Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro.
"In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining operations on the Docker host," researchers Abdelrahman Esmail and Sunil Bharti said in a technical

Docker Security / Cloud Security

Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro.

"In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining operations on the Docker host," researchers Abdelrahman Esmail and Sunil Bharti said in a technical report published today.

"The attacker first checked the availability and version of the Docker API, then proceeds with requests for gRPC/h2c upgrades and gRPC methods to manipulate Docker functionalities."

It all starts with the attacker conducting a discovery process to check for public-facing Docker API hosts and the availability of HTTP/2 protocol upgrades in order to follow up with a connection upgrade request to the h2c protocol (i.e., HTTP/2 sans TLS encryption).

The adversary also proceeds to check for gRPC methods that are designed to carry out various tasks pertaining to managing and operating Docker environments, including those related to health checks, file synchronization, authentication, secrets management, and SSH forwarding.

Once the server processes the connection upgrade request, a "/moby.buildkit.v1.Control/Solve" gRPC request is sent to create a container and then use it to mine the XRP cryptocurrency using the SRBMiner payload hosted on GitHub.

"The malicious actor in this case leveraged the gRPC protocol over h2c, effectively bypassing several security layers to deploy the SRBMiner crypto miner on the Docker host and mine XRP cryptocurrency illicitly," the researchers said.

The disclosure comes as the cybersecurity company said it also observed attackers exploiting exposed Docker remote API servers to deploy the perfctl malware. The campaign entails probing for such servers, followed by creating a Docker container with the image "ubuntu:mantic-20240405" and executing a Base64-encoded payload.

The shell script, besides checking and terminating duplicate instances of itself, creates a bash script that, in turn, contains another Base64-encoded payload responsible for downloading a malicious binary that masquerades as a PHP file ("avatar.php") and delivers a payload named httpd, echoing a report from Aqua earlier this month.

Users are recommended to secure Docker remote API servers by implementing strong access controls and authentication mechanisms to prevent unauthorized access, monitor them for any unusual activities, and implement container security best practices.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks

Ubuntu Security Notice 7077-1 - Enrique Nissim and Krzysztof Okupski discovered that some AMD processors did not properly restrict access to the System Management Mode configuration when the SMM Lock was enabled. A privileged local attacker could possibly use this issue to further escalate their privileges and execute arbitrary code within the processor's firmware layer.

==========================================================================  
Ubuntu Security Notice USN-7077-1  
October 21, 2024

amd64-microcode vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

AMD processors may allow a privileged local attacker to further escalate their  
privileged and execute arbitrary code within the processor's firmware layer.

Software Description:  
- amd64-microcode: Platform firmware and microcode for AMD CPUs and SoCs

Details:

Enrique Nissim and Krzysztof Okupski discovered that some AMD processors  
did not properly restrict access to the System Management Mode (SMM)  
configuration when the SMM Lock was enabled. A privileged local attacker  
could possibly use this issue to further escalate their privileges and  
execute arbitrary code within the processor's firmware layer.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  amd64-microcode                 3.20240116.2+nmu1ubuntu1.1

Ubuntu 24.04 LTS  
  amd64-microcode                 3.20231019.1ubuntu2.1

Ubuntu 22.04 LTS  
  amd64-microcode                 3.20191218.1ubuntu2.3

Ubuntu 20.04 LTS  
  amd64-microcode                 3.20191218.1ubuntu1.3

Ubuntu 18.04 LTS  
  amd64-microcode                 3.20191021.1+really3.20181128.1~ubuntu0.18.04.1+esm3  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  amd64-microcode                 3.20191021.1+really3.20180524.1~ubuntu0.16.04.2+esm3  
                                  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make  
all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7077-1  
  CVE-2023-31315

Package Information:  
  https://launchpad.net/ubuntu/+source/amd64-microcode/3.20240116.2+nmu1ubuntu1.1  
  https://launchpad.net/ubuntu/+source/amd64-microcode/3.20231019.1ubuntu2.1  
  https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191218.1ubuntu2.3  
  https://launchpad.net/ubuntu/+source/amd64-microcode/3.20191218.1ubuntu1.3

Ubuntu Security Notice USN-7077-1

Ubuntu Security Notice 7076-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7076-1October 17, 2024linux-azure, linux-azure-5.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Microsoft Azure Network Adapter (MANA) driver;  - Watchdog drivers;  - Netfilter;  - Network traffic control;(CVE-2024-27397, CVE-2024-45016, CVE-2024-45001, CVE-2024-38630)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1074-azure   5.15.0-1074.83  linux-image-azure-lts-22.04     5.15.0.1074.72Ubuntu 20.04 LTS  linux-image-5.15.0-1074-azure   5.15.0-1074.83~20.04.1  linux-image-azure               5.15.0.1074.83~20.04.1  linux-image-azure-cvm           5.15.0.1074.83~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7076-1  CVE-2024-27397, CVE-2024-38630, CVE-2024-45001, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1074.83  https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1074.83~20.04.1

Ubuntu Security Notice USN-7076-1

Ubuntu Security Notice 7074-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7074-1October 17, 2024linux-azure vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Microsoft Azure Network Adapter (MANA) driver;  - Network traffic control;(CVE-2024-45016, CVE-2024-45001)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1016-azure    6.8.0-1016.18  linux-image-6.8.0-1016-azure-fde  6.8.0-1016.18  linux-image-azure               6.8.0-1016.18  linux-image-azure-fde           6.8.0-1016.18After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7074-1  CVE-2024-45001, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1016.18

Ubuntu Security Notice USN-7074-1

Ubuntu Security Notice 7073-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7073-2October 17, 2024linux-azure, linux-azure-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Watchdog drivers;  - Netfilter;  - Memory management;  - Network traffic control;(CVE-2024-27397, CVE-2024-38630, CVE-2024-45016, CVE-2024-26960)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1139-azure    5.4.0-1139.146  linux-image-azure-lts-20.04     5.4.0.1139.133Ubuntu 18.04 LTS  linux-image-5.4.0-1139-azure    5.4.0-1139.146~18.04.1                                  Available with Ubuntu Pro  linux-image-azure               5.4.0.1139.146~18.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7073-2  https://ubuntu.com/security/notices/USN-7073-1  CVE-2024-26960, CVE-2024-27397, CVE-2024-38630, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1139.146

Ubuntu Security Notice USN-7073-2

Ubuntu Security Notice 7069-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7069-2October 17, 2024linux-azure vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTS- Ubuntu 14.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - x86 architecture;  - Cryptographic API;  - CPU frequency scaling framework;  - HW tracing;  - ISDN/mISDN subsystem;  - Media drivers;  - Network drivers;  - NVME drivers;  - S/390 drivers;  - SCSI drivers;  - USB subsystem;  - VFIO drivers;  - Watchdog drivers;  - JFS file system;  - IRQ subsystem;  - Core kernel;  - Memory management;  - Amateur Radio drivers;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - Network traffic control;  - TIPC protocol;  - XFRM subsystem;  - Integrity Measurement Architecture(IMA) framework;  - SoC Audio for Freescale CPUs drivers;  - USB sound devices;(CVE-2024-36971, CVE-2024-42271, CVE-2024-38630, CVE-2024-38602,CVE-2024-42223, CVE-2024-44940, CVE-2023-52528, CVE-2024-41097,CVE-2024-27051, CVE-2024-42157, CVE-2024-46673, CVE-2024-39494,CVE-2024-42089, CVE-2024-41073, CVE-2024-26810, CVE-2024-26960,CVE-2024-38611, CVE-2024-31076, CVE-2024-26754, CVE-2023-52510,CVE-2024-40941, CVE-2024-45016, CVE-2024-38627, CVE-2024-38621,CVE-2024-39487, CVE-2024-27436, CVE-2024-40901, CVE-2024-26812,CVE-2024-42244, CVE-2024-42229, CVE-2024-43858, CVE-2024-42280,CVE-2024-26641, CVE-2024-42284, CVE-2024-26602)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS  linux-image-4.15.0-1182-azure   4.15.0-1182.197~16.04.1                                  Available with Ubuntu Pro  linux-image-azure               4.15.0.1182.197~16.04.1                                  Available with Ubuntu ProUbuntu 14.04 LTS  linux-image-4.15.0-1182-azure   4.15.0-1182.197~14.04.1                                  Available with Ubuntu Pro  linux-image-azure               4.15.0.1182.197~14.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7069-2  https://ubuntu.com/security/notices/USN-7069-1  CVE-2023-52510, CVE-2023-52528, CVE-2024-26602, CVE-2024-26641,  CVE-2024-26754, CVE-2024-26810, CVE-2024-26812, CVE-2024-26960,  CVE-2024-27051, CVE-2024-27436, CVE-2024-31076, CVE-2024-36971,  CVE-2024-38602, CVE-2024-38611, CVE-2024-38621, CVE-2024-38627,  CVE-2024-38630, CVE-2024-39487, CVE-2024-39494, CVE-2024-40901,  CVE-2024-40941, CVE-2024-41073, CVE-2024-41097, CVE-2024-42089,  CVE-2024-42157, CVE-2024-42223, CVE-2024-42229, CVE-2024-42244,  CVE-2024-42271, CVE-2024-42280, CVE-2024-42284, CVE-2024-43858,  CVE-2024-44940, CVE-2024-45016, CVE-2024-46673

Ubuntu Security Notice USN-7069-2

Ubuntu Security Notice 7028-2 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7028-2October 17, 2024linux-azure vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systemsDetails:It was discovered that the JFS file system contained an out-of-bounds readvulnerability when printing xattr debug information. A local attacker coulduse this to cause a denial of service (system crash).Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - Greybus drivers;  - Modular ISDN driver;  - Multiple devices driver;  - Network drivers;  - SCSI drivers;  - VFIO drivers;  - F2FS file system;  - GFS2 file system;  - JFS file system;  - NILFS2 file system;  - Kernel debugger infrastructure;  - Bluetooth subsystem;  - IPv4 networking;  - L2TP protocol;  - Netfilter;  - RxRPC session sockets;(CVE-2024-42154, CVE-2023-52527, CVE-2024-26733, CVE-2024-42160,CVE-2021-47188, CVE-2024-38570, CVE-2024-26851, CVE-2024-26984,CVE-2024-26677, CVE-2024-39480, CVE-2024-27398, CVE-2022-48791,CVE-2024-42224, CVE-2024-38583, CVE-2024-40902, CVE-2023-52809,CVE-2024-39495, CVE-2024-26651, CVE-2024-26880, CVE-2024-42228,CVE-2024-27437, CVE-2022-48863)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 LTS  linux-image-4.15.0-1181-azure   4.15.0-1181.196~14.04.1                                  Available with Ubuntu Pro  linux-image-azure               4.15.0-1181.196~14.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7028-2  https://ubuntu.com/security/notices/USN-7028-1  CVE-2021-47188, CVE-2022-48791, CVE-2022-48863, CVE-2023-52527,  CVE-2023-52809, CVE-2024-26651, CVE-2024-26677, CVE-2024-26733,  CVE-2024-26851, CVE-2024-26880, CVE-2024-26984, CVE-2024-27398,  CVE-2024-27437, CVE-2024-38570, CVE-2024-38583, CVE-2024-39480,  CVE-2024-39495, CVE-2024-40902, CVE-2024-42154, CVE-2024-42160,  CVE-2024-42224, CVE-2024-42228

Ubuntu Security Notice USN-7028-2

Ubuntu Security Notice 7059-2 - USN-7059-1 fixed a vulnerability in OATH Toolkit library. This update provides the corresponding update for Ubuntu 24.10. Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack.

==========================================================================

Ubuntu Security Notice USN-7059-2  
October 17, 2024

oath-toolkit vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10

Summary:

OATH Toolkit could be made to overwrite files as the administrator.

Software Description:  
- oath-toolkit: Development files for the OATH Toolkit Liboath library

Details:

USN-7059-1 fixed a vulnerability in OATH Toolkit library. This  
update provides the corresponding update for Ubuntu 24.10.

Original advisory details:

 Fabian Vogt discovered that OATH Toolkit incorrectly handled file  
 permissions. A remote attacker could possibly use this issue to  
 overwrite root owned files, leading to a privilege escalation attack.  
 (CVE-2024-47191)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  liboath-dev                     2.6.11-3ubuntu1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-7059-2   
<https://ubuntu.com/security/notices/USN-7059-2>  
https://ubuntu.com/security/notices/USN-7059-1   
<https://ubuntu.com/security/notices/USN-7059-1>  
  CVE-2024-47191

Package Information:  
https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.11-3ubuntu1   
<https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.11-3ubuntu1>

Ubuntu Security Notice USN-7059-2

Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after successfully gaining access to the group's affiliate panel on the dark web.
Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301 persona on the RAMP cybercrime forum via the Tox messaging service after the latter put out an

Ransomware / Network Security

Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called **Cicada3301** after successfully gaining access to the group's affiliate panel on the dark web.

Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301 persona on the RAMP cybercrime forum via the Tox messaging service after the latter put out an advertisement, calling for new partners into its affiliate program.

"Within the dashboard of the Affiliates' panel of Cicada3301 ransomware group contained sections such as Dashboard, News, Companies, Chat Companies, Chat Support, Account, an FAQ section, and Log Out," researchers Nikolay Kichatov and Sharmine Low said in a new analysis published today.

Cicada3301 first came to light in June 2024, with the cybersecurity community uncovering strong source code similarities with the now-defunct BlackCat ransomware group. The RaaS scheme is estimated to have compromised no less than 30 organizations across critical sectors, most of which are located in the U.S. and the U.K.

The Rust-based ransomware is cross-platform, allowing affiliates to target devices running Windows, Linux distributions Ubuntu, Debian, CentOS, Rocky Linux, Scientific Linux, SUSE, Fedora, ESXi, NAS, PowerPC, PowerPC64, and PowerPC64LE.

Like other ransomware strains, attacks involving Cicada3301 have the ability to either fully or partially encrypt files, but not before shutting down virtual machines, inhibiting system recovery, terminating processes and services, and deleting shadow copies. It's also capable of encrypting network shares for maximum impact.

"Cicada3301 runs an affiliate program recruiting penetration testers (pentesters) and access brokers, offering a 20% commission, and providing a web-based panel with extensive features for affiliates," the researchers noted.

A summary of the different sections is as follows -

*   **Dashboard** - An overview of the successful or failed logins by the affiliate, and the number of companies attacked
*   **News** - Information about product updates and news of the Cicada3301 ransomware program
*   **Companies** - Provides options to add victims (i.e., company name, ransom amount demanded, discount expiration date etc.) and create Cicada3301 ransomware builds
*   **Chat Companies** - An interface to communicate and negotiate with victims
*   **Chat Support** - An interface for the affiliates to communicate with representatives of the Cicada3301 ransomware group to resolve issues
*   **Account** - A section devoted to affiliate account management and resetting their password
*   **FAQ** - Provides details about rules and guides on creating victims in the "Companies" section, configuring the builder, and steps to execute the ransomware on different operating systems

"The Cicada3301 ransomware group has rapidly established itself as a significant threat in the ransomware landscape, due to its sophisticated operations and advanced tooling," the researchers said.

"By leveraging ChaCha20 + RSA encryption and offering a customizable affiliate panel, Cicada3301 enables its affiliates to execute highly targeted attacks. Their approach of exfiltrating data before encryption adds an additional layer of pressure on victims, while the ability to halt virtual machines increases the impact of their attacks."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

Ubuntu Security Notice 7073-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7073-1October 16, 2024linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-gcp,linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4,linux-xilinx-zynqmp vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-bluefield: Linux kernel for NVIDIA BlueField platforms- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systems- linux-oracle-5.4: Linux kernel for Oracle Cloud systems- linux-raspi-5.4: Linux kernel for Raspberry Pi systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Watchdog drivers;  - Netfilter;  - Memory management;  - Network traffic control;(CVE-2024-27397, CVE-2024-38630, CVE-2024-45016, CVE-2024-26960)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1053-xilinx-zynqmp  5.4.0-1053.57  linux-image-5.4.0-1081-ibm      5.4.0-1081.86  linux-image-5.4.0-1094-bluefield  5.4.0-1094.101  linux-image-5.4.0-1101-gkeop    5.4.0-1101.105  linux-image-5.4.0-1118-raspi    5.4.0-1118.130  linux-image-5.4.0-1122-kvm      5.4.0-1122.130  linux-image-5.4.0-1133-oracle   5.4.0-1133.142  linux-image-5.4.0-1134-aws      5.4.0-1134.144  linux-image-5.4.0-1138-gcp      5.4.0-1138.147  linux-image-5.4.0-198-generic   5.4.0-198.218  linux-image-5.4.0-198-generic-lpae  5.4.0-198.218  linux-image-5.4.0-198-lowlatency  5.4.0-198.218  linux-image-aws-lts-20.04       5.4.0.1134.131  linux-image-bluefield           5.4.0.1094.90  linux-image-gcp-lts-20.04       5.4.0.1138.140  linux-image-generic             5.4.0.198.196  linux-image-generic-lpae        5.4.0.198.196  linux-image-gkeop               5.4.0.1101.99  linux-image-gkeop-5.4           5.4.0.1101.99  linux-image-ibm-lts-20.04       5.4.0.1081.110  linux-image-kvm                 5.4.0.1122.118  linux-image-lowlatency          5.4.0.198.196  linux-image-oem                 5.4.0.198.196  linux-image-oem-osp1            5.4.0.198.196  linux-image-oracle-lts-20.04    5.4.0.1133.126  linux-image-raspi               5.4.0.1118.148  linux-image-raspi2              5.4.0.1118.148  linux-image-virtual             5.4.0.198.196  linux-image-xilinx-zynqmp       5.4.0.1053.53Ubuntu 18.04 LTS  linux-image-5.4.0-1081-ibm      5.4.0-1081.86~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-1118-raspi    5.4.0-1118.130~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-1133-oracle   5.4.0-1133.142~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-1134-aws      5.4.0-1134.144~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-1138-gcp      5.4.0-1138.147~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-198-generic   5.4.0-198.218~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-198-lowlatency  5.4.0-198.218~18.04.1                                  Available with Ubuntu Pro  linux-image-aws                 5.4.0.1134.144~18.04.1                                  Available with Ubuntu Pro  linux-image-gcp                 5.4.0.1138.147~18.04.1                                  Available with Ubuntu Pro  linux-image-generic-hwe-18.04   5.4.0.198.218~18.04.1                                  Available with Ubuntu Pro  linux-image-ibm                 5.4.0.1081.86~18.04.1                                  Available with Ubuntu Pro  linux-image-lowlatency-hwe-18.04  5.4.0.198.218~18.04.1                                  Available with Ubuntu Pro  linux-image-oem                 5.4.0.198.218~18.04.1                                  Available with Ubuntu Pro  linux-image-oem-osp1            5.4.0.198.218~18.04.1                                  Available with Ubuntu Pro  linux-image-oracle              5.4.0.1133.142~18.04.1                                  Available with Ubuntu Pro  linux-image-raspi-hwe-18.04     5.4.0.1118.130~18.04.1                                  Available with Ubuntu Pro  linux-image-snapdragon-hwe-18.04  5.4.0.198.218~18.04.1                                  Available with Ubuntu Pro  linux-image-virtual-hwe-18.04   5.4.0.198.218~18.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7073-1  CVE-2024-26960, CVE-2024-27397, CVE-2024-38630, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux/5.4.0-198.218  https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1134.144  https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1094.101  https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1138.147  https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1101.105  https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1081.86  https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1122.130  https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1133.142  https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1118.130  https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1053.57

Tag

#ubuntu