LSN-0119-1

Project Discussion Kernel LSN
, ,
1

Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 24.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 22.04 LTS

Summary

Several security issues were fixed in the kernel.

Software Description

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-gke - Linux kernel for Google Container Engine (GKE) systems
  • linux-ibm - Linux kernel for IBM cloud systems
  • linux-oracle - Linux kernel for Oracle Cloud systems

Details

In the Linux kernel, the following vulnerability has been
resolved: btrfs: ref-verify: fix use-after-free after invalid ref action At
btrfs_ref_tree_mod() after we successfully inserted the new ref entry
(local variable ‘ref’) into the respective block entry’s rbtree (local
variable ‘be’), if we find an unexpected action of BTRFS_DROP_DELAYED_REF,
we error out and free the ref entry without removing it from the block
entry’s rbtree. (CVE-2024-56581)

In the Linux kernel, the following vulnerability has been
resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in
brcmf_sdiod_sglist_rw() This patch fixes a NULL pointer dereference bug in
brcmfmac that occurs when a high ‘sd_sgentry_align’ value applies (e.g.
512) and a lot of queued SKBs are sent from the pkt queue. (CVE-2024-56593)

In the Linux kernel, the following vulnerability has been
resolved: net/smc: fix LGR and link use-after-free issue We encountered a
LGR/link use-after-free issue, which manifested as the LGR/link refcnt
reaching 0 early and entering the clear process, making resource access
unsafe. (CVE-2024-56640)

In the Linux kernel, the following vulnerability has been
resolved: usb: cdc-acm: Check control transfer buffer size before access If
the first fragment is shorter than struct usb_cdc_notification, we can’t
calculate an expected_size. (CVE-2025-21704)

In the Linux kernel, the following vulnerability has been
resolved: drm/amdgpu: avoid buffer overflow attach in
smu_sys_set_pp_table() It malicious user provides a small pptable through
sysfs and then a bigger pptable, it may cause buffer overflow attack in
function smu_sys_set_pp_table().. (CVE-2025-21780)

In the Linux kernel, the following vulnerability has been
resolved: netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() nft_map_catchall_activate() has an inverted
element activity check compared to its non-catchall counterpart
nft_mapelem_activate() and compared to what is logically required.
nft_map_catchall_activate() is called from the abort path to re-activate
catchall map elements that were deactivated during a failed transaction.
(CVE-2026-23111)

Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(CVE-2026-23268)

Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(CVE-2026-23269)

Update instructions

The problem can be corrected by updating your kernel livepatch to the following
versions:

Ubuntu 20.04 LTS

  • aws - 119.1
  • azure - 119.1
  • gcp - 119.1
  • generic - 119.1
  • ibm - 119.1
  • lowlatency - 119.1
  • oracle - 119.1

Ubuntu 18.04 LTS

  • aws - 119.1
  • azure - 119.1
  • gcp - 119.1
  • generic - 119.1
  • lowlatency - 119.1
  • oracle - 119.1

Ubuntu 24.04 LTS

  • aws - 119.1
  • azure - 119.1
  • gcp - 119.1
  • generic - 119.1
  • ibm - 119.1
  • oracle - 119.1

Ubuntu 16.04 LTS

  • aws - 119.1
  • azure - 119.1
  • generic - 119.1
  • lowlatency - 119.1

Ubuntu 22.04 LTS

  • aws - 119.1
  • azure - 119.1
  • gcp - 119.1
  • generic - 119.1
  • gke - 119.1
  • ibm - 119.1
  • oracle - 119.1

Support Information

Livepatches for supported LTS kernels will receive upgrades for
a period of up to 13 months after the build date of the kernel.

Livepatches for supported HWE kernels which are not based on
an LTS kernel version will receive upgrades for a period of
up to 9 months after the build date of the kernel, or until the end
of support for that kernel’s non-LTS distro release version,
whichever is sooner.

References