Ubuntu: (Multiple Advisories) (CVE-2024-56534): Linux kernel vulnerabilities
Description
In the Linux kernel, the following vulnerability has been resolved: isofs: avoid memory leak in iocharset A memleak was found as below: unreferenced object 0xffff0000d10164d8 (size 8): comm "pool-udisksd", pid 108217, jiffies 4295408555 hex dump (first 8 bytes): 75 74 66 38 00 cc cc cc utf8.... backtrace (crc de430d31): [<ffff800081046e6c>] kmemleak_alloc+0xb8/0xc8 [<ffff8000803e6c3c>] __kmalloc_node_track_caller_noprof+0x380/0x474 [<ffff800080363b74>] kstrdup+0x70/0xfc [<ffff80007bb3c6a4>] isofs_parse_param+0x228/0x2c0 [isofs] [<ffff8000804d7f68>] vfs_parse_fs_param+0xf4/0x164 [<ffff8000804d8064>] vfs_parse_fs_string+0x8c/0xd4 [<ffff8000804d815c>] vfs_parse_monolithic_sep+0xb0/0xfc [<ffff8000804d81d8>] generic_parse_monolithic+0x30/0x3c [<ffff8000804d8bfc>] parse_monolithic_mount_data+0x40/0x4c [<ffff8000804b6a64>] path_mount+0x6c4/0x9ec [<ffff8000804b6e38>] do_mount+0xac/0xc4 [<ffff8000804b7494>] __arm64_sys_mount+0x16c/0x2b0 [<ffff80008002b8dc>] invoke_syscall+0x7c/0x104 [<ffff80008002ba44>] el0_svc_common.constprop.1+0xe0/0x104 [<ffff80008002ba94>] do_el0_svc+0x2c/0x38 [<ffff800081041108>] el0_svc+0x3c/0x1b8 The opt->iocharset is freed inside the isofs_fill_super function, But there may be situations where it's not possible to enter this function. For example, in the get_tree_bdev_flags function,when encountering the situation where "Can't mount, would change RO state," In such a case, isofs_fill_super will not have the opportunity to be called,which means that opt->iocharset will not have the chance to be freed,ultimately leading to a memory leak. Let's move the memory freeing of opt->iocharset into isofs_free_fc function.
Solution(s)
- ubuntu-upgrade-linux-image-6-11-0-1005-realtime
- ubuntu-upgrade-linux-image-6-11-0-1008-raspi
- ubuntu-upgrade-linux-image-6-11-0-1009-aws
- ubuntu-upgrade-linux-image-6-11-0-1009-azure
- ubuntu-upgrade-linux-image-6-11-0-1009-azure-fde
- ubuntu-upgrade-linux-image-6-11-0-1009-gcp
- ubuntu-upgrade-linux-image-6-11-0-1010-lowlatency
- ubuntu-upgrade-linux-image-6-11-0-1010-lowlatency-64k
- ubuntu-upgrade-linux-image-6-11-0-1011-oracle
- ubuntu-upgrade-linux-image-6-11-0-1011-oracle-64k
- ubuntu-upgrade-linux-image-6-11-0-1015-oem
- ubuntu-upgrade-linux-image-6-11-0-18-generic
- ubuntu-upgrade-linux-image-6-11-0-18-generic-64k
- ubuntu-upgrade-linux-image-aws
- ubuntu-upgrade-linux-image-azure
- ubuntu-upgrade-linux-image-azure-fde
- ubuntu-upgrade-linux-image-gcp
- ubuntu-upgrade-linux-image-generic
- ubuntu-upgrade-linux-image-generic-64k
- ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
- ubuntu-upgrade-linux-image-generic-hwe-24-04
- ubuntu-upgrade-linux-image-lowlatency
- ubuntu-upgrade-linux-image-lowlatency-64k
- ubuntu-upgrade-linux-image-oem-24-04
- ubuntu-upgrade-linux-image-oem-24-04a
- ubuntu-upgrade-linux-image-oem-24-04b
- ubuntu-upgrade-linux-image-oracle
- ubuntu-upgrade-linux-image-oracle-64k
- ubuntu-upgrade-linux-image-raspi
- ubuntu-upgrade-linux-image-realtime
- ubuntu-upgrade-linux-image-realtime-hwe-24-04
- ubuntu-upgrade-linux-image-virtual
- ubuntu-upgrade-linux-image-virtual-hwe-24-04
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center