USN-7391-1: Linux kernel vulnerabilities

Releases

• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM

Packages

• linux - Linux kernel
• linux-hwe-5.4 - Linux hardware enablement (HWE) kernel

Details

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

• PowerPC architecture;
• S390 architecture;
• SuperH RISC architecture;
• User-Mode Linux (UML);
• x86 architecture;
• Cryptographic API;
• Virtio block driver;
• Data acquisition framework and drivers;
• Hardware crypto device drivers;
• DMA engine subsystem;
• EDAC drivers;
• ARM SCPI message protocol;
• GPIO subsystem;
• GPU drivers;
• HID subsystem;
• Microsoft Hyper-V drivers;
• I3C subsystem;
• IIO ADC drivers;
• IIO subsystem;
• InfiniBand drivers;
• LED subsystem;
• Multiple devices driver;
• Media drivers;
• Multifunction device drivers;
• MMC subsystem;
• MTD block device drivers;
• Network drivers;
• Mellanox network drivers;
• NVME drivers;
• PCI subsystem;
• Pin controllers subsystem;
• x86 platform drivers;
• Real Time Clock drivers;
• SCSI subsystem;
• SuperH / SH-Mobile drivers;
• QCOM SoC drivers;
• SPI subsystem;
• USB Gadget drivers;
• USB Serial drivers;
• USB Type-C Port Controller Manager driver;
• VFIO drivers;
• Framebuffer layer;
• Xen hypervisor drivers;
• BTRFS file system;
• Ext4 file system;
• F2FS file system;
• GFS2 file system;
• File systems infrastructure;
• JFFS2 file system;
• JFS file system;
• Network file system (NFS) client;
• Network file system (NFS) server daemon;
• NILFS2 file system;
• Overlay file system;
• Proc file system;
• Diskquota system;
• SMB network file system;
• UBI file system;
• Timer subsystem;
• VLANs driver;
• LAPB network protocol;
• Kernel init infrastructure;
• BPF subsystem;
• Kernel CPU control infrastructure;
• Tracing infrastructure;
• Memory management;
• 9P file system network protocol;
• Bluetooth subsystem;
• CAN network layer;
• Networking core;
• DCCP (Datagram Congestion Control Protocol);
• IEEE802154.4 network protocol;
• IPv4 networking;
• IPv6 networking;
• IEEE 802.15.4 subsystem;
• Netfilter;
• Netlink;
• NET/ROM layer;
• Packet sockets;
• Network traffic control;
• SCTP protocol;
• Sun RPC protocol;
• TIPC protocol;
• eXpress Data Path;
• SELinux security module;
• USB sound devices;
  (CVE-2024-53172, CVE-2024-56572, CVE-2024-56739, CVE-2024-56643,
  CVE-2024-53131, CVE-2024-57904, CVE-2024-53145, CVE-2024-57908,
  CVE-2024-53155, CVE-2024-56691, CVE-2024-57901, CVE-2024-56595,
  CVE-2024-55916, CVE-2024-50051, CVE-2024-49936, CVE-2024-57900,
  CVE-2024-53239, CVE-2024-53142, CVE-2024-57889, CVE-2024-53217,
  CVE-2024-56619, CVE-2025-21653, CVE-2024-53140, CVE-2024-53130,
  CVE-2024-43098, CVE-2024-56746, CVE-2024-56650, CVE-2024-56723,
  CVE-2024-56558, CVE-2024-57884, CVE-2024-56601, CVE-2024-56581,
  CVE-2024-57906, CVE-2024-57948, CVE-2024-49996, CVE-2024-56598,
  CVE-2025-21638, CVE-2024-49925, CVE-2024-56767, CVE-2024-53127,
  CVE-2024-53181, CVE-2024-53194, CVE-2024-57902, CVE-2024-56630,
  CVE-2024-56567, CVE-2024-56602, CVE-2024-56562, CVE-2024-56596,
  CVE-2024-56570, CVE-2024-56670, CVE-2024-53135, CVE-2024-56629,
  CVE-2024-56769, CVE-2024-56637, CVE-2024-56681, CVE-2024-57910,
  CVE-2024-57892, CVE-2024-56574, CVE-2024-53121, CVE-2024-56532,
  CVE-2025-21689, CVE-2024-53156, CVE-2024-57912, CVE-2024-56597,
  CVE-2025-21640, CVE-2024-53690, CVE-2024-56548, CVE-2024-56633,
  CVE-2024-43900, CVE-2024-56631, CVE-2021-47219, CVE-2024-56659,
  CVE-2024-53158, CVE-2025-21639, CVE-2024-53136, CVE-2024-56615,
  CVE-2024-56586, CVE-2024-57946, CVE-2024-57911, CVE-2025-21699,
  CVE-2025-21664, CVE-2024-53174, CVE-2024-53184, CVE-2024-53138,
  CVE-2024-53680, CVE-2024-56593, CVE-2024-56644, CVE-2024-56720,
  CVE-2024-53197, CVE-2024-57802, CVE-2024-53157, CVE-2024-56756,
  CVE-2024-53171, CVE-2024-57931, CVE-2024-56600, CVE-2024-53112,
  CVE-2024-56770, CVE-2024-53214, CVE-2024-57849, CVE-2024-57890,
  CVE-2024-56634, CVE-2024-44938, CVE-2024-53183, CVE-2025-21697,
  CVE-2024-57929, CVE-2024-53165, CVE-2024-53161, CVE-2024-53150,
  CVE-2024-56606, CVE-2024-56748, CVE-2024-48881, CVE-2024-56594,
  CVE-2024-56645, CVE-2024-56781, CVE-2024-56531, CVE-2024-56605,
  CVE-2024-56779, CVE-2025-21678, CVE-2024-53227, CVE-2024-56688,
  CVE-2024-56576, CVE-2024-56587, CVE-2024-53124, CVE-2024-49884,
  CVE-2024-57850, CVE-2024-56569, CVE-2024-53148, CVE-2025-21694,
  CVE-2024-56700, CVE-2024-53173, CVE-2024-53198, CVE-2024-52332,
  CVE-2024-47707, CVE-2024-56539, CVE-2024-56704, CVE-2024-56747,
  CVE-2025-21687, CVE-2024-56690, CVE-2022-49034, CVE-2024-57938,
  CVE-2024-57951, CVE-2024-38588, CVE-2024-56603, CVE-2024-57807,
  CVE-2024-56780, CVE-2024-57922, CVE-2024-56642, CVE-2024-57913,
  CVE-2024-53146, CVE-2024-56614, CVE-2024-56694, CVE-2024-56724)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04

• linux-image-5.4.0-211-generic - 5.4.0-211.231
• linux-image-5.4.0-211-generic-lpae - 5.4.0-211.231
• linux-image-5.4.0-211-lowlatency - 5.4.0-211.231
• linux-image-generic - 5.4.0.211.206
• linux-image-generic-lpae - 5.4.0.211.206
• linux-image-lowlatency - 5.4.0.211.206
• linux-image-oem - 5.4.0.211.206
• linux-image-oem-osp1 - 5.4.0.211.206
• linux-image-virtual - 5.4.0.211.206

Ubuntu 18.04

• linux-image-5.4.0-211-generic - 5.4.0-211.231~18.04.1
  Available with Ubuntu Pro
• linux-image-5.4.0-211-lowlatency - 5.4.0-211.231~18.04.1
  Available with Ubuntu Pro
• linux-image-generic-hwe-18.04 - 5.4.0.211.231~18.04.1
  Available with Ubuntu Pro
• linux-image-lowlatency-hwe-18.04 - 5.4.0.211.231~18.04.1
  Available with Ubuntu Pro
• linux-image-oem - 5.4.0.211.231~18.04.1
  Available with Ubuntu Pro
• linux-image-oem-osp1 - 5.4.0.211.231~18.04.1
  Available with Ubuntu Pro
• linux-image-snapdragon-hwe-18.04 - 5.4.0.211.231~18.04.1
  Available with Ubuntu Pro
• linux-image-virtual-hwe-18.04 - 5.4.0.211.231~18.04.1
  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

• CVE-2024-57900
• CVE-2024-53146
• CVE-2024-49925
• CVE-2024-56690
• CVE-2024-56614
• CVE-2024-53181
• CVE-2024-56567
• CVE-2024-56601
• CVE-2025-21638
• CVE-2024-56659
• CVE-2024-53145
• CVE-2024-53131
• CVE-2024-57850
• CVE-2024-23848
• CVE-2024-57938
• CVE-2024-56643
• CVE-2024-56631
• CVE-2024-56531
• CVE-2024-57908
• CVE-2024-56596
• CVE-2024-56724
• CVE-2024-56700
• CVE-2024-57911
• CVE-2024-56642
• CVE-2024-56569
• CVE-2024-53130
• CVE-2024-53112
• CVE-2024-56645
• CVE-2024-56747
• CVE-2024-44938
• CVE-2024-53157
• CVE-2024-56598
• CVE-2024-57906
• CVE-2025-21699
• CVE-2024-56548
• CVE-2024-53214
• CVE-2024-57901
• CVE-2024-56576
• CVE-2024-53142
• CVE-2024-56593
• CVE-2024-56637
• CVE-2024-57890
• CVE-2024-55916
• CVE-2024-53194
• CVE-2024-50051
• CVE-2024-57849
• CVE-2024-56688
• CVE-2024-53135
• CVE-2024-56619
• CVE-2024-57904
• CVE-2024-56748
• CVE-2024-38588
• CVE-2024-57948
• CVE-2025-21640
• CVE-2024-56767
• CVE-2024-53158
• CVE-2024-56634
• CVE-2024-56605
• CVE-2024-53150
• CVE-2024-56603
• CVE-2024-57892
• CVE-2024-57946
• CVE-2025-21697
• CVE-2025-21689
• CVE-2024-48881
• CVE-2024-56644
• CVE-2024-53136
• CVE-2024-56720
• CVE-2024-57889
• CVE-2024-57910
• CVE-2024-53183
• CVE-2024-56532
• CVE-2024-53121
• CVE-2024-53155
• CVE-2024-53148
• CVE-2024-56587
• CVE-2024-53156
• CVE-2024-56586
• CVE-2024-57929
• CVE-2024-53172
• CVE-2024-56723
• CVE-2025-21653
• CVE-2024-56600
• CVE-2024-57912
• CVE-2024-56606
• CVE-2024-53690
• CVE-2024-43098
• CVE-2024-49996
• CVE-2024-53140
• CVE-2024-56615
• CVE-2021-47219
• CVE-2024-53171
• CVE-2024-56746
• CVE-2024-53174
• CVE-2025-21694
• CVE-2024-57951
• CVE-2024-56570
• CVE-2024-56558
• CVE-2024-52332
• CVE-2025-21678
• CVE-2024-49884
• CVE-2024-53227
• CVE-2024-53198
• CVE-2024-56769
• CVE-2024-56756
• CVE-2024-56581
• CVE-2024-56770
• CVE-2024-49936
• CVE-2024-53165
• CVE-2024-56681
• CVE-2025-21639
• CVE-2024-56779
• CVE-2024-57802
• CVE-2024-56594
• CVE-2024-56562
• CVE-2024-56572
• CVE-2024-57902
• CVE-2024-53138
• CVE-2025-21664
• CVE-2024-53127
• CVE-2024-53217
• CVE-2024-56650
• CVE-2024-57913
• CVE-2024-57807
• CVE-2024-56694
• CVE-2024-53161
• CVE-2024-56597
• CVE-2024-56739
• CVE-2024-56780
• CVE-2024-56602
• CVE-2024-56704
• CVE-2024-53239
• CVE-2024-57884
• CVE-2024-56691
• CVE-2024-53184
• CVE-2024-56630
• CVE-2024-56781
• CVE-2024-56629
• CVE-2024-53197
• CVE-2024-57922
• CVE-2024-43900
• CVE-2024-56574
• CVE-2024-57931
• CVE-2024-56633
• CVE-2022-49034
• CVE-2024-53680
• CVE-2024-56539
• CVE-2024-53173
• CVE-2024-56670
• CVE-2024-56595
• CVE-2024-47707
• CVE-2024-53124
• CVE-2025-21687

Related notices

• USN-7379-1
• USN-7380-1
• USN-7381-1
• USN-7382-1
• USN-7387-1
• USN-7388-1
• USN-7387-3
• USN-7389-1
• USN-7390-1
• USN-7387-2
• USN-7392-1
• USN-7392-2
• USN-7393-1
• USN-7276-1
• USN-7277-1
• USN-7310-1
• USN-7301-1
• USN-7304-1
• USN-7303-1
• USN-7303-2
• USN-7311-1
• USN-7303-3
• USN-7384-1
• USN-7385-1
• USN-7386-1
• USN-7383-1
• USN-7383-2
• USN-6999-1
• USN-7004-1
• USN-7005-1
• USN-7007-1
• USN-7005-2
• USN-7008-1
• USN-7009-1
• USN-7019-1
• USN-7007-2
• USN-6999-2
• USN-7007-3
• USN-7029-1
• USN-7009-2
• USN-7342-1
• USN-7344-1
• USN-7344-2
• USN-7154-1
• USN-7155-1
• USN-7156-1
• USN-7154-2
• USN-7196-1
• USN-7332-1
• USN-7332-2
• USN-7332-3
• USN-6949-1
• USN-6952-1
• USN-6955-1
• USN-6949-2
• LSN-0110-1
• USN-7166-1
• USN-7166-2
• USN-7166-3
• USN-7186-1
• USN-7186-2
• USN-7194-1
• USN-7166-4
• USN-7333-1