USN-7004-1: Linux kernel vulnerabilities
USN-7004-1: Linux kernel vulnerabilities
12 September 2024
Several security issues were fixed in the Linux kernel.
Releases
Ubuntu 24.04 LTS
Packages
linux-azure - Linux kernel for Microsoft Azure Cloud systems
Details
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848)
It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-40902)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04
linux-image-6.8.0-1014-azure - 6.8.0-1014.16
linux-image-6.8.0-1014-azure-fde - 6.8.0-1014.16
linux-image-azure - 6.8.0-1014.16
linux-image-azure-fde - 6.8.0-1014.16
After a standard system update you need to reboot your computer to make all the necessary changes.