Ubuntu alert USN-7758-1 (linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle)
| From: | Giampaolo Fresi Roglia <giampaolo.fresi.roglia@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7758-1] Linux kernel vulnerability | |
| Date: | Fri, 19 Sep 2025 11:13:51 +0200 | |
| Message-ID: | <87348iu7n4.fsf@canonical.com> |
========================================================================== Ubuntu Security Notice USN-7758-1 September 19, 2025 linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-hwe-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: The system could be made to crash or run programs as an administrator. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke: Linux kernel for Google Container Engine (GKE) systems - linux-gkeop: Linux kernel for Google Container Engine (GKE) systems - linux-lowlatency: Linux low latency kernel - linux-oracle: Linux kernel for Oracle Cloud systems - linux-hwe-6.8: Linux hardware enablement (HWE) kernel - linux-lowlatency-hwe-6.8: Linux low latency kernel Details: It was discovered that the AF_UNIX socket garbage collection implementation in Ubuntu Noble's 6.8 kernel did not properly handle out-of-band (OOB) messages, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS linux-image-6.8.0-1022-gkeop 6.8.0-1022.24 linux-image-6.8.0-1035-gke 6.8.0-1035.39 linux-image-6.8.0-1035-oracle 6.8.0-1035.36 linux-image-6.8.0-1035-oracle-64k 6.8.0-1035.36 linux-image-6.8.0-1038-aws 6.8.0-1038.40 linux-image-6.8.0-1038-aws-64k 6.8.0-1038.40 linux-image-6.8.0-1039-gcp 6.8.0-1039.41 linux-image-6.8.0-1039-gcp-64k 6.8.0-1039.41 linux-image-6.8.0-83-generic 6.8.0-83.83 linux-image-6.8.0-83-generic-64k 6.8.0-83.83 linux-image-6.8.0-83-lowlatency 6.8.0-83.83.1 linux-image-6.8.0-83-lowlatency-64k 6.8.0-83.83.1 linux-image-aws-6.8 6.8.0-1038.40 linux-image-aws-64k-6.8 6.8.0-1038.40 linux-image-aws-64k-lts-24.04 6.8.0-1038.40 linux-image-aws-lts-24.04 6.8.0-1038.40 linux-image-gcp-6.8 6.8.0-1039.41 linux-image-gcp-64k-6.8 6.8.0-1039.41 linux-image-gcp-64k-lts-24.04 6.8.0-1039.41 linux-image-gcp-lts-24.04 6.8.0-1039.41 linux-image-generic 6.8.0-83.83 linux-image-generic-6.8 6.8.0-83.83 linux-image-generic-64k 6.8.0-83.83 linux-image-generic-64k-6.8 6.8.0-83.83 linux-image-generic-lpae 6.8.0-83.83 linux-image-gke 6.8.0-1035.39 linux-image-gke-6.8 6.8.0-1035.39 linux-image-gkeop 6.8.0-1022.24 linux-image-gkeop-6.8 6.8.0-1022.24 linux-image-kvm 6.8.0-83.83 linux-image-lowlatency 6.8.0-83.83.1 linux-image-lowlatency-6.8 6.8.0-83.83.1 linux-image-lowlatency-64k 6.8.0-83.83.1 linux-image-lowlatency-64k-6.8 6.8.0-83.83.1 linux-image-oracle-6.8 6.8.0-1035.36 linux-image-oracle-64k-6.8 6.8.0-1035.36 linux-image-oracle-64k-lts-24.04 6.8.0-1035.36 linux-image-oracle-lts-24.04 6.8.0-1035.36 linux-image-virtual 6.8.0-83.83 linux-image-virtual-6.8 6.8.0-83.83 Ubuntu 22.04 LTS linux-image-6.8.0-83-generic 6.8.0-83.83~22.04.1 linux-image-6.8.0-83-generic-64k 6.8.0-83.83~22.04.1 linux-image-6.8.0-83-lowlatency 6.8.0-83.83.1~22.04.1 linux-image-6.8.0-83-lowlatency-64k 6.8.0-83.83.1~22.04.1 linux-image-generic-6.8 6.8.0-83.83~22.04.1 linux-image-generic-64k-6.8 6.8.0-83.83~22.04.1 linux-image-generic-64k-hwe-22.04 6.8.0-83.83~22.04.1 linux-image-generic-hwe-22.04 6.8.0-83.83~22.04.1 linux-image-lowlatency-6.8 6.8.0-83.83.1~22.04.1 linux-image-lowlatency-64k-6.8 6.8.0-83.83.1~22.04.1 linux-image-lowlatency-64k-hwe-22.04 6.8.0-83.83.1~22.04.1 linux-image-lowlatency-hwe-22.04 6.8.0-83.83.1~22.04.1 linux-image-oem-22.04 6.8.0-83.83~22.04.1 linux-image-oem-22.04a 6.8.0-83.83~22.04.1 linux-image-oem-22.04b 6.8.0-83.83~22.04.1 linux-image-oem-22.04c 6.8.0-83.83~22.04.1 linux-image-oem-22.04d 6.8.0-83.83~22.04.1 linux-image-virtual-6.8 6.8.0-83.83~22.04.1 linux-image-virtual-hwe-22.04 6.8.0-83.83~22.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7758-1 https://launchpad.net/bugs/2121515 Package Information: https://launchpad.net/ubuntu/+source/linux/6.8.0-83.83 https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1038.40 https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1039.41 https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1035.39 https://launchpad.net/ubuntu/+source/linux-gkeop/6.8.0-10... https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8... https://launchpad.net/ubuntu/+source/linux-oracle/6.8.0-1... https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-... https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQHZBAEBCgBDFiEEBcMY+nwS2CY71sUWc4vdAqvdlsYFAmjNHs8lHGdpYW1wYW9s by5mcmVzaS5yb2dsaWFAY2Fub25pY2FsLmNvbQAKCRBzi90Cq92Wxqg0C/4nhc3D Ha1UmEndyqQi5wR2LNX0HV9irMGD96QQEJ3N4obdFm6Ff8YyGdJ/rifE7uA/GFGA F9JJFDwGnWMIiCa6MHf4cE24mwOBfcSc4n2raTMFre80t8O0HP2qwE5Gi4RmnTsr nNbNt5wD9y0cnFtpyXSL/nFhYM3T8wHeq7lwD/aSZYix0+qn9Pq0BfxlhhJ2CZtN Lqhef6EMME3yoHuWnk2lxG2YVzFySveZ+0TOwI9VzGCw5Y1yX5VQnZGuzi0tAOg5 6/zlrlniLr5pZ2dF6T/6vrQ3t+WG6y6+vVC8tUlMVVXlxY0F9W0Zru08hEWt/fpf 80v9fInJu6FCnlwCJMIuZuLMgFIvdy5J72CLmqhPAd+UQeI+GO9cTjcDNpux5iJe HL4a4pBIQbIjE2FYb954JgoMXvs26PfXzWpj23x+W8IVbfQMEuPsQo8WmzwieWHW rxsDmOolFDotU8a4+oPHxaknWzkT5kXc5nLtzz3vIvab3jrpSZc6lNiCQ2A= =L5zN -----END PGP SIGNATURE-----