SB2023090103 - Ubuntu update for linux-azure
Published: September 1, 2023 Updated: January 10, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 35 secuirty vulnerabilities.
1) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2022-40982)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to the way data is shared between threads whereby the AVX GATHER instructions on Intel processors can forward the content of stale vector registers to dependent instructions. A malicious guest can infer data from different contexts on the same core and execute arbitrary code with elevated privileges.
2) Deadlock (CVE-ID: CVE-2022-4269)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in the Linux kernel Traffic Control (TC) subsystem. A local user can use a specific network configuration (redirecting egress packets to ingress using TC action "mirred") to trigger a CPU soft lockup.
3) Out-of-bounds read (CVE-ID: CVE-2022-48502)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ntfs_set_ea() function in fs/ntfs3/xattr.c in Linux kernel ntfs3 subsystem. A local user can trigger an out-of-bounds read error and read contents of memory on the system or crash the OS kernel.
4) Memory leak (CVE-ID: CVE-2023-0597)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to memory leak within the Linux kernel cpu_entry_area mapping of X86 CPU data. A local user can gain access to sensitive information.
5) Use-after-free (CVE-ID: CVE-2023-1611)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the btrfs_search_slot() function in fs/btrfs/ctree.c. A local user can trigger a use-after-free error and crash the kernel.
6) Use-after-free (CVE-ID: CVE-2023-1855)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xgene_hwmon_remove() function in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). A local user can trigger a use-after-free error and execute arbitrary code on the system.
7) Use-after-free (CVE-ID: CVE-2023-1990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the ndlc_remove() function in drivers/nfc/st-nci/ndlc.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-2002)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permissions check in the Bluetooth subsystem when handling ioctl system calls of HCI sockets. A local user can acquire a trusted socket, leading to unauthorized execution of management commands.
9) Use-after-free (CVE-ID: CVE-2023-20593)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in AMD Zen2 processors. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Note, the vulnerability was dubbed Zenbleed.
10) Out-of-bounds read (CVE-ID: CVE-2023-2124)
The vulnerability allows a local user to perform a denial of service (DoS) attack..
The vulnerability exists due to a boundary condition within the XFS subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and crash the kernel.
11) Improper input validation (CVE-ID: CVE-2023-21400)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Kernel io_uring subcomponent in Kernel components. A local application can execute arbitrary code.
12) Out-of-bounds write (CVE-ID: CVE-2023-2163)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in BPF verifier caused by improper marking of
registers for precision tracking in certain situations. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
13) Out-of-bounds write (CVE-ID: CVE-2023-2194)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's SLIMpro I2C device driver. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
14) Use-after-free (CVE-ID: CVE-2023-2235)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux Kernel Performance Events system. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
15) Improper locking (CVE-ID: CVE-2023-2269)
The vulnerability allows a local user to perform a denial of service attack (DoS).
The vulnerability exists due to double-locking error in table_clear in drivers/md/dm-ioctl.c. A local user can perform a denial of service (DoS) attack.
16) NULL pointer dereference (CVE-ID: CVE-2023-23004)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the get_sg_table() function in drivers/gpu/drm/arm/malidp_planes.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
17) Race condition (CVE-ID: CVE-2023-28466)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition caused by a missing lock_sock call within the do_tls_getsockopt() function in net/tls/tls_main.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
18) Race condition (CVE-ID: CVE-2023-30772)
The vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to a race condition in rivers/power/supply/da9150-charger.c in Linux kernel. An attacker with physical access to device can trigger a race condition while unplugin the device and execute arbitrary code on the system.
19) Use-after-free (CVE-ID: CVE-2023-3141)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the r592_remove() function of drivers/memstick/host/r592.c in media access in the Linux kernel. A local user can trigger a use-after-free error and escalate privileges on the system.
20) NULL pointer dereference (CVE-ID: CVE-2023-32248)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in ksmbd in Linux kernel when handling SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
21) Out-of-bounds read (CVE-ID: CVE-2023-3268)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the relay_file_read_start_pos() function in kernel/relay.c in the relayfs. A local user can trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.
22) Race condition (CVE-ID: CVE-2023-33203)
The vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to a race condition in drivers/net/ethernet/qualcomm/emac/emac.c. An attacker with physical access to the system can exploit the race by unplugging an emac based device and execute arbitrary code with elevated privileges.
23) Use-after-free (CVE-ID: CVE-2023-33288)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the bq24190_remove function in drivers/power/supply/bq24190_charger.c. A local authenticated user can trigger a use-after-free error and perform a denial of service (DoS) attack.
24) Race condition (CVE-ID: CVE-2023-35823)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the saa7134_finidev() function in drivers/media/pci/saa7134/saa7134-core.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
25) Use-after-free (CVE-ID: CVE-2023-35824)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dm1105_remove() function in drivers/media/pci/dm1105/dm1105.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
26) Race condition (CVE-ID: CVE-2023-35828)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the renesas_usb3_remove() function in drivers/usb/gadget/udc/renesas_usb3.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
27) Use-after-free (CVE-ID: CVE-2023-35829)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rkvdec_remove() function in drivers/staging/media/rkvdec/rkvdec.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
28) Use-after-free (CVE-ID: CVE-2023-3609)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: cls_u32 component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
29) Use-after-free (CVE-ID: CVE-2023-3610)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_tables component in Linux kernel netfilter. A local user with CAP_NET_ADMIN capability can trigger a use-after-free error and execute arbitrary code with elevated privileges.
30) Out-of-bounds write (CVE-ID: CVE-2023-3611)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the qfq_change_agg() function in net/sched/sch_qfq.c within the Linux kernel net/sched: sch_qfq component. A local user trigger an out-of-bounds write and execute arbitrary code on the target system.
31) Use-after-free (CVE-ID: CVE-2023-3776)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel's net/sched: cls_fw component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
32) Resource management error (CVE-ID: CVE-2023-3777)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper handling of table rules flush in certain circumstances within the netfilter subsystem in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack or execute arbitrary code with elevated privileges.
33) Buffer overflow (CVE-ID: CVE-2023-3995)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/nf_tables_api.c when handling rule additions to bound chains. A local user can trigger memory corruption and execute arbitrary code on the target system.
34) Use-after-free (CVE-ID: CVE-2023-4004)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. A local user can execute arbitrary code with elevated privileges.
35) Buffer overflow (CVE-ID: CVE-2023-4015)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/nft_immediate.c when handling bound chain deactivation. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.