SB2023120642 - Ubuntu update for linux-gcp

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Division by zero (CVE-ID: CVE-2023-31085)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a divide by zero error within the drivers/mtd/ubi/cdev.c driver. A local user can perform a denial of service (DoS) attack.

2) Out-of-bounds read (CVE-ID: CVE-2023-39189)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the nfnl_osf_add_callback() function in Linux kernel Netfilter. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.

3) Use-after-free (CVE-ID: CVE-2023-4244)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Linux kernel netfilter: nf_tables component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

4) NULL pointer dereference (CVE-ID: CVE-2023-42754)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.

5) Use-after-free (CVE-ID: CVE-2023-45898)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in fs/ext4/extents_status.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

6) Improper handling of exceptional conditions (CVE-ID: CVE-2023-5090)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of errors within the svm_set_x2apic_msr_interception() function in KVM. A local user can send specially crafted input and perform a denial of service (DoS) attack.

7) Input validation error (CVE-ID: CVE-2023-5158)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the vringh_kiov_advance() function in drivers/vhost/vringh.c in the host side of a virtio ring. A malicious guest can crash the host OS via zero length descriptor.

8) Use-after-free (CVE-ID: CVE-2023-5178)

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drivers/nvme/target/tcp.c in nvmet_tcp_free_crypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

9) Use-after-free (CVE-ID: CVE-2023-5345)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smb3_fs_context_parse_param() function in fs/smb/client component. A remote attacker can execute arbitrary code with elevated privileges.

10) Use-after-free (CVE-ID: CVE-2023-5633)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error when running inside a VMware guest with 3D acceleration enabled. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

11) Out-of-bounds write (CVE-ID: CVE-2023-5717)

The vulnerability local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Linux kernel's Linux Kernel Performance Events (perf) component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-6537-1