Ubuntu update for linux-intel-iotg



Published: 2023-05-05 | Updated: 2023-06-26
Risk Medium
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2022-4129
CVE-2022-47929
CVE-2022-4842
CVE-2023-0386
CVE-2023-0394
CVE-2023-1073
CVE-2023-1074
CVE-2023-1281
CVE-2023-1652
CVE-2023-26545
CWE-ID CWE-476
CWE-264
CWE-119
CWE-401
CWE-416
CWE-415
Exploitation vector Local
Public exploit Public exploit code for vulnerability #4 is available.
Vulnerable software
Subscribe 		Ubuntu
Operating systems & Components / Operating system

linux-image-intel-iotg (Ubuntu package)
/

linux-image-5.15.0-1028-intel-iotg (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU70486

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4129

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

Mitigation

Update the affected package linux-intel-iotg to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27

linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33

External links

http://ubuntu.com/security/notices/USN-6057-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU71479

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47929

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the traffic control subsystem in Linux kernel. A local user can pass pass a specially crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-intel-iotg to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27

linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33

External links

http://ubuntu.com/security/notices/USN-6057-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU72467

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4842

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the attr_punch_hole() () function in Linux kernel NTFS3 driver. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-intel-iotg to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27

linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33

External links

http://ubuntu.com/security/notices/USN-6057-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU74410

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-0386

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to unauthorized access to execution of setuid files in OverlayFS subsystem when copying a capable file from a nosuid mount into another mount. A local user can execute arbitrary code with root privileges.

Mitigation

Update the affected package linux-intel-iotg to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27

linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33

External links

http://ubuntu.com/security/notices/USN-6057-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) NULL pointer dereference

EUVDB-ID: #VU71352

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0394

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-intel-iotg to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27

linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33

External links

http://ubuntu.com/security/notices/USN-6057-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU74123

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1073

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to a boundary error in the Linux kernel human interface device (HID) subsystem. An attacker with physical access to the system can insert in a specific way malicious USB device, trigger memory corruption and execute arbitrary code.

Mitigation

Update the affected package linux-intel-iotg to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27

linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33

External links

http://ubuntu.com/security/notices/USN-6057-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU74124

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1074

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in Linux kernel Stream Control Transmission Protocol. A local user can start a malicious network service and then connect to remotely, forcing the kernel to leak memory.

Mitigation

Update the affected package linux-intel-iotg to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27

linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33

External links

http://ubuntu.com/security/notices/USN-6057-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU74122

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1281

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Linux kernel traffic control index filter (tcindex) when the tcf_exts_exec() function is called with the destroyed tcf_ext. A local user attacker can trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package linux-intel-iotg to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27

linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33

External links

http://ubuntu.com/security/notices/USN-6057-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU74770

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1652

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfsd4_ssc_setup_dul() function in fs/nfsd/nfs4proc.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package linux-intel-iotg to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27

linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33

External links

http://ubuntu.com/security/notices/USN-6057-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Double Free

EUVDB-ID: #VU73766

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-26545

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a double free in net/mpls/af_mpls.c during the renaming of a device. A local user can trigger a double free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-intel-iotg to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27

linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33

External links

http://ubuntu.com/security/notices/USN-6057-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###