SB2023072736 - Ubuntu update for linux-aws-5.19
Published: July 27, 2023 Updated: October 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2022-48502)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ntfs_set_ea() function in fs/ntfs3/xattr.c in Linux kernel ntfs3 subsystem. A local user can trigger an out-of-bounds read error and read contents of memory on the system or crash the OS kernel.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-2640)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing permission checks for trusted.overlayfs.* xattrs". A local user can set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.
3) Out-of-bounds write (CVE-ID: CVE-2023-3090)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the ipvlan network driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
4) Use-after-free (CVE-ID: CVE-2023-31248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in nft_chain_lookup_byid() function, which failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace. A local user ca trigger a use-after-free error and execute arbitrary code with elevated privileges.
5) Use-after-free (CVE-ID: CVE-2023-3141)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the r592_remove() function of drivers/memstick/host/r592.c in media access in the Linux kernel. A local user can trigger a use-after-free error and escalate privileges on the system.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-32629)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to ovl_copy_up_meta_inode_data skips permission checks when calling ovl_do_setxattr on Ubuntu kernels. A local user can execute arbitrary code with elevated privileges.
7) Use-after-free (CVE-ID: CVE-2023-3389)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux Kernel io_uring subsystem. A local user can exploit a race condition and execute arbitrary code with elevated privileges.
8) Use-after-free (CVE-ID: CVE-2023-3390)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within net/netfilter/nf_tables_api.c in the Linux kernel netfilter subsystem. A local user can trigger a use-after-fee error and escalate privileges on the system.
9) Out-of-bounds write (CVE-ID: CVE-2023-35001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_byteorder() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.