Ubuntu update for linux-oem-6.0



Published: 2023-09-19
Risk Medium
Patch available YES
Number of vulnerabilities 37
CVE-ID CVE-2022-27672
CVE-2022-4269
CVE-2023-0458
CVE-2023-1075
CVE-2023-1076
CVE-2023-1206
CVE-2023-1380
CVE-2023-1611
CVE-2023-2002
CVE-2023-20593
CVE-2023-2162
CVE-2023-2163
CVE-2023-2235
CVE-2023-2269
CVE-2023-28328
CVE-2023-28466
CVE-2023-2898
CVE-2023-3090
CVE-2023-3141
CVE-2023-31436
CVE-2023-3220
CVE-2023-32269
CVE-2023-3390
CVE-2023-3609
CVE-2023-3610
CVE-2023-3611
CVE-2023-3776
CVE-2023-3777
CVE-2023-3863
CVE-2023-3995
CVE-2023-4004
CVE-2023-4015
CVE-2023-40283
CVE-2023-4128
CVE-2023-4194
CVE-2023-4273
CVE-2023-4569
CWE-ID CWE-1342
CWE-833
CWE-476
CWE-843
CWE-400
CWE-125
CWE-416
CWE-264
CWE-787
CWE-667
CWE-362
CWE-399
CWE-119
CWE-121
CWE-401
Exploitation vector Network
Public exploit Public exploit code for vulnerability #9 is available.
Vulnerable software
Subscribe 		Ubuntu
Operating systems & Components / Operating system

linux-image-oem-22.04b (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.0.0-1021-oem (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 37 vulnerabilities.

1) Cross-thread return address predictions

EUVDB-ID: #VU72470

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27672

CWE-ID: CWE-1342 - Information Exposure through Microarchitectural State after Transient Execution

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosure.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Deadlock

EUVDB-ID: #VU73186

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4269

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the Linux kernel Traffic Control (TC) subsystem. A local user can use a specific network configuration (redirecting egress packets to ingress using TC action "mirred") to trigger a CPU soft lockup.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU76223

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0458

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the do_prlimit() function. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Type Confusion

EUVDB-ID: #VU72700

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1075

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the tls_is_tx_ready() function in the net/tls stack of the Linux Kernel. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Type Confusion

EUVDB-ID: #VU72742

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1076

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error during initialization of TUN/TAP sockets. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource exhaustion

EUVDB-ID: #VU77953

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1206

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU73280

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1380

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Broadcom Full MAC Wi-Fi driver (brcmfmac.ko). A local user can trigger an out-of-bounds read error and read contents of kernel memory on the system.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU75204

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1611

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the btrfs_search_slot() function in fs/btrfs/ctree.c. A local user can trigger a use-after-free error and crash the kernel.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU75163

Risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-2002

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permissions check in the Bluetooth subsystem when handling ioctl system calls of HCI sockets. A local user can acquire a trusted socket, leading to unauthorized execution of management commands.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Use-after-free

EUVDB-ID: #VU78572

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-20593

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in AMD Zen2 processors. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Note, the vulnerability was dubbed Zenbleed.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU75994

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2162

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error within the scsi_sw_tcp_session_create() function in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. A local user can trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds write

EUVDB-ID: #VU79673

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2163

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in BPF verifier caused by improper marking of registers for precision tracking in certain situations. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU75997

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2235

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux Kernel Performance Events system. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper locking

EUVDB-ID: #VU77243

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2269

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack (DoS).

The vulnerability exists due to double-locking error in table_clear in drivers/md/dm-ioctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU74126

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28328

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Race condition

EUVDB-ID: #VU74628

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28466

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition caused by a missing lock_sock call within the do_tls_getsockopt() function in net/tls/tls_main.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU79476

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2898

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the f2fs_write_end_io() function in fs/f2fs/data.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds write

EUVDB-ID: #VU78010

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3090

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ipvlan network driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU77955

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3141

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the r592_remove() function of drivers/memstick/host/r592.c in media access in the Linux kernel. A local user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds write

EUVDB-ID: #VU76098

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-31436

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the qfq_change_class() function in net/sched/sch_qfq.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU78471

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3220

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the dpu_crtc_atomic_check() function in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU76221

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32269

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in net/netrom/af_netrom.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability requires that the system has netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU78007

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3390

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within net/netfilter/nf_tables_api.c in the Linux kernel netfilter subsystem. A local user can trigger a use-after-fee error and escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU78941

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3609

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: cls_u32 component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU78779

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3610

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nf_tables component in Linux kernel netfilter. A local user with CAP_NET_ADMIN capability can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds write

EUVDB-ID: #VU78943

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3611

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the qfq_change_agg() function in net/sched/sch_qfq.c within the Linux kernel net/sched: sch_qfq component. A local user trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU79285

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3776

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the Linux kernel's net/sched: cls_fw component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU80121

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3777

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper handling of table rules flush in certain circumstances within the netfilter subsystem in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack or execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU79479

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3863

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfc_llcp_find_local() function in net/nfc/llcp_core.c in NFC implementation in Linux kernel. A local user can execute arbitrary code with elevated privileges.


Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer overflow

EUVDB-ID: #VU80124

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3995

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/nf_tables_api.c when handling rule additions to bound chains. A local user can trigger memory corruption and execute arbitrary code on the target system.


Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU79498

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4004

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. A local user can execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Buffer overflow

EUVDB-ID: #VU80123

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4015

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/nft_immediate.c when handling bound chain deactivation. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU79714

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40283

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU79486

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4128

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Type Confusion

EUVDB-ID: #VU79485

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4194

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a type confusion error in TUN/TAP functionality. A local user can bypass network filters and gain unauthorized access to some resources.

The vulnerability exists due to incomplete fix for #VU72742 (CVE-2023-1076).

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Stack-based buffer overflow

EUVDB-ID: #VU79487

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4273

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the implementation of the file name reconstruction function in the exFAT driver in Linux kernel. A local user can trigger a stack overflow and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Memory leak

EUVDB-ID: #VU80584

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4569

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the nft_set_catchall_flush() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service attack.

Mitigation

Update the affected package linux-oem-6.0 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04b (Ubuntu package): before 6.0.0.1021.21

linux-image-6.0.0-1021-oem (Ubuntu package): before 6.0.0-1021.21

External links

http://ubuntu.com/security/notices/USN-6385-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###