SB2024070425 - Ubuntu update for linux-aws

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Deserialization of Untrusted Data (CVE-ID: CVE-2024-21823)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure deserialization in hardware logic. A local user can perform a denial of service (DoS) attack.

2) Race condition (CVE-ID: CVE-2024-26643)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the nf_tables_unbind_set() function in net/netfilter/nf_tables_api.c. A local user can exploit the race and escalate privileges on the system.

3) Improper locking (CVE-ID: CVE-2024-26925)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __nf_tables_abort() and nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

4) Resource management error (CVE-ID: CVE-2024-26924)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the nft_pipapo_remove() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.

5) Improper resource shutdown or release (CVE-ID: CVE-2024-26809)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the nft_pipapo_destroy() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-6873-1