Ubuntu Security Notices
LSN-0094-1

LSN-0094-1: Kernel Live Patch Security Notice

Publication date

18 April 2023

Overview

Several security issues were fixed in the kernel.

Releases

22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS

Software description

aws – Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 4.15.0-1119, >= 5.4.0-1009, >= 5.4.0-1061, >= 5.15.0-1000)
aws-5.15 – Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
aws-5.4 – Linux kernel for Amazon Web Services (AWS) systems - (>= 5.4.0-1069)
aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems - (>= 4.15.0-1126)
azure – Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 5.15.0-1000, >= 4.15.0-1063, >= 4.15.0-1078, >= 4.15.0-1114)
azure-4.15 – Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1115)
azure-5.4 – Linux kernel for Microsoft Azure cloud systems - (>= 5.4.0-1069)
gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009, >= 5.15.0-1000, >= 4.15.0-1118)
gcp-4.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 4.15.0-1121)
gcp-5.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000)
gcp-5.4 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1069)

aws – Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1054, >= 4.15.0-1119, >= 5.4.0-1009, >= 5.4.0-1061, >= 5.15.0-1000)
aws-5.15 – Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
aws-5.4 – Linux kernel for Amazon Web Services (AWS) systems - (>= 5.4.0-1069)
aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems - (>= 4.15.0-1126)
azure – Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 5.15.0-1000, >= 4.15.0-1063, >= 4.15.0-1078, >= 4.15.0-1114)
azure-4.15 – Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1115)
azure-5.4 – Linux kernel for Microsoft Azure cloud systems - (>= 5.4.0-1069)
gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009, >= 5.15.0-1000, >= 4.15.0-1118)
gcp-4.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 4.15.0-1121)
gcp-5.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000)
gcp-5.4 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1069)
generic-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-143, >= 4.15.0-69)
generic-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
gke – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1033, >= 5.15.0-1000)
gke-4.15 – Linux kernel for Google Container Engine (GKE) systems - (>= 4.15.0-1076)
gke-5.15 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.15.0-1000)
gke-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
gkeop – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
gkeop-5.4 – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1007)
ibm – Linux kernel for IBM cloud systems - (>= 5.4.0-1009, >= 5.15.0-1000)
ibm-5.4 – Linux kernel for IBM cloud systems - (>= 5.4.0-1009)
linux – Linux kernel - (>= 5.15.0-24)
lowlatency-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-69, >= 4.15.0-143, >= 4.15.0-69)
lowlatency-5.4 – Linux kernel - (>= 5.4.0-26, >= 5.4.0-26)
oem – Linux kernel for OEM systems - (>= 4.15.0-1063)

Details

Lin Ma discovered a race condition in the io_uring subsystem in the Linux
kernel, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).(CVE-2023-0468)

It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.(CVE-2023-1281)

Checking update status

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status

The problem can be corrected in these Livepatch versions:

Kernel type	22.04	20.04	18.04	16.04
aws	94.1	94.1	94.1	—
aws-5.15	—	94.1	—	—
aws-5.4	—	—	94.1	—
aws-hwe	—	—	—	94.1
azure	94.1	94.1	—	94.1
azure-4.15	—	—	94.1	—
azure-5.4	—	—	94.1	—
gcp	94.1	94.1	—	94.1
gcp-4.15	—	—	94.1	—
gcp-5.15	—	94.1	—	—
gcp-5.4	—	—	94.1	—
generic-4.15	—	—	94.1	94.1
generic-5.4	—	94.1	94.1	—
gke	94.1	94.1	—	—
gke-4.15	—	—	94.1	—
gke-5.15	—	94.1	—	—
gke-5.4	—	—	94.1	—
gkeop	—	94.1	—	—
gkeop-5.4	—	—	94.1	—
ibm	94.1	94.1	—	—
ibm-5.4	—	—	94.1	—
linux	94.1	—	—	—
lowlatency-4.15	—	—	94.1	94.1
lowlatency-5.4	—	94.1	94.1	—
oem	—	—	94.1	—

References

Have additional questions?

Talk to a member of the team ›