ClickCease Ubuntu Livepatch Fixed Several Linux Kernel Vulnerabilities

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Ubuntu Livepatch Fixed Several Linux Kernel Vulnerabilities

Rohan Timalsina

October 18, 2023 - TuxCare expert team

Ubuntu Livepatch service effectively addresses high and critical vulnerabilities in the Linux kernel, eliminating the need to reboot after patching. It is included in the Ubuntu Pro subscription.

In this blog, we will discuss several security issues that have been patched in the kernel Livepatch.

 

Ubuntu Kernel Livepatch Updates

CVE-2023-3090

CVSS 3.x Score: 7.8 High

The Linux kernel’s IP-VLAN network driver did not correctly initialize memory in certain situations, which resulted in a heap out-of-bounds write vulnerability. An attacker can use this issue to trigger a denial of service or arbitrary code execution.

 

CVE-2023-3567

CVSS 3.x Score: 7.1 High

A use-after-free vulnerability was identified in the Linux kernel’s virtual terminal driver, which enabled a local attacker to cause a denial of service or disclose sensitive information (kernel memory).

 

CVE-2023-3609

CVSS 3.x Score: 7.8 High

A use-after-free vulnerability was discovered in the universal 32-bit network packet classifier implementation, as it incorrectly counted references in certain situations. A local attacker could cause a denial of service or possibly execute arbitrary code using this flaw.

 

CVE-2023-3776

CVSS 3.x Score: 7.8 High

It was found that the net/sched: cls_fw component of the Linux kernel did not handle reference counting properly. An attacker can exploit this issue to escalate local privileges. If an attacker gained control over the reference counter and set it to zero, it would free the reference, resulting in a use-after-free vulnerability.

 

CVE-2023-3777

CVSS 3.x Score: 7.8 High

Kevin Rich found that the Linux kernel’s netfilter subsystem does not handle table rules flush correctly under some conditions. A local attacker could exploit this to cause a system denial of service or arbitrary code execution.

 

CVE-2023-3995 (Duplicate of CVE-2023-4147)

CVSS 3.x Score: 7.8 High

Kevin Rich identified a vulnerability in the netfilter subsystem of the Linux kernel, revealing inadequate handling of rule additions to bound chains under specific conditions. In certain situations, a local attacker might exploit this flaw to potentially trigger a denial of service, leading to a system crash or execute arbitrary code.

 

CVE-2023-4004

CVSS 3.x Score: 7.8 High

A flaw was detected in the netfilter subsystem within the Linux kernel, where the removal of PIPAPO elements was not appropriately managed, resulting in a use-after-free vulnerability. In this context, a local attacker may exploit this vulnerability to induce a denial of service or execute arbitrary code.

 

CVE-2023-4128

CVSS 3.x Score: 7.8 High

A critical finding uncovered use-after-free vulnerabilities in certain network classifier implementations within the Linux kernel. A local attacker could leverage this flaw to trigger a denial of service or even to execute arbitrary code.

 

CVE-2023-21400

CVSS 3.x Score: 6.7 Medium

Ye Zhang and Nicolas Wu identified a vulnerability in the io_uring subsystem of the Linux kernel, revealing inadequate locking mechanisms for rings with IOPOLL, which resulted in a double-free vulnerability. In such a scenario, a local attacker could exploit this issue to instigate a denial of service or execute arbitrary code.

 

CVE-2023-40283

CVSS 3.x Score: 7.8 High

A vulnerability was found in the Linux kernel’s Bluetooth subsystem, related to the improper handling of the L2CAP socket release, resulting in a use-after-free vulnerability. A local attacker could exploit this flaw to initiate a denial of service or execute arbitrary code.

 

Final Thoughts

Canonical made these Ubuntu Livepatch security updates available for different releases, including Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 18.04, Ubuntu 16.04, and Ubuntu 14.04 ESM. It is advisable to update the Livepatch version to fix these issues.

Canonical’s Livepatch is for Ubuntu users and is relatively expensive. Alternatively, you might want to consider TuxCare’s KernelCare Enterprise for automated and non-disruptive live patching of all major Linux distributions, including Ubuntu, Debian, RHEL, AlmaLinux, CentOS, and more. Since it is a one-stop solution, you don’t have to use many live patching tools to secure your Linux-based computers.

Discover more on the comparison between KernelCare Enterprise and Canonical Livepatch.

 

The sources for this article can be found on Ubuntu Security Notices.

Summary
Ubuntu Livepatch Fixed Several Linux Kernel Vulnerabilities
Article Name
Ubuntu Livepatch Fixed Several Linux Kernel Vulnerabilities
Description
Learn about Ubuntu Livepatch security updates that addressed high severity vulnerabilities discovered in the Linux kernel.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter