USN-7506-1: Linux kernel vulnerabilities

USN-7506-1: Linux kernel vulnerabilities
Publication date:12 May 2025
Overview: Several security issues were fixed in the Linux kernel.
Releases: 16.04 LTS

Packages

• linux - Linux kernel
• linux-aws - Linux kernel for Amazon Web Services (AWS) systems
• linux-kvm - Linux kernel for cloud environments

Details
Demi Marie Obenour and Simon Gaiser discovered that several Xen para-
virtualization device frontends did not properly restrict the access rights
of device backends. An attacker could possibly use a malicious Xen backend
to gain access to memory pages of a guest VM or cause a denial of service
in the guest. (CVE-2022-23041)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

Hardware crypto device drivers;

• GPU drivers;
• IIO subsystem;
• Media drivers;
• Network drivers;
• SCSI subsystem;
• SPI subsystem;
• USB Gadget drivers;
• Ceph distributed file system;
• File systems infrastructure;
• JFS file system;
• Network file system (NFS) client;
• Network file system (NFS) server...

Update instructions
After a standard system update you need to reboot your computer to make all the necessary changes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version

• 16.04 xenial linux-image-4.4.0-1144-kvm – 4.4.0-1144.155
• linux-image-4.4.0-1181-aws – 4.4.0-1181.196
• linux-image-4.4.0-268-generic – 4.4.0-268.302
• linux-image-4.4.0-268-lowlatency – 4.4.0-268.302
• linux-image-aws – 4.4.0.1181.185
• linux-image-generic – 4.4.0.268.274
• linux-image-generic-lts-xenial – 4.4.0.268.274
• linux-image-kvm – 4.4.0.1144.141
• linux-image-lowlatency – 4.4.0.268.274
• linux-image-lowlatency-lts-xenial – 4.4.0.268.274
• linux-image-virtual – 4.4.0.268.274
• linux-image-virtual-lts-xenial – 4.4.0.268.274