Ubuntu Security Notices
LSN-0113-1

LSN-0113-1: Kernel Live Patch Security Notice

Publication date

10 July 2025

Overview

Several security issues were fixed in the kernel.

Releases

24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS 14.04 LTS

Software description

aws – Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1159, >= 5.4.0-1009, >= 5.4.0-1061, >= 5.15.0-1000, >= 6.8.0-1008, >= 4.4.0-1159)
aws-5.15 – Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems - (>= 4.15.0-1126)
azure – Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 5.15.0-1000, >= 6.8.0-1007, >= 4.15.0-1114)
azure-4.15 – Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1168)
azure-5.15 – Linux kernel for Microsoft Azure cloud systems - (>= 5.15.0-1069)
gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009, >= 5.15.0-1000, >= 6.8.0-1007, >= 4.15.0-1118)
gcp-4.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 4.15.0-1154)
gcp-5.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000)
generic-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-214, >= 4.15.0-143)
generic-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-243)

aws – Linux kernel for Amazon Web Services (AWS) systems - (>= 4.15.0-1159, >= 5.4.0-1009, >= 5.4.0-1061, >= 5.15.0-1000, >= 6.8.0-1008, >= 4.4.0-1159)
aws-5.15 – Linux kernel for Amazon Web Services (AWS) systems - (>= 5.15.0-1000)
aws-hwe – Linux kernel for Amazon Web Services (AWS-HWE) systems - (>= 4.15.0-1126)
azure – Linux kernel for Microsoft Azure Cloud systems - (>= 5.4.0-1010, >= 5.15.0-1000, >= 6.8.0-1007, >= 4.15.0-1114)
azure-4.15 – Linux kernel for Microsoft Azure Cloud systems - (>= 4.15.0-1168)
azure-5.15 – Linux kernel for Microsoft Azure cloud systems - (>= 5.15.0-1069)
gcp – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.4.0-1009, >= 5.15.0-1000, >= 6.8.0-1007, >= 4.15.0-1118)
gcp-4.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 4.15.0-1154)
gcp-5.15 – Linux kernel for Google Cloud Platform (GCP) systems - (>= 5.15.0-1000)
generic-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-214, >= 4.15.0-143)
generic-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-243)
generic-5.15 – Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
generic-5.4 – Linux kernel - (>= 5.4.0-150, >= 5.4.0-26)
gke – Linux kernel for Google Container Engine (GKE) systems - (>= 5.15.0-1000)
gkeop – Linux kernel for Google Container Engine (GKE) systems - (>= 5.4.0-1009)
ibm – Linux kernel for IBM cloud systems - (>= 5.4.0-1009, >= 5.15.0-1000, >= 6.8.0-1005)
ibm-5.15 – Linux kernel for IBM cloud systems - (>= 5.15.0-1000)
linux – Linux kernel - (>= 5.15.0-71, >= 5.15.0-24, >= 6.8.0-1)
lowlatency-4.15 – Linux hardware enablement (HWE) kernel - (>= 4.15.0-214, >= 4.15.0-143)
lowlatency-4.4 – Linux kernel - (>= 4.4.0-168, >= 4.4.0-243)
lowlatency-5.15 – Linux hardware enablement (HWE) kernel - (>= 5.15.0-0)
lowlatency-5.4 – Linux kernel - (>= 5.4.0-150, >= 5.4.0-26)
oracle – Linux kernel for Oracle Cloud systems - (>= 4.15.0-1129, >= 5.4.0-1121, >= 5.15.0-1055, >= 6.8.0-1005)
oracle-5.15 – Linux kernel for Oracle Cloud systems - (>= 5.15.0-1055)

Details

In the Linux kernel, the following vulnerability has been
resolved: smb: client: fix UAF in async decryption Doing an async
decryption (large read) crashes with a slab-use-after-free way down in the
crypto API.

In the Linux kernel, the following vulnerability has been
resolved: ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
After an insertion in TNC, the tree might split and cause a node to change
its znode->parent.

In the Linux kernel, the following vulnerability has been
resolved: drm/amdgpu: fix usage slab after free

In the Linux kernel, the following vulnerability has been
resolved: jfs: fix array-index-out-of-bounds in jfs_readdir The stbl might
contain some invalid values.

In the Linux kernel, the following vulnerability has been
resolved: drm/amd/display: Fix out-of-bounds access in
'dcn21_link_encoder_create' An issue was identified in...

In the Linux kernel, the following vulnerability has been
resolved: drm/amdgpu: fix usage slab after free

In the Linux kernel, the following vulnerability has been
resolved: jfs: fix array-index-out-of-bounds in jfs_readdir The stbl might
contain some invalid values.

In the Linux kernel, the following vulnerability has been
resolved: drm/amd/display: Fix out-of-bounds access in
'dcn21_link_encoder_create' An issue was identified in the
dcn21_link_encoder_create function where an out-of-bounds access could
occur when the hpd_source index was used to reference the link_enc_hpd_regs
array.

In the Linux kernel, the following vulnerability has been
resolved: jffs2: Prevent rtime decompress memory corruption The rtime
decompression routine does not fully check bounds during the entirety of
the decompression pass and can corrupt memory outside the decompression
buffer if the compressed data is corrupted.

Checking update status

To check your kernel type and Livepatch version, enter this command:

canonical-livepatch status

The problem can be corrected in these Livepatch versions:

Kernel type	24.04	22.04	20.04	18.04	16.04	14.04
aws	113.1	113.1	113.1	113.1	113.1	—
aws-5.15	—	—	113.1	—	—	—
aws-hwe	—	—	—	—	113.1	—
azure	113.1	113.1	113.1	—	113.1	—
azure-4.15	—	—	—	113.1	—	—
azure-5.15	—	—	113.1	—	—	—
gcp	113.1	113.1	113.1	—	113.1	—
gcp-4.15	—	—	—	113.1	—	—
gcp-5.15	—	—	113.1	—	—	—
generic-4.15	—	—	—	113.1	113.1	—
generic-4.4	—	—	—	—	113.1	113.1
generic-5.15	—	—	113.1	—	—	—
generic-5.4	—	—	113.1	113.1	—	—
gke	—	113.1	—	—	—	—
gkeop	—	—	113.1	—	—	—
ibm	113.1	113.1	113.1	—	—	—
ibm-5.15	—	—	113.1	—	—	—
linux	113.1	113.1	—	—	—	—
lowlatency-4.15	—	—	—	113.1	113.1	—
lowlatency-4.4	—	—	—	—	113.1	113.1
lowlatency-5.15	—	—	113.1	—	—	—
lowlatency-5.4	—	—	113.1	113.1	—	—
oracle	113.1	113.1	113.1	113.1	—	—
oracle-5.15	—	—	113.1	—	—	—

References

Have additional questions?

Talk to a member of the team ›