SB2024040968 - Ubuntu update for linux

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024040968

SB2024040968 - Ubuntu update for linux

Published: April 9, 2024

Security Bulletin ID SB2024040968
Severity
Medium
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Medium 8% Low 92%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2023-46838)

The vulnerability allows an unprivileged guest to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of network packets at the backend. An unprivileged guest can send zero-length packets to the OS kernel and perform a denial of service (DoS) attack.


2) Memory leak (CVE-ID: CVE-2023-50431)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due memory leak within the sec_attest_info() function in drivers/accel/habanalabs/common/habanalabs_ioctl.c. A local user can cause information leak to user space.


3) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2023-52429)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dm_table_create() function in drivers/md/dm-table.c. A local user can pass specially crafted data to the kernel and perform a denial of service (DoS) attack.


4) Out-of-bounds read (CVE-ID: CVE-2024-23851)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the copy_params() function in drivers/md/dm-ioctl.c. A remote attacker can trigger an out-of-bounds read and perform a denial of service (DoS) attack.


5) Out-of-bounds read (CVE-ID: CVE-2023-6610)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary condition within the smb2_dump_detail() function in fs/smb/client/smb2ops.c. A local user can trigger an out-of-bounds read error and gain access to sensitive information or crash the kernel.


6) Out-of-bounds read (CVE-ID: CVE-2024-22705)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c in Linux kernel ksmbd. A local user can trigger an out-of-bounds read error and read contents of memory on the system.


7) Reachable Assertion (CVE-ID: CVE-2024-23850)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the btrfs_get_root_ref() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.


8) Buffer overflow (CVE-ID: CVE-2023-52434)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the smb2_parse_contexts() function when parsing SMB packets. A remote user can send specially crafted SMB traffic to the affected system, trigger memory corruption and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


9) Information disclosure (CVE-ID: CVE-2023-52436)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the __f2fs_setxattr() function in fs/f2fs/xattr.c, does not empty by default the unused space in the xattr list. A local user can gain access to potentially sensitive information.


10) Buffer overflow (CVE-ID: CVE-2023-52435)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the skb_segment() function. A local user can trigger memory corruption and crash the kernel.



11) Use-after-free (CVE-ID: CVE-2023-52439)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uio_open() function in drivers/uio/uio.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


12) Use-after-free (CVE-ID: CVE-2023-52438)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the binder_alloc_free_page() function in drivers/android/binder_alloc.c. A local user can trigger a race condition and escalate privileges on the system.


Remediation

Install update from vendor's website.

References