UbuntuUSN-5884-1Linux kernel (AWS) vulnerabilities
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.9%
Releases
- Ubuntu 16.04 ESM
Packages
- linux-aws - Linux kernel for Amazon Web Services (AWS) systems
Details
Kirill Tkhai discovered that the XFS file system implementation in the
Linux kernel did not calculate size correctly when pre-allocating space in
some situations. A local attacker could use this to expose sensitive
information. (CVE-2021-4155)
Lee Jones discovered that a use-after-free vulnerability existed in the
Bluetooth implementation in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-20566)
Duoming Zhou discovered that a race condition existed in the SLIP driver in
the Linux kernel, leading to a null pointer dereference vulnerability. An
attacker could use this to cause a denial of service (system crash).
(CVE-2022-41858)
Tamás Koczka discovered that the Bluetooth L2CAP implementation in the
Linux kernel did not properly initialize memory in some situations. A
physically proximate attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2022-42895)
José Oliveira and Rodrigo Branco discovered that the prctl syscall
implementation in the Linux kernel did not properly protect against
indirect branch prediction attacks in some situations. A local attacker
could possibly use this to expose sensitive information. (CVE-2023-0045)
It was discovered that the RNDIS USB driver in the Linux kernel contained
an integer overflow vulnerability. A local attacker with physical access
could plug in a malicious USB device to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2023-23559)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 16.04 | noarch | linux-image-4.4.0-1154-aws | < 4.4.0-1154.169 | UNKNOWN |
| Ubuntu | 16.04 | noarch | linux-aws-cloud-tools-4.4.0-1128 | < 4.4.0-1128.142 | UNKNOWN |
| Ubuntu | 16.04 | noarch | linux-aws-headers-4.4.0-1128 | < 4.4.0-1128.142 | UNKNOWN |
| Ubuntu | 16.04 | noarch | linux-aws-tools-4.4.0-1128 | < 4.4.0-1128.142 | UNKNOWN |
| Ubuntu | 16.04 | noarch | linux-buildinfo-4.4.0-1128-aws | < 4.4.0-1128.142 | UNKNOWN |
| Ubuntu | 16.04 | noarch | linux-cloud-tools-4.4.0-1128-aws | < 4.4.0-1128.142 | UNKNOWN |
| Ubuntu | 16.04 | noarch | linux-headers-4.4.0-1128-aws | < 4.4.0-1128.142 | UNKNOWN |
| Ubuntu | 16.04 | noarch | linux-image-4.4.0-1128-aws | < 4.4.0-1128.142 | UNKNOWN |
| Ubuntu | 16.04 | noarch | linux-image-4.4.0-1128-aws-dbgsym | < 4.4.0-1128.142 | UNKNOWN |
| Ubuntu | 16.04 | noarch | linux-modules-4.4.0-1128-aws | < 4.4.0-1128.142 | UNKNOWN |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
57.9%