UbuntuUSN-6819-2Linux kernel vulnerabilities
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
50.6%
Releases
- Ubuntu 23.10
Packages
- linux-aws - Linux kernel for Amazon Web Services (AWS) systems
- linux-oracle - Linux kernel for Oracle Cloud systems
Details
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly validate H2C PDU data, leading to a null pointer
dereference vulnerability. A remote attacker could use this to cause a
denial of service (system crash). (CVE-2023-6356, CVE-2023-6535,
CVE-2023-6536)
Chenyuan Yang discovered that the RDS Protocol implementation in the Linux
kernel contained an out-of-bounds read vulnerability. An attacker could use
this to possibly cause a denial of service (system crash). (CVE-2024-23849)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- Core kernel;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Android drivers;
- Drivers core;
- Power management core;
- Bus devices;
- Device frequency scaling framework;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCMI message protocol;
- GPU drivers;
- IIO ADC drivers;
- InfiniBand drivers;
- IOMMU subsystem;
- Media drivers;
- Multifunction device drivers;
- MTD block device drivers;
- Network drivers;
- NVME drivers;
- Device tree and open firmware driver;
- PCI driver for MicroSemi Switchtec;
- Power supply drivers;
- RPMSG subsystem;
- SCSI drivers;
- QCOM SoC drivers;
- SPMI drivers;
- Thermal drivers;
- TTY drivers;
- VFIO drivers;
- BTRFS file system;
- Ceph distributed file system;
- EFI Variable file system;
- EROFS file system;
- Ext4 file system;
- F2FS file system;
- GFS2 file system;
- JFS file system;
- Network file systems library;
- Network file system server daemon;
- File systems infrastructure;
- Pstore file system;
- ReiserFS file system;
- SMB network file system;
- BPF subsystem;
- Memory management;
- TLS protocol;
- Ethernet bridge;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Logical Link layer;
- MAC80211 subsystem;
- Multipath TCP;
- Netfilter;
- NetLabel subsystem;
- Network traffic control;
- SMC sockets;
- Sun RPC protocol;
- AppArmor security module;
- Intel ASoC drivers;
- MediaTek ASoC drivers;
- USB sound devices;
(CVE-2023-52612, CVE-2024-26808, CVE-2023-52691, CVE-2023-52618,
CVE-2023-52463, CVE-2023-52447, CVE-2024-26668, CVE-2023-52454,
CVE-2024-26670, CVE-2024-26646, CVE-2023-52472, CVE-2024-26586,
CVE-2023-52681, CVE-2023-52453, CVE-2023-52611, CVE-2023-52622,
CVE-2024-26641, CVE-2023-52616, CVE-2024-26592, CVE-2023-52606,
CVE-2024-26620, CVE-2023-52692, CVE-2024-26669, CVE-2023-52623,
CVE-2023-52588, CVE-2024-26616, CVE-2024-26610, CVE-2024-35839,
CVE-2023-52490, CVE-2023-52672, CVE-2024-26612, CVE-2023-52617,
CVE-2023-52697, CVE-2024-26644, CVE-2023-52458, CVE-2023-52598,
CVE-2024-35841, CVE-2023-52664, CVE-2023-52635, CVE-2023-52676,
CVE-2023-52669, CVE-2024-26632, CVE-2023-52486, CVE-2024-26625,
CVE-2023-52608, CVE-2024-26634, CVE-2023-52599, CVE-2024-26618,
CVE-2024-26640, CVE-2023-52489, CVE-2023-52675, CVE-2023-52678,
CVE-2024-26583, CVE-2023-52693, CVE-2023-52498, CVE-2024-26649,
CVE-2023-52670, CVE-2023-52473, CVE-2023-52449, CVE-2023-52667,
CVE-2023-52467, CVE-2023-52686, CVE-2024-26633, CVE-2023-52666,
CVE-2024-35840, CVE-2024-26629, CVE-2024-26595, CVE-2023-52593,
CVE-2023-52687, CVE-2023-52465, CVE-2024-26627, CVE-2023-52493,
CVE-2023-52491, CVE-2024-26636, CVE-2024-26584, CVE-2023-52587,
CVE-2023-52597, CVE-2023-52462, CVE-2023-52633, CVE-2023-52696,
CVE-2024-26585, CVE-2023-52589, CVE-2023-52456, CVE-2023-52470,
CVE-2024-35838, CVE-2024-26645, CVE-2023-52591, CVE-2023-52464,
CVE-2023-52609, CVE-2024-26608, CVE-2023-52450, CVE-2023-52584,
CVE-2023-52469, CVE-2023-52583, CVE-2023-52451, CVE-2023-52495,
CVE-2023-52626, CVE-2023-52595, CVE-2023-52680, CVE-2023-52632,
CVE-2024-26582, CVE-2024-35837, CVE-2023-52494, CVE-2023-52614,
CVE-2023-52443, CVE-2023-52698, CVE-2023-52448, CVE-2024-26615,
CVE-2023-52452, CVE-2023-52492, CVE-2024-26647, CVE-2023-52468,
CVE-2023-52594, CVE-2023-52621, CVE-2024-26638, CVE-2024-26594,
CVE-2024-26673, CVE-2023-52457, CVE-2023-52677, CVE-2023-52607,
CVE-2024-26623, CVE-2023-52488, CVE-2023-52497, CVE-2023-52445,
CVE-2024-26607, CVE-2023-52610, CVE-2024-35842, CVE-2023-52690,
CVE-2023-52683, CVE-2023-52444, CVE-2024-26671, CVE-2023-52455,
CVE-2023-52679, CVE-2024-26598, CVE-2023-52674, CVE-2023-52627,
CVE-2023-52619, CVE-2023-52487, CVE-2023-52446, CVE-2024-35835,
CVE-2023-52682, CVE-2023-52685, CVE-2023-52694, CVE-2024-26631)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 23.10 | noarch | linux-image-6.5.0-1021-aws | < 6.5.0-1021.21 | UNKNOWN |
| Ubuntu | 23.10 | noarch | linux-image-6.5.0-1021-aws-dbgsym | < 6.5.0-1021.21 | UNKNOWN |
| Ubuntu | 23.10 | noarch | linux-image-6.5.0-1024-oracle | < 6.5.0-1024.24 | UNKNOWN |
| Ubuntu | 23.10 | noarch | linux-image-6.5.0-1024-oracle-dbgsym | < 6.5.0-1024.24 | UNKNOWN |
| Ubuntu | 23.10 | noarch | linux-image-6.5.0-1024-oracle-64k | < 6.5.0-1024.24 | UNKNOWN |
| Ubuntu | 23.10 | noarch | linux-image-aws | < 6.5.0.1021.21 | UNKNOWN |
| Ubuntu | 23.10 | noarch | linux-aws | < 6.5.0.1021.21 | UNKNOWN |
| Ubuntu | 23.10 | noarch | linux-headers-aws | < 6.5.0.1021.21 | UNKNOWN |
| Ubuntu | 23.10 | noarch | linux-modules-extra-aws | < 6.5.0.1021.21 | UNKNOWN |
| Ubuntu | 23.10 | noarch | linux-tools-aws | < 6.5.0.1021.21 | UNKNOWN |
References
ubuntu.com/security/CVE-2023-52443
ubuntu.com/security/CVE-2023-52444
ubuntu.com/security/CVE-2023-52445
ubuntu.com/security/CVE-2023-52446
ubuntu.com/security/CVE-2023-52447
ubuntu.com/security/CVE-2023-52448
ubuntu.com/security/CVE-2023-52449
ubuntu.com/security/CVE-2023-52450
ubuntu.com/security/CVE-2023-52451
ubuntu.com/security/CVE-2023-52452
ubuntu.com/security/CVE-2023-52453
ubuntu.com/security/CVE-2023-52454
ubuntu.com/security/CVE-2023-52455
ubuntu.com/security/CVE-2023-52456
ubuntu.com/security/CVE-2023-52457
ubuntu.com/security/CVE-2023-52458
ubuntu.com/security/CVE-2023-52462
ubuntu.com/security/CVE-2023-52463
ubuntu.com/security/CVE-2023-52464
ubuntu.com/security/CVE-2023-52465
ubuntu.com/security/CVE-2023-52467
ubuntu.com/security/CVE-2023-52468
ubuntu.com/security/CVE-2023-52469
ubuntu.com/security/CVE-2023-52470
ubuntu.com/security/CVE-2023-52472
ubuntu.com/security/CVE-2023-52473
ubuntu.com/security/CVE-2023-52486
ubuntu.com/security/CVE-2023-52487
ubuntu.com/security/CVE-2023-52488
ubuntu.com/security/CVE-2023-52489
ubuntu.com/security/CVE-2023-52490
ubuntu.com/security/CVE-2023-52491
ubuntu.com/security/CVE-2023-52492
ubuntu.com/security/CVE-2023-52493
ubuntu.com/security/CVE-2023-52494
ubuntu.com/security/CVE-2023-52495
ubuntu.com/security/CVE-2023-52497
ubuntu.com/security/CVE-2023-52498
ubuntu.com/security/CVE-2023-52583
ubuntu.com/security/CVE-2023-52584
ubuntu.com/security/CVE-2023-52587
ubuntu.com/security/CVE-2023-52588
ubuntu.com/security/CVE-2023-52589
ubuntu.com/security/CVE-2023-52591
ubuntu.com/security/CVE-2023-52593
ubuntu.com/security/CVE-2023-52594
ubuntu.com/security/CVE-2023-52595
ubuntu.com/security/CVE-2023-52597
ubuntu.com/security/CVE-2023-52598
ubuntu.com/security/CVE-2023-52599
ubuntu.com/security/CVE-2023-52606
ubuntu.com/security/CVE-2023-52607
ubuntu.com/security/CVE-2023-52608
ubuntu.com/security/CVE-2023-52609
ubuntu.com/security/CVE-2023-52610
ubuntu.com/security/CVE-2023-52611
ubuntu.com/security/CVE-2023-52612
ubuntu.com/security/CVE-2023-52614
ubuntu.com/security/CVE-2023-52616
ubuntu.com/security/CVE-2023-52617
ubuntu.com/security/CVE-2023-52618
ubuntu.com/security/CVE-2023-52619
ubuntu.com/security/CVE-2023-52621
ubuntu.com/security/CVE-2023-52622
ubuntu.com/security/CVE-2023-52623
ubuntu.com/security/CVE-2023-52626
ubuntu.com/security/CVE-2023-52627
ubuntu.com/security/CVE-2023-52632
ubuntu.com/security/CVE-2023-52633
ubuntu.com/security/CVE-2023-52635
ubuntu.com/security/CVE-2023-52664
ubuntu.com/security/CVE-2023-52666
ubuntu.com/security/CVE-2023-52667
ubuntu.com/security/CVE-2023-52669
ubuntu.com/security/CVE-2023-52670
ubuntu.com/security/CVE-2023-52672
ubuntu.com/security/CVE-2023-52674
ubuntu.com/security/CVE-2023-52675
ubuntu.com/security/CVE-2023-52676
ubuntu.com/security/CVE-2023-52677
ubuntu.com/security/CVE-2023-52678
ubuntu.com/security/CVE-2023-52679
ubuntu.com/security/CVE-2023-52680
ubuntu.com/security/CVE-2023-52681
ubuntu.com/security/CVE-2023-52682
ubuntu.com/security/CVE-2023-52683
ubuntu.com/security/CVE-2023-52685
ubuntu.com/security/CVE-2023-52686
ubuntu.com/security/CVE-2023-52687
ubuntu.com/security/CVE-2023-52690
ubuntu.com/security/CVE-2023-52691
ubuntu.com/security/CVE-2023-52692
ubuntu.com/security/CVE-2023-52693
ubuntu.com/security/CVE-2023-52694
ubuntu.com/security/CVE-2023-52696
ubuntu.com/security/CVE-2023-52697
ubuntu.com/security/CVE-2023-52698
ubuntu.com/security/CVE-2023-6356
ubuntu.com/security/CVE-2023-6535
ubuntu.com/security/CVE-2023-6536
ubuntu.com/security/CVE-2024-23849
ubuntu.com/security/CVE-2024-24860
ubuntu.com/security/CVE-2024-26582
ubuntu.com/security/CVE-2024-26583
ubuntu.com/security/CVE-2024-26584
ubuntu.com/security/CVE-2024-26585
ubuntu.com/security/CVE-2024-26586
ubuntu.com/security/CVE-2024-26592
ubuntu.com/security/CVE-2024-26594
ubuntu.com/security/CVE-2024-26595
ubuntu.com/security/CVE-2024-26598
ubuntu.com/security/CVE-2024-26607
ubuntu.com/security/CVE-2024-26608
ubuntu.com/security/CVE-2024-26610
ubuntu.com/security/CVE-2024-26612
ubuntu.com/security/CVE-2024-26615
ubuntu.com/security/CVE-2024-26616
ubuntu.com/security/CVE-2024-26618
ubuntu.com/security/CVE-2024-26620
ubuntu.com/security/CVE-2024-26623
ubuntu.com/security/CVE-2024-26625
ubuntu.com/security/CVE-2024-26627
ubuntu.com/security/CVE-2024-26629
ubuntu.com/security/CVE-2024-26631
ubuntu.com/security/CVE-2024-26632
ubuntu.com/security/CVE-2024-26633
ubuntu.com/security/CVE-2024-26634
ubuntu.com/security/CVE-2024-26636
ubuntu.com/security/CVE-2024-26638
ubuntu.com/security/CVE-2024-26640
ubuntu.com/security/CVE-2024-26641
ubuntu.com/security/CVE-2024-26644
ubuntu.com/security/CVE-2024-26645
ubuntu.com/security/CVE-2024-26646
ubuntu.com/security/CVE-2024-26647
ubuntu.com/security/CVE-2024-26649
ubuntu.com/security/CVE-2024-26668
ubuntu.com/security/CVE-2024-26669
ubuntu.com/security/CVE-2024-26670
ubuntu.com/security/CVE-2024-26671
ubuntu.com/security/CVE-2024-26673
ubuntu.com/security/CVE-2024-26808
ubuntu.com/security/CVE-2024-35835
ubuntu.com/security/CVE-2024-35837
ubuntu.com/security/CVE-2024-35838
ubuntu.com/security/CVE-2024-35839
ubuntu.com/security/CVE-2024-35840
ubuntu.com/security/CVE-2024-35841
ubuntu.com/security/CVE-2024-35842
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
50.6%