USN-7089-1: Linux kernel vulnerabilities

USN-7089-1: Linux kernel vulnerabilities
1 November 2024

Several security issues were fixed in the Linux kernel.

Releases
Ubuntu 24.04 LTS Ubuntu 22.04 LTS

Packages
linux - Linux kernel
linux-azure-6.8 - Linux kernel for Microsoft Azure cloud systems
linux-gcp-6.8 - Linux kernel for Google Cloud Platform (GCP) systems
linux-hwe-6.8 - Linux hardware enablement (HWE) kernel

Details
Chenyuan Yang discovered that the USB Gadget subsystem in the Linux
kernel did not properly check for the device to be enabled before
writing. A local attacker could possibly use this to cause a denial of
service. (CVE-2024-25741)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

ARM32 architecture;
MIPS architecture;
PA-RISC architecture;
PowerPC architecture;
RISC-V architecture;
S390 architecture;

Update instructions
The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.04

• linux-image-6.8.0-48-generic - 6.8.0-48.48
• linux-image-6.8.0-48-generic-64k - 6.8.0-48.48
• linux-image-generic - 6.8.0-48.48
• linux-image-generic-64k - 6.8.0-48.48
• linux-image-generic-64k-hwe-24.04 - 6.8.0-48.48
• linux-image-generic-hwe-24.04 - 6.8.0-48.48
• linux-image-generic-lpae - 6.8.0-48.48
• linux-image-kvm - 6.8.0-48.48
• linux-image-virtual - 6.8.0-48.48
• linux-image-virtual-hwe-24.04 - 6.8.0-48.48