Ubuntu: (Multiple Advisories) (CVE-2024-36019): Linux kernel vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2024-36019): Linux kernel vulnerabilities

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

05/30/2024

Created

07/12/2024

Added

07/12/2024

Modified

07/29/2024

Description

In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcache_maple_drop() When keeping the upper end of a cache block entry, the entry[] array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code was indexing entry[] by only the register address, leading to an out-of-bounds access that copied some part of the kernel memory over the cache contents. This bug was not detected by the regmap KUnit test because it only tests with a block of registers starting at 0, so mas.index == 0.

Solution(s)

• ubuntu-upgrade-linux-image-6-8-0-1006-gke
• ubuntu-upgrade-linux-image-6-8-0-1007-intel
• ubuntu-upgrade-linux-image-6-8-0-1007-raspi
• ubuntu-upgrade-linux-image-6-8-0-1008-ibm
• ubuntu-upgrade-linux-image-6-8-0-1008-oem
• ubuntu-upgrade-linux-image-6-8-0-1008-oracle
• ubuntu-upgrade-linux-image-6-8-0-1008-oracle-64k
• ubuntu-upgrade-linux-image-6-8-0-1009-nvidia
• ubuntu-upgrade-linux-image-6-8-0-1009-nvidia-64k
• ubuntu-upgrade-linux-image-6-8-0-1010-azure
• ubuntu-upgrade-linux-image-6-8-0-1010-azure-fde
• ubuntu-upgrade-linux-image-6-8-0-1010-gcp
• ubuntu-upgrade-linux-image-6-8-0-1011-aws
• ubuntu-upgrade-linux-image-6-8-0-38-generic
• ubuntu-upgrade-linux-image-6-8-0-38-generic-64k
• ubuntu-upgrade-linux-image-6-8-0-38-lowlatency
• ubuntu-upgrade-linux-image-6-8-0-38-lowlatency-64k
• ubuntu-upgrade-linux-image-aws
• ubuntu-upgrade-linux-image-azure
• ubuntu-upgrade-linux-image-azure-fde
• ubuntu-upgrade-linux-image-gcp
• ubuntu-upgrade-linux-image-generic
• ubuntu-upgrade-linux-image-generic-64k
• ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
• ubuntu-upgrade-linux-image-generic-hwe-24-04
• ubuntu-upgrade-linux-image-generic-lpae
• ubuntu-upgrade-linux-image-gke
• ubuntu-upgrade-linux-image-ibm
• ubuntu-upgrade-linux-image-ibm-classic
• ubuntu-upgrade-linux-image-ibm-lts-24-04
• ubuntu-upgrade-linux-image-intel
• ubuntu-upgrade-linux-image-kvm
• ubuntu-upgrade-linux-image-lowlatency
• ubuntu-upgrade-linux-image-lowlatency-64k
• ubuntu-upgrade-linux-image-nvidia
• ubuntu-upgrade-linux-image-nvidia-64k
• ubuntu-upgrade-linux-image-oem-24-04
• ubuntu-upgrade-linux-image-oem-24-04a
• ubuntu-upgrade-linux-image-oracle
• ubuntu-upgrade-linux-image-oracle-64k
• ubuntu-upgrade-linux-image-raspi
• ubuntu-upgrade-linux-image-virtual
• ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

• https://attackerkb.com/topics/cve-2024-36019
• CVE - 2024-36019
• USN-6893-1
• USN-6893-2
• USN-6893-3
• USN-6918-1