Ubuntu's USN-7609-1 addresses critical Linux kernel vulnerabilities affecting AWS, GCP, Oracle Cloud, and NVIDIA systems. Learn how to patch CVE-2025-38001, CVE-2025-37997, and other exploits to prevent system compromise. Includes update instructions for Ubuntu 24.04 & 22.04.
Overview: High-Risk Linux Kernel Security Flaws
The Ubuntu Security Notice USN-7609-1 (published July 1, 2025) discloses multiple critical vulnerabilities in the Linux kernel, impacting cloud platforms (AWS, GCP, Oracle), NVIDIA GPUs, and low-latency systems. Attackers could exploit these flaws to gain root access, bypass security controls, or trigger denial-of-service (DoS) attacks.
Affected Systems & Packages
The security update patches vulnerabilities in:
✔ InfiniBand drivers (Remote code execution risks)
✔ Netfilter subsystem (Firewall bypass exploits)
✔ Network traffic control (Packet manipulation vulnerabilities)
Key impacted packages:
linux-aws(Amazon Web Services)linux-gcp(Google Cloud Platform)linux-oracle(Oracle Cloud)linux-nvidia(NVIDIA GPU systems)linux-lowlatency(Real-time workloads)
(See full package list below for version-specific fixes.)
How to Patch Linux Kernel Vulnerabilities
Step 1: Update Your System
Run the following commands:
sudo apt update && sudo apt upgrade -y
Reboot required to apply kernel updates.
Step 2: Recompile Third-Party Kernel Modules
⚠ ABI Change Warning: Due to version incompatibilities, manually reinstall third-party modules (e.g., DKMS drivers).
Step 3: Verify Fixes
Check your kernel version:
uname -r
Ensure it matches the patched versions listed in the table below.
Patched Kernel Versions (Ubuntu 24.04 & 22.04)
| Ubuntu Release | Package | Fixed Version |
|---|---|---|
| 24.04 (Noble) | linux-image-aws | 6.8.0-1031.33 |
linux-image-gcp | 6.8.0-1032.34 | |
linux-image-nvidia | 6.8.0-1030.33 | |
| 22.04 (Jammy) | linux-image-aws | 6.8.0-1031.33~22.04.1 |
linux-image-oracle | 6.8.0-1028.29~22.04.1 |
(Full list available in Ubuntu Security Hub.)
Why This Update Matters for Enterprise Security
🔹 CVE-2025-38001: Netfilter flaw allows privilege escalation.
🔹 CVE-2025-37997: InfiniBand bug enables remote code execution.
🔹 CVE-2025-37798: Traffic control exploit causes kernel panics.
Ubuntu Pro users (free for 5 machines) get 10-year extended security coverage.
FAQ: Linux Kernel Security Updates
❓ Do I need to reboot after updating?
A: ✅ Yes. Kernel updates require a reboot.
❓ What if I use custom kernel modules?
A: ⚠ Recompile them to avoid compatibility issues.
❓ How do I check for unresolved vulnerabilities?
sudo apt list --upgradable
Nenhum comentário:
Postar um comentário