Risk | Low |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2023-20588 CVE-2023-40283 CVE-2023-4128 |
CWE-ID | CWE-369 CWE-416 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-bluefield (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1094-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1071-bluefield (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component |
Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU79239
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2023-20588
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a divide by zero error that can return speculative data. A local user can gain access to potentially sensitive information.
Update the affected package linux-bluefield to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi2 (Ubuntu package): before 5.4.0.1094.124
linux-image-raspi (Ubuntu package): before 5.4.0.1094.124
linux-image-bluefield (Ubuntu package): before 5.4.0.1071.66
linux-image-5.4.0-1094-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1071-bluefield (Ubuntu package): before 5.4.0-1071.77
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
Fixed software versionsCPE2.3 External links
http://ubuntu.com/security/notices/USN-6387-2
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU79714
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2023-40283
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package linux-bluefield to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi2 (Ubuntu package): before 5.4.0.1094.124
linux-image-raspi (Ubuntu package): before 5.4.0.1094.124
linux-image-bluefield (Ubuntu package): before 5.4.0.1071.66
linux-image-5.4.0-1094-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1071-bluefield (Ubuntu package): before 5.4.0-1071.77
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
Fixed software versionsCPE2.3 External links
http://ubuntu.com/security/notices/USN-6387-2
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU79486
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2023-4128
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package linux-bluefield to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi2 (Ubuntu package): before 5.4.0.1094.124
linux-image-raspi (Ubuntu package): before 5.4.0.1094.124
linux-image-bluefield (Ubuntu package): before 5.4.0.1071.66
linux-image-5.4.0-1094-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1071-bluefield (Ubuntu package): before 5.4.0-1071.77
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
Fixed software versionsCPE2.3 External links
http://ubuntu.com/security/notices/USN-6387-2
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?