Release Info

Advisory: CLSA-2024:1721664120

OS: Ubuntu 16.04 ELS

Public date: 2024-07-22 12:02:02

Project: linux-hwe

Version: 4.15.0-232.243~16.04.1

Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2024-1721664120.html

Changelog

[ Ubuntu: 4.15.0-232.243 ] * CVE-url: https://ubuntu.com/security/CVE-2024-35902 - net/rds: fix possible cp null dereference * CVE-url: https://ubuntu.com/security/CVE-2024-38587 - speakup: Fix sizeof() vs ARRAY_SIZE() bug * CVE-url: https://ubuntu.com/security/CVE-2024-39493 - crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak * CVE-url: https://ubuntu.com/security/CVE-2024-38381 - nfc: nci: Fix uninit-value in nci_rx_work * CVE-url: https://ubuntu.com/security/CVE-2024-26810 - vfio/pci: Lock external INTx masking ops * CVE-url: https://ubuntu.com/security/CVE-2024-26687 - xen/events: close evtchn after mapping cleanup * CVE-url: https://ubuntu.com/security/CVE-2024-35893 - net: sched: change type of reference and bind counters - net: sched: act_skbmod: remove dependency on rtnl lock - net/sched: act_skbmod: prevent kernel-infoleak * CVE-url: https://ubuntu.com/security/CVE-2024-35823 - vt: preserve unicode values corresponding to screen characters - vt: fix unicode buffer corruption when deleting characters * CVE-url: https://ubuntu.com/security/CVE-2024-35805 - dm snapshot: Replace mutex with rw semaphore - dm snapshot: fix lockup in dm_exception_table_exit * CVE-url: https://ubuntu.com/security/CVE-2024-27004 - clk: core: clarify the check for runtime PM - clk: Get runtime PM before walking tree during disable_unused * CVE-url: https://ubuntu.com/security/CVE-2024-26852 - net/ipv6: avoid possible UAF in ip6_route_mpath_notify() * CVE-url: https://ubuntu.com/security/CVE-2023-52620 - netfilter: nf_tables: disallow timeout for anonymous sets * CVE-url: https://ubuntu.com/security/CVE-2024-25739 - ubi: Check for too small LEB size in VTBL code * CVE-url: https://ubuntu.com/security/CVE-2024-27437 - genirq: Add IRQF_NO_AUTOEN for request_irq/nmi() - vfio/pci: Disable auto-enable of exclusive INTx IRQ * CVE-url: https://ubuntu.com/security/CVE-2022-48627 - vc: separate state - vt: fix memory overlapping when deleting chars in the buffer * CVE-url: https://ubuntu.com/security/CVE-2024-35910 - mptcp: add sk_stop_timer_sync helper - tcp: properly terminate timers for kernel sockets * CVE-url: https://ubuntu.com/security/CVE-2024-35969 - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr * CVE-url: https://ubuntu.com/security/CVE-2024-27024 - RDS: RDMA: Fix the NULL-ptr deref in rds_ib_get_mr - net/rds: fix WARNING in rds_conn_connect_if_down * CVE-url: https://ubuntu.com/security/CVE-2024-26863 - hsr: Fix uninit-value access in hsr_get_node() * CVE-url: https://ubuntu.com/security/CVE-2024-26984 - nouveau: fix instmem race condition around ptr stores * CVE-url: https://ubuntu.com/security/CVE-2024-36020 - i40e: fix vf may be used uninitialized in this function warning * CVE-url: https://ubuntu.com/security/CVE-2024-35849 - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() * CVE-url: https://ubuntu.com/security/CVE-2024-27388 - SUNRPC: fix some memleaks in gssx_dec_option_array * CVE-url: https://ubuntu.com/security/CVE-2024-35886 - ipv6: Fix infinite recursion in fib6_dump_done(). * CVE-url: https://ubuntu.com/security/CVE-2024-35809 - PCI/PM: Drain runtime-idle callbacks before driver removal * CVE-url: https://ubuntu.com/security/CVE-2024-26875 - media: pvrusb2: fix uaf in pvr2_context_set_notify * CVE-url: https://ubuntu.com/security/CVE-2024-26851 - netfilter: nf_conntrack_h323: Add protection for bmp length out of range * CVE-url: https://ubuntu.com/security/CVE-2024-26999 - serial/pmac_zilog: Remove flawed mitigation for rx irq flood * CVE-url: https://ubuntu.com/security/CVE-2024-35819 - soc: fsl: qbman: Use raw spinlock for cgr_lock * CVE-url: https://ubuntu.com/security/CVE-2024-35806 - soc: fsl: qbman: Always disable interrupts when taking cgr_lock * CVE-url: https://ubuntu.com/security/CVE-2023-52699 - sysv: don't call sb_bread() with pointers_lock held * CVE-url: https://ubuntu.com/security/CVE-2024-35828 - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() * CVE-url: https://ubuntu.com/security/CVE-2024-27001 - comedi: vmk80xx: fix incomplete endpoint checking * CVE-url: https://ubuntu.com/security/CVE-2024-26878 - quota: Fix potential NULL pointer dereference * CVE-url: https://ubuntu.com/security/CVE-2024-27008 - drm: nv04: Fix out of bounds access * CVE-url: https://ubuntu.com/security//CVE-2024-35825 - usb: gadget: ncm: Fix handling of zero block length packets * CVE-url: https://ubuntu.com/security/CVE-2024-35935 - btrfs: send: handle path ref underflow in header iterate_inode_ref() * CVE-url: https://ubuntu.com/security/CVE-2024-26957 - s390/zcrypt: fix reference counting on zcrypt card objects * CVE-url: https://ubuntu.com/security/CVE-2024-35973 - geneve: fix header validation in geneve[6]_xmit_skb * CVE-url: https://ubuntu.com/security/CVE-2024-26965 - clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays * CVE-url: https://ubuntu.com/security/CVE-2024-26931 - scsi: qla2xxx: Fix command flush on cable pull * CVE-url: https://ubuntu.com/security/CVE-2024-35944 - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() * CVE-url: https://ubuntu.com/security/CVE-2024-27028 - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler * CVE-url: https://ubuntu.com/security/CVE-2024-35830 - media: tc358743: register v4l2 async device only after successful setup * CVE-url: https://ubuntu.com/security/CVE-2024-26956 - nilfs2: fix failure to detect DAT corruption in btree and direct mappings * CVE-url: https://ubuntu.com/security/CVE-2024-35807 - ext4: fix corruption during on-line resize * CVE-url: https://ubuntu.com/security/CVE-2024-26813 - vfio/platform: Create persistent IRQ handlers * CVE-url: https://ubuntu.com/security/CVE-2023-52644 - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled * CVE-url: https://ubuntu.com/security/CVE-2024-26966 - clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays * CVE-url: https://ubuntu.com/security/CVE-2024-26654 - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs * CVE-url: https://ubuntu.com/security/CVE-2024-27073 - media: ttpci: fix two memleaks in budget_av_attach * CVE-url: https://ubuntu.com/security/CVE-2023-52880 - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc * CVE-url: https://ubuntu.com/security/CVE-2023-52650 - drm/tegra: dsi: Add missing check for of_find_device_by_node * CVE-url: https://ubuntu.com/security/CVE-2024-35822 - usb: udc: remove warning when queue disabled ep * CVE-url: https://ubuntu.com/security/CVE-2024-35933 - Bluetooth: btintel: Fix null ptr deref in btintel_read_version * CVE-url: https://ubuntu.com/security/CVE-2024-26857 - geneve: make sure to pull inner header in geneve_rx() * CVE-url: https://ubuntu.com/security/CVE-2024-35925 - block: prevent division by zero in blk_rq_stat_sum() * CVE-url: https://ubuntu.com/security/CVE-2024-35930 - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() * CVE-url: https://ubuntu.com/security/CVE-2024-27419 - netrom: Fix data-races around sysctl_net_busy_read * CVE-url: https://ubuntu.com/security/CVE-2024-35955 - kprobes: Fix possible use-after-free issue on kprobe registration * CVE-url: https://ubuntu.com/security/CVE-2024-27074 - media: go7007: fix a memleak in go7007_load_encoder * CVE-url: https://ubuntu.com/security/CVE-2024-35847 - irqchip/gic-v3-its: Prevent double free on error * CVE-url: https://ubuntu.com/security/CVE-2024-35936 - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() * CVE-url: https://ubuntu.com/security/CVE-2024-35821 - ubifs: Set page uptodate in the correct place * CVE-url: https://ubuntu.com/security/CVE-2024-27075 - media: dvb-frontends: avoid stack overflow warnings with clang * CVE-url: https://ubuntu.com/security/CVE-2024-26651 - sr9800: Add check for usbnet_get_endpoints * CVE-url: https://ubuntu.com/security/CVE-2024-27043 - media: edia: dvbdev: fix a use-after-free * CVE-url: https://ubuntu.com/security/CVE-2024-26976 - KVM: Always flush async #PF workqueue when vCPU is being destroyed * CVE-url: https://ubuntu.com/security/CVE-2024-27000 - serial: mxs-auart: add spinlock around changing cts state * CVE-url: https://ubuntu.com/security/CVE-2024-35815 - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion * CVE-url: https://ubuntu.com/security/CVE-2024-27396 - net: gtp: Fix Use-After-Free in gtp_dellink * CVE-url: https://ubuntu.com/security/CVE-2024-26874 - drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip * CVE-url: https://ubuntu.com/security/CVE-2024-35922 - fbmon: prevent division by zero in fb_videomode_from_videomode() * CVE-url: https://ubuntu.com/security/CVE-2024-27078 - media: v4l2-tpg: fix some memleaks in tpg_alloc * CVE-url: https://ubuntu.com/security/CVE-2024-26981 - nilfs2: fix OOB in nilfs_set_de_type * CVE-url: https://ubuntu.com/security/CVE-2024-26816 - x86, relocs: Ignore relocations in .notes section * CVE-url: https://ubuntu.com/security/CVE-2024-26880 - dm: call the resume method on internal suspend * CVE-url: https://ubuntu.com/security/CVE-2024-26994 - speakup: Avoid crash on very long word * CVE-url: https://ubuntu.com/security/CVE-2024-26955 - nilfs2: prevent kernel bug at submit_bh_wbc() * CVE-url: https://ubuntu.com/security/CVE-2024-36004 - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue * CVE-url: https://ubuntu.com/security/CVE-2024-35789 - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes * CVE-url: https://ubuntu.com/security/CVE-2024-26974 - crypto: qat - resolve race condition during AER recovery * CVE-url: https://ubuntu.com/security/CVE-2024-26859 - net/bnx2x: Prevent access to a freed page in page_pool * CVE-url: https://ubuntu.com/security/CVE-2024-35960 - net/mlx5: Properly link new fs rules into the tree * CVE-url: https://ubuntu.com/security/CVE-2024-27059 - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command * CVE-url: https://ubuntu.com/security/CVE-2024-26993 - fs: sysfs: Fix reference leak in sysfs_break_active_protection() * CVE-url: https://ubuntu.com/security/CVE-2024-24857 // CVE-url: https://ubuntu.com/security/CVE-2024-24858 // CVE-url: https://ubuntu.com/security/CVE-2024-24859 - Bluetooth: Fix TOCTOU in HCI debugfs implementation * CVE-url: https://ubuntu.com/security/CVE-2024-26894 - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() * CVE-url: https://ubuntu.com/security/CVE-2024-27436 - ALSA: usb-audio: Stop parsing channels bits when all channels are found. * CVE-url: https://ubuntu.com/security/CVE-2024-35915 - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet * CVE-url: https://ubuntu.com/security/CVE-2024-26973 - fat: fix uninitialized field in nostale filehandles * CVE-url: https://ubuntu.com/security/CVE-2024-26923 - af_unix: Fix garbage collector racing against connect() * CVE-url: https://ubuntu.com/security/CVE-2024-26643 - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout * CVE-url: https://ubuntu.com/security/CVE-2024-26886 - Bluetooth: af_bluetooth: Fix deadlock

Update

Update command: apt-get update apt-get --only-upgrade install linux-hwe*

Packages list

linux-buildinfo-4.15.0-232-tuxcare.els30-generic_4.15.0-232.243~16.04.1_amd64.deb linux-buildinfo-4.15.0-232-tuxcare.els30-lowlatency_4.15.0-232.243~16.04.1_amd64.deb linux-cloud-tools-4.15.0-232-tuxcare.els30-generic_4.15.0-232.243~16.04.1_amd64.deb linux-cloud-tools-4.15.0-232-tuxcare.els30-lowlatency_4.15.0-232.243~16.04.1_amd64.deb linux-headers-4.15.0-232-tuxcare.els30_4.15.0-232.243~16.04.1_all.deb linux-headers-4.15.0-232-tuxcare.els30-generic_4.15.0-232.243~16.04.1_amd64.deb linux-headers-4.15.0-232-tuxcare.els30-lowlatency_4.15.0-232.243~16.04.1_amd64.deb linux-hwe-cloud-tools-4.15.0-232-tuxcare.els30_4.15.0-232.243~16.04.1_amd64.deb linux-hwe-tools-4.15.0-232-tuxcare.els30_4.15.0-232.243~16.04.1_amd64.deb linux-image-unsigned-4.15.0-232-tuxcare.els30-generic_4.15.0-232.243~16.04.1_amd64.deb linux-image-unsigned-4.15.0-232-tuxcare.els30-lowlatency_4.15.0-232.243~16.04.1_amd64.deb linux-modules-4.15.0-232-tuxcare.els30-generic_4.15.0-232.243~16.04.1_amd64.deb linux-modules-4.15.0-232-tuxcare.els30-lowlatency_4.15.0-232.243~16.04.1_amd64.deb linux-modules-extra-4.15.0-232-tuxcare.els30-generic_4.15.0-232.243~16.04.1_amd64.deb linux-source-4.15.0_4.15.0-232.243~16.04.1_all.deb linux-tools-4.15.0-232-tuxcare.els30-generic_4.15.0-232.243~16.04.1_amd64.deb linux-tools-4.15.0-232-tuxcare.els30-lowlatency_4.15.0-232.243~16.04.1_amd64.deb

CVEs

CVE-2024-26974
CVE-2024-35933
CVE-2024-35821
CVE-2024-27436
CVE-2024-35822
CVE-2024-26965
CVE-2024-35935
CVE-2024-35925
CVE-2024-27078
CVE-2024-26966
CVE-2024-26931
CVE-2024-35915
CVE-2024-26976
CVE-2024-26999
CVE-2023-52644
CVE-2023-52650
CVE-2024-26654
CVE-2024-26810
CVE-2024-26687
CVE-2024-26875
CVE-2024-26880
CVE-2024-35807
CVE-2024-35805
CVE-2024-27396
CVE-2024-27073
CVE-2024-27075
CVE-2024-26955
CVE-2024-26956
CVE-2024-26894
CVE-2024-35847
CVE-2024-35806
CVE-2024-27059
CVE-2024-27419
CVE-2024-26863
CVE-2024-26859
CVE-2024-27043
CVE-2024-24858
CVE-2024-24857
CVE-2024-26973
CVE-2024-26851
CVE-2024-26993
CVE-2024-26981
CVE-2024-26651
CVE-2024-26813
CVE-2023-52880
CVE-2024-26857
CVE-2024-26852
CVE-2024-26984
CVE-2024-27024
CVE-2024-35825
CVE-2024-27004
CVE-2024-27074
CVE-2024-27388
CVE-2024-35789
CVE-2024-35886
CVE-2024-26886
CVE-2024-24859
CVE-2023-52620
CVE-2022-48627
CVE-2024-35944
CVE-2024-35936
CVE-2024-35960
CVE-2024-35902
CVE-2024-35830
CVE-2024-35815
CVE-2024-35809
CVE-2024-27028
CVE-2024-27001
CVE-2024-27000
CVE-2024-26923
CVE-2024-26878
CVE-2024-26874
CVE-2024-27008
CVE-2024-27437
CVE-2024-26816
CVE-2024-26994
CVE-2024-35930
CVE-2024-36004
CVE-2024-35973
CVE-2024-35969
CVE-2024-39493
CVE-2024-36020
CVE-2024-35955
CVE-2024-35922
CVE-2024-35910
CVE-2024-35849
CVE-2024-35893
CVE-2024-35828
CVE-2024-35823
CVE-2024-35819
CVE-2024-38587
CVE-2023-52699
CVE-2024-26957
CVE-2024-38381
CVE-2024-26643