SB2023090648 - Ubuntu update for linux 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023090648

SB2023090648 - Ubuntu update for linux

Published: September 6, 2023

Security Bulletin ID SB2023090648
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 36% Medium 36% Low 27%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2023-21255)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the binder_transaction_buffer_release() function in Binder subsystem in Android kernel. A local application can trigger a use-after-fee error and execute arbitrary code with elevated privileges.


2) NULL pointer dereference (CVE-ID: CVE-2023-2898)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the f2fs_write_end_io() function in fs/f2fs/data.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.


3) Deadlock (CVE-ID: CVE-2023-31084)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a deadlock in drivers/media/dvb-core/dvb_frontend.c when a task is in !TASK_RUNNING. A local user can trigger a deadlock and crash the kernel.


4) Resource exhaustion (CVE-ID: CVE-2023-32247)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to ksmbd does not properly control consumption of internal resources when handling SMB2_SESSION_SETUP commands. A remote attacker can send specially crafted data to the server during session setup, trigger memory exhaustion and perform a denial of service (DoS) attack.


5) Race condition (CVE-ID: CVE-2023-32250)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a race condition within the fs/ksmbd/connection.c in ksmbd in Linux kernel when processing SMB2_SESSION_SETUP commands. A remote attacker can exploit the race by sending concurrent session setup and logoff request and execute arbitrary code on the system.


6) NULL pointer dereference (CVE-ID: CVE-2023-32252)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when handling SMB2_LOGOFF commands in ksmbd. A remote attacker can send specially crafted data to the server and perform a denial of service (DoS) attack.


7) Race condition (CVE-ID: CVE-2023-32257)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a race condition when handling SMB2_SESSION_SETUP and SMB2_LOGOFF commands. A remote attacker can send specially crafted data to the affected server, trigger a race condition and execute arbitrary code on the system.


8) Race condition (CVE-ID: CVE-2023-32258)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a race condition when processing SMB2_LOGOFF and SMB2_CLOSE commands in ksmbd. A remote attacker can send specially crafted data to the server and execute arbitrary code on the system.


9) Out-of-bounds read (CVE-ID: CVE-2023-38426)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the smb2_find_context_vals() function. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.


10) Out-of-bounds read (CVE-ID: CVE-2023-38428)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in fs/ksmbd/smb2pdu.c. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.


11) Off-by-one (CVE-ID: CVE-2023-38429)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one error within the ksmbd_smb2_check_message() function in fs/ksmbd/connection.c. A remote attacker can trigger an off-by-one error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References