Lucene search

UbuntuUSN-6024-1

HistoryApr 19, 2023 - 12:00 a.m.

Linux kernel vulnerabilities

2023-04-1900:00:00

ubuntu.com

ubuntu

linux kernel

security vulnerability

use-after-free

denial of service

arbitrary code

null pointer

race condition

double-free

out-of-bounds read

sensitive information

aws

microsoft azure cloud

google cloud platform (gcp)

oracle cloud

raspberry pi

hwe kernel

cloud environments

low latency kernel

io_uring subsystem

sgi gru driver

dvb core driver

network queuing discipline

module decompression

mpls implementation

ntfs file system

dvb usb az6027 driver

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

31.6%

JSON

Releases

Ubuntu 22.10
Ubuntu 22.04 LTS

Packages

linux - Linux kernel
linux-aws - Linux kernel for Amazon Web Services (AWS) systems
linux-azure - Linux kernel for Microsoft Azure Cloud systems
linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
linux-hwe-5.19 - Linux hardware enablement (HWE) kernel
linux-kvm - Linux kernel for cloud environments
linux-lowlatency - Linux low latency kernel
linux-oracle - Linux kernel for Oracle Cloud systems
linux-raspi - Linux kernel for Raspberry Pi systems

Details

It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)

Lin Ma discovered a race condition in the io_uring subsystem in the Linux
kernel, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-0468)

It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)

Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not
properly perform reference counting in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2022-41218)

It was discovered that the network queuing discipline implementation in the
Linux kernel contained a null pointer dereference in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2022-47929)

Thadeu Cascardo discovered that the io_uring subsystem contained a double-
free vulnerability in certain memory allocation error conditions. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2023-1032)

It was discovered that the module decompression implementation in the Linux
kernel did not properly handle return values in certain error conditions. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-22997)

Lianhui Tang discovered that the MPLS implementation in the Linux kernel
did not properly handle certain sysctl allocation failure conditions,
leading to a double-free vulnerability. An attacker could use this to cause
a denial of service or possibly execute arbitrary code. (CVE-2023-26545)

It was discovered that the NTFS file system implementation in the Linux
kernel did not properly handle a loop termination condition, leading to an
out-of-bounds read vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-26606)

Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel
contained a null pointer dereference when handling certain messages from
user space. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-28328)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.10noarchlinux-image-5.19.0-40-generic-64k< 5.19.0-40.41UNKNOWN
Ubuntu22.10noarchlinux-image-5.19.0-40-generic< 5.19.0-40.41UNKNOWN
Ubuntu22.10noarchlinux-image-5.19.0-40-generic-dbgsym< 5.19.0-40.41UNKNOWN
Ubuntu22.10noarchlinux-image-virtual< 5.19.0.40.36UNKNOWN
Ubuntu22.10noarchlinux-cloud-tools-generic< 5.19.0.40.36UNKNOWN
Ubuntu22.10noarchlinux-cloud-tools-generic-hwe-22.04< 5.19.0.40.36UNKNOWN
Ubuntu22.10noarchlinux-cloud-tools-generic-hwe-22.04-edge< 5.19.0.40.36UNKNOWN
Ubuntu22.10noarchlinux-cloud-tools-virtual< 5.19.0.40.36UNKNOWN
Ubuntu22.10noarchlinux-cloud-tools-virtual-hwe-22.04< 5.19.0.40.36UNKNOWN
Ubuntu22.10noarchlinux-cloud-tools-virtual-hwe-22.04-edge< 5.19.0.40.36UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	22.10	noarch	linux-image-5.19.0-40-generic-64k	< 5.19.0-40.41	UNKNOWN
Ubuntu	22.10	noarch	linux-image-5.19.0-40-generic	< 5.19.0-40.41	UNKNOWN
Ubuntu	22.10	noarch	linux-image-5.19.0-40-generic-dbgsym	< 5.19.0-40.41	UNKNOWN
Ubuntu	22.10	noarch	linux-image-virtual	< 5.19.0.40.36	UNKNOWN
Ubuntu	22.10	noarch	linux-cloud-tools-generic	< 5.19.0.40.36	UNKNOWN
Ubuntu	22.10	noarch	linux-cloud-tools-generic-hwe-22.04	< 5.19.0.40.36	UNKNOWN
Ubuntu	22.10	noarch	linux-cloud-tools-generic-hwe-22.04-edge	< 5.19.0.40.36	UNKNOWN
Ubuntu	22.10	noarch	linux-cloud-tools-virtual	< 5.19.0.40.36	UNKNOWN
Ubuntu	22.10	noarch	linux-cloud-tools-virtual-hwe-22.04	< 5.19.0.40.36	UNKNOWN
Ubuntu	22.10	noarch	linux-cloud-tools-virtual-hwe-22.04-edge	< 5.19.0.40.36	UNKNOWN