Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-7234-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.12.2025.7234.1

Category: Ubuntu Local Security Checks

Title: Ubuntu: Security Advisory (USN-7234-1)

Summary: The remote host is missing an update for the 'linux, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi' package(s) announced via the USN-7234-1 advisory.

Description: Summary:
The remote host is missing an update for the 'linux, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi' package(s) announced via the USN-7234-1 advisory.

Vulnerability Insight:
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- TTY drivers,
- Netfilter,
- Network traffic control,
- VMware vSockets driver,
(CVE-2024-53141, CVE-2024-53103, CVE-2024-40967, CVE-2024-53164)

Affected Software/OS:
'linux, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi' package(s) on Ubuntu 18.04, Ubuntu 20.04.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-21400
Debian Security Information: DSA-5480 (Google Search)
https://www.debian.org/security/2023/dsa-5480
http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html
https://source.android.com/security/bulletin/pixel/2023-07-01
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
http://www.openwall.com/lists/oss-security/2023/07/14/2
http://www.openwall.com/lists/oss-security/2023/07/19/2
http://www.openwall.com/lists/oss-security/2023/07/19/7
http://www.openwall.com/lists/oss-security/2023/07/25/7
Common Vulnerability Exposure (CVE) ID: CVE-2024-40967
Common Vulnerability Exposure (CVE) ID: CVE-2024-53103
Common Vulnerability Exposure (CVE) ID: CVE-2024-53141
Common Vulnerability Exposure (CVE) ID: CVE-2024-53164

Copyright Copyright (C) 2025 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.12.2025.7234.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-7234-1)
Summary:	The remote host is missing an update for the 'linux, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi' package(s) announced via the USN-7234-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi' package(s) announced via the USN-7234-1 advisory. Vulnerability Insight: Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-21400) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - TTY drivers, - Netfilter, - Network traffic control, - VMware vSockets driver, (CVE-2024-53141, CVE-2024-53103, CVE-2024-40967, CVE-2024-53164) Affected Software/OS: 'linux, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi' package(s) on Ubuntu 18.04, Ubuntu 20.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-21400 Debian Security Information: DSA-5480 (Google Search) https://www.debian.org/security/2023/dsa-5480 http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html https://source.android.com/security/bulletin/pixel/2023-07-01 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html http://www.openwall.com/lists/oss-security/2023/07/14/2 http://www.openwall.com/lists/oss-security/2023/07/19/2 http://www.openwall.com/lists/oss-security/2023/07/19/7 http://www.openwall.com/lists/oss-security/2023/07/25/7 Common Vulnerability Exposure (CVE) ID: CVE-2024-40967 Common Vulnerability Exposure (CVE) ID: CVE-2024-53103 Common Vulnerability Exposure (CVE) ID: CVE-2024-53141 Common Vulnerability Exposure (CVE) ID: CVE-2024-53164
Copyright	Copyright (C) 2025 Greenbone AG