UbuntuUSN-6502-1Linux kernel vulnerabilities
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.8%
Releases
- Ubuntu 23.04
- Ubuntu 22.04 LTS
Packages
- linux - Linux kernel
- linux-aws - Linux kernel for Amazon Web Services (AWS) systems
- linux-aws-6.2 - Linux kernel for Amazon Web Services (AWS) systems
- linux-hwe-6.2 - Linux hardware enablement (HWE) kernel
- linux-kvm - Linux kernel for cloud environments
- linux-lowlatency - Linux low latency kernel
- linux-lowlatency-hwe-6.2 - Linux low latency kernel
- linux-raspi - Linux kernel for Raspberry Pi systems
- linux-starfive - Linux kernel for StarFive processors
Details
Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem
discovered that the InfiniBand RDMA driver in the Linux kernel did not
properly check for zero-length STAG or MR registration. A remote attacker
could possibly use this to execute arbitrary code. (CVE-2023-25775)
Yu Hao discovered that the UBI driver in the Linux kernel did not properly
check for MTD with zero erasesize during device attachment. A local
privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-31085)
Manfred Rudigier discovered that the IntelĀ® PCI-Express Gigabit (igb)
Ethernet driver in the Linux kernel did not properly validate received
frames that are larger than the set MTU size, leading to a buffer overflow
vulnerability. An attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-45871)
Maxim Levitsky discovered that the KVM nested virtualization (SVM)
implementation for AMD processors in the Linux kernel did not properly
handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a
denial of service (host kernel crash). (CVE-2023-5090)
It was discovered that the SMB network file sharing protocol implementation
in the Linux kernel did not properly handle certain error conditions,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-5345)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.04 | noarch | linux-image-6.2.0-1009-starfive | <Ā 6.2.0-1009.10 | UNKNOWN |
| Ubuntu | 23.04 | noarch | linux-buildinfo-6.2.0-1009-starfive | <Ā 6.2.0-1009.10 | UNKNOWN |
| Ubuntu | 23.04 | noarch | linux-headers-6.2.0-1009-starfive | <Ā 6.2.0-1009.10 | UNKNOWN |
| Ubuntu | 23.04 | noarch | linux-image-6.2.0-1009-starfive-dbgsym | <Ā 6.2.0-1009.10 | UNKNOWN |
| Ubuntu | 23.04 | noarch | linux-modules-6.2.0-1009-starfive | <Ā 6.2.0-1009.10 | UNKNOWN |
| Ubuntu | 23.04 | noarch | linux-modules-extra-6.2.0-1009-starfive | <Ā 6.2.0-1009.10 | UNKNOWN |
| Ubuntu | 23.04 | noarch | linux-starfive-headers-6.2.0-1009 | <Ā 6.2.0-1009.10 | UNKNOWN |
| Ubuntu | 23.04 | noarch | linux-starfive-tools-6.2.0-1009 | <Ā 6.2.0-1009.10 | UNKNOWN |
| Ubuntu | 23.04 | noarch | linux-tools-6.2.0-1009-starfive | <Ā 6.2.0-1009.10 | UNKNOWN |
| Ubuntu | 23.04 | noarch | linux-image-6.2.0-1016-aws | <Ā 6.2.0-1016.16 | UNKNOWN |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.8%