Ubuntu: (Multiple Advisories) (CVE-2024-47728): Linux kernel vulnerabilities
Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error For all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input arguments, zero the value for the case of an error as otherwise it could leak memory. For tracing, it is not needed given CAP_PERFMON can already read all kernel memory anyway hence bpf_get_func_arg() and bpf_get_func_ret() is skipped in here. Also, the MTU helpers mtu_len pointer value is being written but also read. Technically, the MEM_UNINIT should not be there in order to always force init. Removing MEM_UNINIT needs more verifier rework though: MEM_UNINIT right now implies two things actually: i) write into memory, ii) memory does not have to be initialized. If we lift MEM_UNINIT, it then becomes: i) read into memory, ii) memory must be initialized. This means that for bpf_*_check_mtu() we're readding the issue we're trying to fix, that is, it would then be able to write back into things like .rodata BPF maps. Follow-up work will rework the MEM_UNINIT semantics such that the intent can be better expressed. For now just clear the *mtu_len on error path which can be lifted later again.
Solution(s)
- ubuntu-upgrade-linux-image-6-11-0-1005-realtime
- ubuntu-upgrade-linux-image-6-11-0-1008-raspi
- ubuntu-upgrade-linux-image-6-11-0-1009-aws
- ubuntu-upgrade-linux-image-6-11-0-1009-azure
- ubuntu-upgrade-linux-image-6-11-0-1009-azure-fde
- ubuntu-upgrade-linux-image-6-11-0-1009-gcp
- ubuntu-upgrade-linux-image-6-11-0-1010-lowlatency
- ubuntu-upgrade-linux-image-6-11-0-1010-lowlatency-64k
- ubuntu-upgrade-linux-image-6-11-0-1011-oracle
- ubuntu-upgrade-linux-image-6-11-0-1011-oracle-64k
- ubuntu-upgrade-linux-image-6-11-0-1015-oem
- ubuntu-upgrade-linux-image-6-11-0-18-generic
- ubuntu-upgrade-linux-image-6-11-0-18-generic-64k
- ubuntu-upgrade-linux-image-6-8-0-1006-gkeop
- ubuntu-upgrade-linux-image-6-8-0-1014-azure-nvidia
- ubuntu-upgrade-linux-image-6-8-0-1019-gke
- ubuntu-upgrade-linux-image-6-8-0-1019-raspi
- ubuntu-upgrade-linux-image-6-8-0-1020-oracle
- ubuntu-upgrade-linux-image-6-8-0-1020-oracle-64k
- ubuntu-upgrade-linux-image-6-8-0-1022-ibm
- ubuntu-upgrade-linux-image-6-8-0-1022-nvidia
- ubuntu-upgrade-linux-image-6-8-0-1022-nvidia-64k
- ubuntu-upgrade-linux-image-6-8-0-1022-nvidia-lowlatency
- ubuntu-upgrade-linux-image-6-8-0-1022-nvidia-lowlatency-64k
- ubuntu-upgrade-linux-image-6-8-0-1023-aws
- ubuntu-upgrade-linux-image-6-8-0-1024-gcp
- ubuntu-upgrade-linux-image-6-8-0-1024-gcp-64k
- ubuntu-upgrade-linux-image-6-8-0-1024-oem
- ubuntu-upgrade-linux-image-6-8-0-1025-azure
- ubuntu-upgrade-linux-image-6-8-0-1025-azure-fde
- ubuntu-upgrade-linux-image-6-8-0-54-generic
- ubuntu-upgrade-linux-image-6-8-0-54-generic-64k
- ubuntu-upgrade-linux-image-6-8-0-54-lowlatency
- ubuntu-upgrade-linux-image-6-8-0-54-lowlatency-64k
- ubuntu-upgrade-linux-image-6-8-0-57-generic
- ubuntu-upgrade-linux-image-6-8-0-57-generic-64k
- ubuntu-upgrade-linux-image-aws
- ubuntu-upgrade-linux-image-aws-lts-24-04
- ubuntu-upgrade-linux-image-azure
- ubuntu-upgrade-linux-image-azure-fde
- ubuntu-upgrade-linux-image-azure-fde-lts-24-04
- ubuntu-upgrade-linux-image-azure-lts-24-04
- ubuntu-upgrade-linux-image-azure-nvidia
- ubuntu-upgrade-linux-image-gcp
- ubuntu-upgrade-linux-image-gcp-64k
- ubuntu-upgrade-linux-image-gcp-64k-lts-24-04
- ubuntu-upgrade-linux-image-gcp-lts-24-04
- ubuntu-upgrade-linux-image-generic
- ubuntu-upgrade-linux-image-generic-64k
- ubuntu-upgrade-linux-image-generic-64k-hwe-22-04
- ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
- ubuntu-upgrade-linux-image-generic-hwe-22-04
- ubuntu-upgrade-linux-image-generic-hwe-24-04
- ubuntu-upgrade-linux-image-generic-lpae
- ubuntu-upgrade-linux-image-gke
- ubuntu-upgrade-linux-image-gkeop
- ubuntu-upgrade-linux-image-gkeop-6-8
- ubuntu-upgrade-linux-image-ibm
- ubuntu-upgrade-linux-image-ibm-classic
- ubuntu-upgrade-linux-image-ibm-lts-24-04
- ubuntu-upgrade-linux-image-kvm
- ubuntu-upgrade-linux-image-lowlatency
- ubuntu-upgrade-linux-image-lowlatency-64k
- ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04
- ubuntu-upgrade-linux-image-lowlatency-hwe-22-04
- ubuntu-upgrade-linux-image-nvidia
- ubuntu-upgrade-linux-image-nvidia-6-8
- ubuntu-upgrade-linux-image-nvidia-64k
- ubuntu-upgrade-linux-image-nvidia-64k-6-8
- ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04
- ubuntu-upgrade-linux-image-nvidia-hwe-22-04
- ubuntu-upgrade-linux-image-nvidia-lowlatency
- ubuntu-upgrade-linux-image-nvidia-lowlatency-64k
- ubuntu-upgrade-linux-image-oem-22-04
- ubuntu-upgrade-linux-image-oem-22-04a
- ubuntu-upgrade-linux-image-oem-22-04b
- ubuntu-upgrade-linux-image-oem-22-04c
- ubuntu-upgrade-linux-image-oem-22-04d
- ubuntu-upgrade-linux-image-oem-24-04
- ubuntu-upgrade-linux-image-oem-24-04a
- ubuntu-upgrade-linux-image-oem-24-04b
- ubuntu-upgrade-linux-image-oracle
- ubuntu-upgrade-linux-image-oracle-64k
- ubuntu-upgrade-linux-image-oracle-64k-lts-24-04
- ubuntu-upgrade-linux-image-oracle-lts-24-04
- ubuntu-upgrade-linux-image-raspi
- ubuntu-upgrade-linux-image-realtime
- ubuntu-upgrade-linux-image-realtime-hwe-24-04
- ubuntu-upgrade-linux-image-virtual
- ubuntu-upgrade-linux-image-virtual-hwe-22-04
- ubuntu-upgrade-linux-image-virtual-hwe-24-04
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center