-2023-39193
Lucas Leong found a vulnerability in the Linux kernel’s netfilter subsystem, where the validation of SCTP data was insufficient, resulting in an out-of-bounds read vulnerability. Exploiting this flaw could allow a local attacker to induce a denial of service (system crash) or potentially disclose sensitive information.
CVE-2023-39198
A race condition was identified in the QXL virtual GPU driver within the Linux kernel, resulting in a use-after-free vulnerability. This flaw could be exploited by a local attacker to initiate a denial of service (system crash) or potentially execute arbitrary code.
Conclusion
It is essential to update the Ubuntu systems to address these Linux kernel vulnerabilities and maintain a secure environment. However, a reboot would be required after a standard system update, which may be impractical for critical systems that cannot afford significant downtime.
In that case, you can go for a rebootless automated patching solution, TuxCare’s KernelCare Enterprise. KernelCare applies security updates automatically to Ubuntu and many other distributions without having to reboot or schedule maintenance windows.
Learn how live patching works with KernelCare Enterprise. Or, speak to a TuxCare Linux security expert for your organization’s unique requirements.
The sources for this article are available on USN-6534-1.
