Lucene search
UbuntuUSN-6043-1HistoryApr 26, 2023 - 12:00 a.m.
Linux kernel vulnerabilities
2023-04-2600:00:00
ubuntu.com
116
ubuntu
linux kernel
security vulnerabilities
traffic-control index
tcindex
overlayfs
elevated privileges
cve-2023-1829
cve-2023-0386
amazon web services
aws
microsoft azure cloud
google cloud platform
gcp
linux hardware enablement
hwe kernel
ibm cloud
kvm
cloud environments
low latency kernel
oracle cloud
raspberry pi
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.9
Confidence
High
EPSS
0.002
Percentile
61.0%
Releases
- Ubuntu 22.10
- Ubuntu 22.04 LTS
Packages
- linux - Linux kernel
- linux-aws - Linux kernel for Amazon Web Services (AWS) systems
- linux-azure - Linux kernel for Microsoft Azure Cloud systems
- linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-5.19 - Linux hardware enablement (HWE) kernel
- linux-ibm - Linux kernel for IBM cloud systems
- linux-kvm - Linux kernel for cloud environments
- linux-lowlatency - Linux low latency kernel
- linux-oracle - Linux kernel for Oracle Cloud systems
- linux-raspi - Linux kernel for Raspberry Pi systems
Details
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel did not properly perform filter deactivation in some
situations. A local attacker could possibly use this to gain elevated
privileges. Please note that with the fix for this CVE, kernel support for
the TCINDEX classifier has been removed. (CVE-2023-1829)
It was discovered that the OverlayFS implementation in the Linux kernel did
not properly handle copy up operation in some conditions. A local attacker
could possibly use this to gain elevated privileges. (CVE-2023-0386)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.10 | noarch | linux-image-5.19.0-41-generic-64k | < 5.19.0-41.42 | UNKNOWN |
| Ubuntu | 22.10 | noarch | linux-image-5.19.0-41-generic | < 5.19.0-41.42 | UNKNOWN |
| Ubuntu | 22.10 | noarch | linux-image-5.19.0-41-generic-dbgsym | < 5.19.0-41.42 | UNKNOWN |
| Ubuntu | 22.10 | noarch | linux-image-virtual | < 5.19.0.41.37 | UNKNOWN |
| Ubuntu | 22.10 | noarch | linux-cloud-tools-generic | < 5.19.0.41.37 | UNKNOWN |
| Ubuntu | 22.10 | noarch | linux-cloud-tools-generic-hwe-22.04 | < 5.19.0.41.37 | UNKNOWN |
| Ubuntu | 22.10 | noarch | linux-cloud-tools-generic-hwe-22.04-edge | < 5.19.0.41.37 | UNKNOWN |
| Ubuntu | 22.10 | noarch | linux-cloud-tools-virtual | < 5.19.0.41.37 | UNKNOWN |
| Ubuntu | 22.10 | noarch | linux-cloud-tools-virtual-hwe-22.04 | < 5.19.0.41.37 | UNKNOWN |
| Ubuntu | 22.10 | noarch | linux-cloud-tools-virtual-hwe-22.04-edge | < 5.19.0.41.37 | UNKNOWN |
Related
nessus
nessus
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6043-1)
2023-04-26 00:00:00
RHEL 9 : kpatch-patch (RHSA-2023:1681)
2023-04-15 00:00:00
RHEL 9 : kernel-rt (RHSA-2023:1980)
2023-04-25 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6043-1)
2023-04-27 00:00:00
Ubuntu: Security Advisory (USN-6047-1)
2023-04-28 00:00:00
Ubuntu: Security Advisory (USN-6069-1)
2023-05-11 00:00:00
osv
osv
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities
2023-04-26 13:39:51
Important: kernel-rt security and bug fix update
2023-04-11 00:00:00
suse-module-tools-16.0.36-1.1 on GA media
2024-06-15 00:00:00
cve
cve
CVE-2023-0386
2023-03-22 21:15:18
CVE-2023-1829
2023-04-12 12:15:07
redhat
redhat
(RHSA-2023:1703) Important: kernel security and bug fix update
2023-04-11 13:44:29
(RHSA-2023:1984) Important: kpatch-patch security update
2023-04-25 10:02:44
(RHSA-2023:1980) Important: kernel-rt security and bug fix update
2023-04-25 09:58:17
almalinux
almalinux
Important: kernel security and bug fix update
2023-04-11 00:00:00
Important: kernel-rt security and bug fix update
2023-04-11 00:00:00
Important: kernel security, bug fix, and enhancement update
2023-04-04 00:00:00
githubexploit
githubexploit
Exploit for Improper Ownership Management in Linux Linux Kernel
2023-12-23 11:01:55
Exploit for Improper Ownership Management in Linux Linux Kernel
2023-05-16 10:26:10
Exploit for Improper Ownership Management in Linux Linux Kernel
2024-04-05 05:47:00
prion
prion
Design/Logic Flaw
2023-03-22 21:15:00
Design/Logic Flaw
2023-04-12 12:15:00
cbl_mariner
cbl_mariner
CVE-2023-0386 affecting package kernel 5.10.183.1-1
2023-07-28 23:16:55
CVE-2023-1829 affecting package kernel 5.10.174.1-1
2023-05-03 19:35:26
CVE-2023-1829 affecting package kernel for versions less than 5.15.107.1-2
2023-05-03 16:08:28
nvd
nvd
CVE-2023-0386
2023-03-22 21:15:18
CVE-2023-1829
2023-04-12 12:15:07
ubuntucve
ubuntucve
CVE-2023-0386
2023-03-22 00:00:00
CVE-2023-1829
2023-04-12 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2023-04-12 00:00:00
kernel security, bug fix, and enhancement update
2023-04-05 00:00:00
metasploit
metasploit
Local Privilege Escalation via CVE-2023-0386
2024-09-05 13:54:55
zdi
zdi
f5
f5
K000137584 : Linux kernel vulnerability CVE-2023-1829
2023-11-15 00:00:00
redhatcve
redhatcve
packetstorm
packetstorm
Linux OverlayFS Local Privilege Escalation
2024-09-27 00:00:00
debiancve
debiancve
CVE-2023-1829
2023-04-12 12:15:07
CVE-2023-0386
2023-03-22 21:15:18
cvelist
cvelist
CVE-2023-1829 Use-after-free in tcindex (traffic control index filter) in the Linux Kernel
2023-04-12 11:16:59
CVE-2023-0386
2023-03-22 00:00:00
ubuntu
ubuntu
Linux kernel vulnerability
2023-04-27 00:00:00
Linux kernel vulnerability
2023-05-01 00:00:00
Linux kernel vulnerability
2023-05-05 00:00:00
debian
debian
[SECURITY] [DSA 5402-1] linux security update
2023-05-13 11:20:28
[SECURITY] [DLA 3446-1] linux-5.10 security update
2023-06-05 18:45:37
rocky
rocky
kernel-rt security and bug fix update
2023-04-26 15:28:18
kernel security, bug fix, and enhancement update
2023-04-06 15:52:32
kernel security, bug fix, and enhancement update
2023-05-05 15:42:05
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.9
Confidence
High
EPSS
0.002
Percentile
61.0%
Related for USN-6043-1