USN-7506-3: Linux kernel (FIPS) vulnerabilities

USN-7506-3: Linux kernel (FIPS) vulnerabilities
Publication date: 12 May 2025
Overview: Several security issues were fixed in the Linux kernel.
Releases:

Packages
linux-fips - Linux kernel with FIPS

Details
Demi Marie Obenour and Simon Gaiser discovered that several Xen para-
virtualization device frontends did not properly restrict the access rights
of device backends. An attacker could possibly use a malicious Xen backend
to gain access to memory pages of a guest VM or cause a denial of service
in the guest. (CVE-2022-23041)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

• Hardware crypto device drivers;
• GPU drivers;
• IIO subsystem;
• Media drivers;
• Network drivers;
• SCSI subsystem;
• SPI subsystem;
• USB Gadget drivers;
• Ceph distributed file system;
• File systems infrastructure;
• JFS file system;
• Network file system (NFS) client;
• Network file system (NFS) server daemon;
• NILFS2 file system;
• SMB network file system;
• CAN network layer;
• IPv6 networking;
• MAC80211 subsystem;
• Netfilter;
• Netlink;
• Network traffic control;
• SCTP protocol;
• TIPC protocol

Update instructions
After a standard system update you need to reboot your computer to make all the necessary changes.

The problem can be corrected by updating your system to the following package versions:

• 16.04 xenial linux-image-4.4.0-1113-fips – 4.4.0-1113.120
• linux-image-fips – 4.4.0.1113.114