SB2023040661 - Ubuntu update for linux-bluefield 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023040661

SB2023040661 - Ubuntu update for linux-bluefield

Published: April 6, 2023 Updated: August 22, 2025

Security Bulletin ID SB2023040661
Severity
High
Patch available
YES
Number of vulnerabilities 23
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 4% Medium 17% Low 78%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 23 secuirty vulnerabilities.


1) Resource management error (CVE-ID: CVE-2022-3169)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in Linux kernel when handling a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver. A local user can force the a PCIe link to disconnect.


2) Use-after-free (CVE-ID: CVE-2022-3424)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gru_set_context_option(), gru_fault() and gru_handle_user_call_os() functions in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


3) Out-of-bounds read (CVE-ID: CVE-2022-3435)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the fib_nh_match() function in net/ipv4/fib_semantics.c IPv4 handler. A remote attacker can send specially crafted data to the system, trigger an out-of-bounds read error and read contents of memory on the system.


4) Race condition (CVE-ID: CVE-2022-3521)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the kcm_tx_work() function in net/kcm/kcmsock.c in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.


5) Buffer overflow (CVE-ID: CVE-2022-3545)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the area_cache_get() function in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.


6) Race condition (CVE-ID: CVE-2022-3623)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the follow_page_pte() function in mm/gup.c. A local user can exploit the race and escalate privileges on the system.


7) Out-of-bounds write (CVE-ID: CVE-2022-36280)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.


8) Use-after-free (CVE-ID: CVE-2022-41218)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dvb_demux_open() and dvb_dmxdev_release() function in drivers/media/dvb-core/dmxdev.c in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


9) Buffer overflow (CVE-ID: CVE-2022-4139)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the i915 kernel driver on Linux kernel. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.



10) Resource management error (CVE-ID: CVE-2022-42328)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources. An attacker with access to the guest OS can trigger deadlock in Linux netback driver and perform a denial of service (DoS) attack of the host via the paravirtualized network interface.


11) Resource management error (CVE-ID: CVE-2022-42329)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources. An attacker with access to the guest OS can trigger deadlock in Linux netback driver and perform a denial of service (DoS) attack of the host via the paravirtualized network interface.


12) Out-of-bounds read (CVE-ID: CVE-2022-47520)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver.  A local user can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet and perform a denial of service (DoS) attack.


13) NULL pointer dereference (CVE-ID: CVE-2022-47929)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the traffic control subsystem in Linux kernel. A local user can pass pass a specially crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands and perform a denial of service (DoS) attack.


14) Security features bypass (CVE-ID: CVE-2023-0045)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to Linux kernel does not correctly mitigate SMT attacks. A local user can bypass Spectre-BTI user space mitigations and gain access to sensitive information.


15) Use-after-free (CVE-ID: CVE-2023-0266)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_ctl_elem_read() function in the Linux kernel sound subsystem. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.


16) NULL pointer dereference (CVE-ID: CVE-2023-0394)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.


17) Use-after-free (CVE-ID: CVE-2023-0461)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Upper Level Protocol (ULP) subsystem in Linux kernel caused by improper handling of sockets entering the LISTEN state in certain protocols. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.



18) NULL pointer dereference (CVE-ID: CVE-2023-1382)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in net/tipc/topsrv.c within the TIPC protocol implementation in the Linux kernel. A local user can perform a denial of service (DoS) attack.


19) Buffer overflow (CVE-ID: CVE-2023-20938)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Binder component in kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

20) Type Confusion (CVE-ID: CVE-2023-23454)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error within the cbq_classify() function in net/sched/sch_cbq.c in the Linux kernel. A local user can trigger a type confusion error and crash the kernel.


21) Type Confusion (CVE-ID: CVE-2023-23455)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error within the atm_tc_enqueue() function in net/sched/sch_atm.c in the Linux kernel. A local user can trigger a type confusion error and perform a denial of service (DoS) attack.


22) Out-of-bounds read (CVE-ID: CVE-2023-26607)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the ntfs_attr_find() function in fs/ntfs/attrib.c in Linux kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.


23) NULL pointer dereference (CVE-ID: CVE-2023-28328)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References