SB2024071102 - Ubuntu update for linux-aws-5.4

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024071102

SB2024071102 - Ubuntu update for linux-aws-5.4

Published: July 11, 2024

Security Bulletin ID SB2024071102
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Medium 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2022-0001)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.


2) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2024-2201)

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to native branch history injection on x86 systems. A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests and compromise the affected system.


3) Improper locking (CVE-ID: CVE-2024-26925)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __nf_tables_abort() and nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.


4) Race condition (CVE-ID: CVE-2024-26643)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the nf_tables_unbind_set() function in net/netfilter/nf_tables_api.c. A local user can exploit the race and escalate privileges on the system.


Remediation

Install update from vendor's website.

References