Canonical releases Ubuntu kernel security update, fixes three high-risk vulnerabilities

According to news on June 30, Canonical today launched a Linux Kernel security update for all supported Ubuntu distributions, fixing three high-risk vulnerabilities in previous versions.

IT Home hereby attaches the applicable Ubuntu version:

• Ubuntu 23.04 (Lunar Lobster) running Linux Kernel 6.2
• Ubuntu 22.10 (Kinetic Kudu) running Linux Kernel 5.19
• Ubuntu 22.04 LTS (Jammy Jellyfish) running Linux Kernel 5.15 LTS or 5.19 HWE
• Running Linux Kernel 5.4 or 5.15 HWE Ubuntu 20.04 LTS (Focal Fossa)
• Ubuntu 18.04 ESM running Linux Kernel 5.4 HWE

This update mainly fixes the following 3 security vulnerabilities:

CVE -2023-35788:

An out-of-bounds write vulnerability discovered by Hangyu Hua in the Linux kernel's Flower classifier implementation could allow an attacker to cause a denial of service (system crash) or execute arbitrary code.

CVE-2023-2430:

Exists in Ubuntu 22.10 and Ubuntu 22.04 LTS distributions running Linux Kernel 5.19

This vulnerability was discovered by Xingyuan Mo and Gengjia Chen, Exists in the io_uring subsystem, allowing local attackers to cause a denial of service.

Intel Processor Vulnerability:

The new Linux kernel security update also fixes a flaw affecting Intel processors where the INVLPG instruction implementation fails to properly refresh global TLB entries when PCID is enabled. caused by. This flaw could allow an attacker to expose sensitive information (kernel memory) or could cause unexpected behavior.

The above is the detailed content of Canonical releases Ubuntu kernel security update, fixes three high-risk vulnerabilities. For more information, please follow other related articles on the PHP Chinese website!