SB2024020812 - Ubuntu update for linux
Published: February 8, 2024 Updated: May 13, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Race condition (CVE-ID: CVE-2023-32250)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition within the fs/ksmbd/connection.c in ksmbd in Linux kernel when processing SMB2_SESSION_SETUP commands. A remote attacker can exploit the race by sending concurrent session setup and logoff request and execute arbitrary code on the system.
2) NULL pointer dereference (CVE-ID: CVE-2023-32252)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when handling SMB2_LOGOFF commands in ksmbd. A remote attacker can send specially crafted data to the server and perform a denial of service (DoS) attack.
3) Race condition (CVE-ID: CVE-2023-32257)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition when handling SMB2_SESSION_SETUP and SMB2_LOGOFF commands. A remote attacker can send specially crafted data to the affected server, trigger a race condition and execute arbitrary code on the system.
4) Deadlock (CVE-ID: CVE-2023-34324)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper event handling in Linux kernel. A malicious guest can disable paravirtualized device to cause a deadlock in a backend domain (other than dom0).
5) Use-after-free (CVE-ID: CVE-2023-35827)
The vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
6) Improper access control (CVE-ID: CVE-2023-46813)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses. A local user can gain arbitrary write access to kernel memory and execute arbitrary code with elevated privileges.
7) Use-after-free (CVE-ID: CVE-2023-6039)
The vulnerability allows a local user to perform a denial of service (DoS) atack.
The vulnerability exists due to a use-after-free error within the lan78xx_disconnect() function in drivers/net/usb/lan78xx.c. A local user can trigger a use-after-free error and crash the kernel.
8) NULL pointer dereference (CVE-ID: CVE-2023-6176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel API for the cryptographic algorithm scatterwalk functionality in scatterwalk_copychunks(). A local user can send a malicious packet with specific socket configuration and crash the OS kernel.
9) NULL pointer dereference (CVE-ID: CVE-2023-6622)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nft_dynset_init() function in net/netfilter/nft_dynset.c in nf_tables. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
10) Improper locking (CVE-ID: CVE-2024-0641)
The vulnerability allows a malicious guest to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to double-locking error within the tipc_crypto_key_revoke() function in net/tipc/crypto.c. A malicious guest can exploit this vulnerability to cause a deadlock, resulting in a denial of service.
Remediation
Install update from vendor's website.