SB2023121362 - Ubuntu update for linux-hwe-6.2
Published: December 13, 2023 Updated: February 27, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2023-37453)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the read_descriptors() function in drivers/usb/core/sysfs.c. An attacker with physical access to the system can attach a malicious USB device, trigger an out-of-bounds read error and crash the kernel.
2) Out-of-bounds read (CVE-ID: CVE-2023-3773)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes and gain access to sensitive information.
3) Out-of-bounds read (CVE-ID: CVE-2023-39189)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the nfnl_osf_add_callback() function in Linux kernel Netfilter. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.
4) Out-of-bounds read (CVE-ID: CVE-2023-39192)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition within the the u32_match_it() function in Netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and gain access to sensitive information.
5) Out-of-bounds read (CVE-ID: CVE-2023-39193)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sctp_mt_check() function in Netfilter subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
6) Out-of-bounds read (CVE-ID: CVE-2023-39194)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the XFRM subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
7) Use-after-free (CVE-ID: CVE-2023-39198)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the QXL driver in the Linux kernel. A local privileged user can trigger a use-after-free error and escalate privileges on the system.
8) NULL pointer dereference (CVE-ID: CVE-2023-42754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.
9) Input validation error (CVE-ID: CVE-2023-5158)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the vringh_kiov_advance() function in drivers/vhost/vringh.c in the host side of a virtio ring. A malicious guest can crash the host OS via zero length descriptor.
10) Use-after-free (CVE-ID: CVE-2023-5178)
The vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/nvme/target/tcp.c in nvmet_tcp_free_crypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
11) Out-of-bounds write (CVE-ID: CVE-2023-5717)
The vulnerability local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's Linux Kernel Performance Events (perf) component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
12) Use-after-free (CVE-ID: CVE-2023-6039)
The vulnerability allows a local user to perform a denial of service (DoS) atack.
The vulnerability exists due to a use-after-free error within the lan78xx_disconnect() function in drivers/net/usb/lan78xx.c. A local user can trigger a use-after-free error and crash the kernel.
Remediation
Install update from vendor's website.