UbuntuUSN-6173-1Linux kernel (OEM) vulnerabilities
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.013 Low
EPSS
Percentile
85.9%
Releases
- Ubuntu 22.04 LTS
Packages
- linux-oem-6.1 - Linux kernel for OEM systems
Details
Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)
It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform data buffer size validation in some
situations. A physically proximate attacker could use this to craft a
malicious USB device that when inserted, could cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1380)
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)
It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A remote attacker could
use this to cause a denial of service (system crash). (CVE-2023-2156)
Zheng Zhang discovered that the device-mapper implementation in the Linux
kernel did not properly handle locking during table_clear() operations. A
local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2023-2269)
Quentin Minster discovered that a race condition existed in the KSMBD
implementation in the Linux kernel when handling sessions operations. A
remote attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-32250)
Quentin Minster discovered that a race condition existed in the KSMBD
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A remote attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-32254)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.04 | noarch | linux-image-oem-22.04c | < 6.1.0.1014.14 | UNKNOWN |
| Ubuntu | 22.04 | noarch | linux-headers-oem-22.04c | < 6.1.0.1014.14 | UNKNOWN |
| Ubuntu | 22.04 | noarch | linux-modules-ipu6-oem-22.04c | < 6.1.0.1014.14 | UNKNOWN |
| Ubuntu | 22.04 | noarch | linux-modules-ivsc-oem-22.04c | < 6.1.0.1014.14 | UNKNOWN |
| Ubuntu | 22.04 | noarch | linux-modules-iwlwifi-oem-22.04c | < 6.1.0.1014.14 | UNKNOWN |
| Ubuntu | 22.04 | noarch | linux-oem-22.04c | < 6.1.0.1014.14 | UNKNOWN |
| Ubuntu | 22.04 | noarch | linux-tools-oem-22.04c | < 6.1.0.1014.14 | UNKNOWN |
| Ubuntu | 22.04 | noarch | linux-image-6.1.0-1014-oem | < 6.1.0-1014.14 | UNKNOWN |
| Ubuntu | 22.04 | noarch | linux-image-6.1.0-1014-oem-dbgsym | < 6.1.0-1014.14 | UNKNOWN |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.013 Low
EPSS
Percentile
85.9%