SB2025040744 - Ubuntu update for linux-azure

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2024-35864)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the smb2_is_valid_lease_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2024-56658)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the LLIST_HEAD(), net_free() and cleanup_net() functions in net/core/net_namespace.c. A local user can escalate privileges on the system.

3) Use-after-free (CVE-ID: CVE-2024-57798)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_dp_mst_up_req_work() and drm_dp_mst_handle_up_req() functions in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can escalate privileges on the system.

4) Double free (CVE-ID: CVE-2024-42069)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the add_adev() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.

5) Use-after-free (CVE-ID: CVE-2024-26928)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the cifs_debug_files_proc_show() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-7420-1