Ubuntu: (Multiple Advisories) (CVE-2024-46679): Linux kernel vulnerabilities
Description
In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception RIP: qed_get_current_link+17] #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede] #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4 #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300 #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3 #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1 #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb crash> struct net_device.state ffff9a9d21336000 state = 5, state 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100). The device is not present, note lack of __LINK_STATE_PRESENT (0b10). This is the same sort of panic as observed in commit 4224cfd7fb65 ("net-sysfs: add check for netdevice being present to speed_show"). There are many other callers of __ethtool_get_link_ksettings() which don't have a device presence check. Move this check into ethtool to protect all callers.
Solution(s)
- ubuntu-upgrade-linux-image-5-15-0-1038-xilinx-zynqmp
- ubuntu-upgrade-linux-image-5-15-0-1055-gkeop
- ubuntu-upgrade-linux-image-5-15-0-1065-ibm
- ubuntu-upgrade-linux-image-5-15-0-1065-raspi
- ubuntu-upgrade-linux-image-5-15-0-1067-nvidia
- ubuntu-upgrade-linux-image-5-15-0-1067-nvidia-lowlatency
- ubuntu-upgrade-linux-image-5-15-0-1069-gke
- ubuntu-upgrade-linux-image-5-15-0-1069-kvm
- ubuntu-upgrade-linux-image-5-15-0-1070-oracle
- ubuntu-upgrade-linux-image-5-15-0-1071-gcp
- ubuntu-upgrade-linux-image-5-15-0-1072-aws
- ubuntu-upgrade-linux-image-5-15-0-1075-azure
- ubuntu-upgrade-linux-image-5-15-0-125-generic
- ubuntu-upgrade-linux-image-5-15-0-125-generic-64k
- ubuntu-upgrade-linux-image-5-15-0-125-generic-lpae
- ubuntu-upgrade-linux-image-5-15-0-125-lowlatency
- ubuntu-upgrade-linux-image-5-15-0-125-lowlatency-64k
- ubuntu-upgrade-linux-image-5-4-0-1044-iot
- ubuntu-upgrade-linux-image-5-4-0-1054-xilinx-zynqmp
- ubuntu-upgrade-linux-image-5-4-0-1082-ibm
- ubuntu-upgrade-linux-image-5-4-0-1094-bluefield
- ubuntu-upgrade-linux-image-5-4-0-1102-gkeop
- ubuntu-upgrade-linux-image-5-4-0-1119-raspi
- ubuntu-upgrade-linux-image-5-4-0-1123-kvm
- ubuntu-upgrade-linux-image-5-4-0-1134-oracle
- ubuntu-upgrade-linux-image-5-4-0-1135-aws
- ubuntu-upgrade-linux-image-5-4-0-1139-azure
- ubuntu-upgrade-linux-image-5-4-0-1139-gcp
- ubuntu-upgrade-linux-image-5-4-0-1140-azure
- ubuntu-upgrade-linux-image-5-4-0-200-generic
- ubuntu-upgrade-linux-image-5-4-0-200-generic-lpae
- ubuntu-upgrade-linux-image-5-4-0-200-lowlatency
- ubuntu-upgrade-linux-image-aws
- ubuntu-upgrade-linux-image-aws-lts-20-04
- ubuntu-upgrade-linux-image-aws-lts-22-04
- ubuntu-upgrade-linux-image-azure
- ubuntu-upgrade-linux-image-azure-lts-20-04
- ubuntu-upgrade-linux-image-azure-lts-22-04
- ubuntu-upgrade-linux-image-bluefield
- ubuntu-upgrade-linux-image-gcp
- ubuntu-upgrade-linux-image-gcp-lts-20-04
- ubuntu-upgrade-linux-image-gcp-lts-22-04
- ubuntu-upgrade-linux-image-generic
- ubuntu-upgrade-linux-image-generic-64k
- ubuntu-upgrade-linux-image-generic-64k-hwe-20-04
- ubuntu-upgrade-linux-image-generic-hwe-18-04
- ubuntu-upgrade-linux-image-generic-hwe-20-04
- ubuntu-upgrade-linux-image-generic-lpae
- ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04
- ubuntu-upgrade-linux-image-gke
- ubuntu-upgrade-linux-image-gke-5-15
- ubuntu-upgrade-linux-image-gkeop
- ubuntu-upgrade-linux-image-gkeop-5-15
- ubuntu-upgrade-linux-image-gkeop-5-4
- ubuntu-upgrade-linux-image-ibm
- ubuntu-upgrade-linux-image-ibm-lts-20-04
- ubuntu-upgrade-linux-image-kvm
- ubuntu-upgrade-linux-image-lowlatency
- ubuntu-upgrade-linux-image-lowlatency-64k
- ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04
- ubuntu-upgrade-linux-image-lowlatency-hwe-18-04
- ubuntu-upgrade-linux-image-lowlatency-hwe-20-04
- ubuntu-upgrade-linux-image-nvidia
- ubuntu-upgrade-linux-image-nvidia-lowlatency
- ubuntu-upgrade-linux-image-oem
- ubuntu-upgrade-linux-image-oem-20-04
- ubuntu-upgrade-linux-image-oem-20-04b
- ubuntu-upgrade-linux-image-oem-20-04c
- ubuntu-upgrade-linux-image-oem-20-04d
- ubuntu-upgrade-linux-image-oem-osp1
- ubuntu-upgrade-linux-image-oracle
- ubuntu-upgrade-linux-image-oracle-lts-20-04
- ubuntu-upgrade-linux-image-oracle-lts-22-04
- ubuntu-upgrade-linux-image-raspi
- ubuntu-upgrade-linux-image-raspi-hwe-18-04
- ubuntu-upgrade-linux-image-raspi-nolpae
- ubuntu-upgrade-linux-image-raspi2
- ubuntu-upgrade-linux-image-snapdragon-hwe-18-04
- ubuntu-upgrade-linux-image-virtual
- ubuntu-upgrade-linux-image-virtual-hwe-18-04
- ubuntu-upgrade-linux-image-virtual-hwe-20-04
- ubuntu-upgrade-linux-image-xilinx-zynqmp
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center