📖 ~4 min read • Source: Ubuntu Security Notice USN-6922-2
Related CVEs: CVE-2024-24857 CVE-2024-24858 CVE-2024-24859 CVE-2024-25739 CVE-2023-52631 CVE-2023-52637 CVE-2023-52638 CVE-2023-52642 +12 more
Upstream summary: It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly us
Table of contents
Symptom & Impact
On Ubuntu 22.04 hosts running linux-lowlatency-hwe-6.5, administrators report behaviour consistent with Ubuntu Security Notice USN-6922-2: apt refusing to install or restart affected services, AppArmor denials in journalctl -k, and — for security-rated advisories — exposure to the vulnerability set above. In production estates the visible impact ranges from a single service restart to wider availability incidents whenever linux-lowlatency-hwe-6.5 sits on the serving path.
Environment & Reproduction
Reproduction targets Ubuntu 22.04. Confirm release with lsb_release -a and cat /etc/os-release, and the currently installed package with dpkg -l linux-lowlatency-hwe-6.5 and apt-cache policy linux-lowlatency-hwe-6.5. Capture system state with sudo ubuntu-bug linux-lowlatency-hwe-6.5 or sudo apport-collect for an evidence bundle. Trigger the workflow that exposes linux-lowlatency-hwe-6.5 — multiple vulnerabilities (20 CVEs) — patch and remediation guide while collecting journalctl -b, /var/log/apt/history.log, and dpkg -l output.
Root Cause Analysis
Root cause is documented in Ubuntu Security Notice USN-6922-2. Canonical security maintainers shipped fixes in the corresponding linux-lowlatency-hwe-6.5 update for Ubuntu 22.04; running an outdated build leaves the host exposed to the failure modes described in the advisory. Correlate journalctl --since timestamps with apt history (/var/log/apt/history.log) and any AppArmor denials in /var/log/syslog to isolate the originating change.
Quick Triage
Quick triage: run systemctl status linux-lowlatency-hwe-6.5, journalctl -u linux-lowlatency-hwe-6.5 -n 200, sudo apt update && apt list --upgradable, sudo ufw status verbose, and sudo aa-status. If AppArmor is in enforce mode, capture journalctl -k | grep apparmor to surface denials linked to linux-lowlatency-hwe-6.5 — multiple vulnerabilities (20 CVEs) — patch and remediation guide.
Step-by-Step Diagnosis
1) Confirm symptom with systemctl --failed. 2) Inspect logs: journalctl -xe and journalctl -u linux-lowlatency-hwe-6.5. 3) Validate firewall: sudo ufw status numbered. 4) Check AppArmor: sudo aa-status and journalctl -k | grep apparmor. 5) Verify package integrity: dpkg -V linux-lowlatency-hwe-6.5 and sudo apt install --reinstall linux-lowlatency-hwe-6.5. 6) Correlate findings with apt list --installed linux-lowlatency-hwe-6.5, /var/log/apt/history.log, and Ubuntu Security Notice USN-6922-2 to pin the change that introduced linux-lowlatency-hwe-6.5 — multiple vulnerabilities (20 CVEs) — patch and remediation guide.
Solution – Primary Fix
Primary fix for linux-lowlatency-hwe-6.5 — multiple vulnerabilities (20 CVEs) — patch and remediation guide: apply the corrective apt transaction described in Ubuntu Security Notice USN-6922-2, reload the affected systemd unit, and reconcile UFW / AppArmor state. Typical commands: sudo apt update, sudo apt -y install --only-upgrade linux-lowlatency-hwe-6.5 or sudo unattended-upgrade -v, sudo systemctl daemon-reload, sudo systemctl restart linux-lowlatency-hwe-6.5, then dpkg -l linux-lowlatency-hwe-6.5 to validate the new build is installed. For kernel advisories add sudo reboot or apply Ubuntu Livepatch (canonical-livepatch status) where covered by your Ubuntu Pro subscription.
Need help rolling this patch across an Ubuntu fleet? Our IT Solutions & Services team manages Ubuntu patch windows with zero-downtime change controls and Ubuntu Pro / Landscape integration. Get in touch for a free consultation.
Solution – Alternative Approaches
Alternatives include pinning a known-good version via /etc/apt/preferences.d/linux-lowlatency-hwe-6.5.pref with apt-mark hold linux-lowlatency-hwe-6.5, rolling back with sudo apt install linux-lowlatency-hwe-6.5=<old-version>, rotating UFW rules with sudo ufw reload, switching AppArmor profiles to complain mode (sudo aa-complain /etc/apparmor.d/usr.bin.linux-lowlatency-hwe-6.5) to confirm policy is the cause before authoring a custom profile, or applying Canonical Livepatch fixes via canonical-livepatch refresh where Ubuntu Pro is subscribed.
Verification & Acceptance Criteria
Acceptance: dpkg -l linux-lowlatency-hwe-6.5 shows the expected fixed version, systemctl is-active linux-lowlatency-hwe-6.5 returns active, journalctl -u linux-lowlatency-hwe-6.5 --since "5 minutes ago" shows no errors, apt list --upgradable no longer lists the advisory, sudo ufw status shows required services, sudo aa-status reports the intended profile mode, and the original reproduction steps for linux-lowlatency-hwe-6.5 — multiple vulnerabilities (20 CVEs) — patch and remediation guide no longer trigger the failure across two consecutive runs.
Rollback Plan
Capture state with apt list --installed > /root/apt-pre.txt, dpkg --get-selections > /root/dpkg-pre.txt, and where available sudo zfs snapshot rpool/ROOT/ubuntu@pre-linux-lowlatency-hwe-6-5 on ZFS-on-root installs. To revert, run sudo apt install --allow-downgrades linux-lowlatency-hwe-6.5=<old-version> and reload systemctl daemon-reload. Remove custom AppArmor profiles with sudo apparmor_parser -R. Reboot if the kernel or initramfs changed and re-verify symptoms.
Prevention & Hardening
Prevent recurrence by enabling unattended-upgrades with Unattended-Upgrade::Allowed-Origins tuned to ${distro_id}:${distro_codename}-security, subscribing to the ubuntu-security-announce mailing list, mirroring through Landscape / a local apt-mirror for controlled rollouts, version-locking sensitive packages, and monitoring file integrity with aide --check. Apply CIS Ubuntu hardening, keep AppArmor in enforce, and enable Canonical Livepatch under Ubuntu Pro so kernel advisories can be remediated without reboot.
Related Errors & Cross-Refs
Related issues that commonly surface alongside linux-lowlatency-hwe-6.5 — multiple vulnerabilities (20 CVEs) — patch and remediation guide: apt lock contention (dpkg --configure -a), systemd unit ordering cycles, AppArmor denials in journalctl -k, UFW zone drift, and kernel taint flags in cat /proc/sys/kernel/tainted. See sibling common-problem articles in this Ubuntu 22.04 series for adjacent failure modes.
View all ubuntu-22-04 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
Primary reference: Ubuntu Security Notice USN-6922-2. Supporting docs: Ubuntu Server Guide, man apt, man systemctl, man ufw, man aa-status, man apparmor, man journalctl, the Ubuntu CVE Tracker at ubuntu.com/security/cves, and Canonical Livepatch docs. Review /usr/share/doc/linux-lowlatency-hwe-6.5/ for component-level notes implicated in linux-lowlatency-hwe-6.5 — multiple vulnerabilities (20 CVEs) — patch and remediation guide.
