Ubuntu update for linux-oem-6.1

1) Division by zero

EUVDB-ID: #VU79239

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-20588

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a divide by zero error that can return speculative data. A local user can gain access to potentially sensitive information.

Mitigation

Update the affected package linux-oem-6.1 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04c (Ubuntu package): before 6.1.0.1022.22

linux-image-6.1.0-1022-oem (Ubuntu package): before 6.1.0-1022.22+1

Fixed software versions

CPE2.3

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*

External links

http://ubuntu.com/security/notices/USN-6384-1

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Memory leak

EUVDB-ID: #VU80584

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-4569

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the nft_set_catchall_flush() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service attack.

Mitigation

Update the affected package linux-oem-6.1 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04c (Ubuntu package): before 6.1.0.1022.22

linux-image-6.1.0-1022-oem (Ubuntu package): before 6.1.0-1022.22+1

Fixed software versions

CPE2.3

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*

External links

http://ubuntu.com/security/notices/USN-6384-1

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?