Lucene search
Ubuntu: Security Advisory (USN-6647-2)
🗓️ 01 Mar 2024 00:00:00Reported by Copyright (C) 2024 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 27 Views
The remote host is missing an update for the 'linux-azure' package(s) announced via the USN-6647-2 advisory. It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion)
Show more
| Reporter | Title | Published | Views | Family All 199 |
|---|---|---|---|---|
 | linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities | 20 Feb 202420:06 | – | osv |
| linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities | 21 Feb 202413:28 | – | osv |
| linux-azure vulnerabilities | 29 Feb 202414:23 | – | osv |
| CVE-2023-51782 | 11 Jan 202419:15 | – | osv |
| SUSE-SU-2024:0639-1 Security update for the Linux Kernel RT (Live Patch 8 for SLE 15 SP5) | 27 Feb 202413:33 | – | osv |
| SUSE-SU-2024:0620-1 Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP5) | 26 Feb 202419:33 | – | osv |
| CVE-2023-51780 | 11 Jan 202419:15 | – | osv |
| SUSE-SU-2024:0694-1 Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP5) | 29 Feb 202407:35 | – | osv |
| SUSE-SU-2024:0656-1 Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP5) | 28 Feb 202412:03 | – | osv |
| SUSE-SU-2024:0663-1 Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP5) | 28 Feb 202418:03 | – | osv |
10
| Source | Link |
|---|---|
| ubuntu | www.ubuntu.com/security/notices/USN-6647-2 |
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.12.2024.6647.2");
script_cve_id("CVE-2023-51780", "CVE-2023-51782", "CVE-2023-7192");
script_tag(name:"creation_date", value:"2024-03-01 04:09:44 +0000 (Fri, 01 Mar 2024)");
script_version("2024-03-01T05:06:51+0000");
script_tag(name:"last_modification", value:"2024-03-01 05:06:51 +0000 (Fri, 01 Mar 2024)");
script_tag(name:"cvss_base", value:"6.0");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:S/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2024-01-18 19:25:22 +0000 (Thu, 18 Jan 2024)");
script_name("Ubuntu: Security Advisory (USN-6647-2)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU14\.04\ LTS");
script_xref(name:"Advisory-ID", value:"USN-6647-2");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-6647-2");
script_tag(name:"summary", value:"The remote host is missing an update for the 'linux-azure' package(s) announced via the USN-6647-2 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"It was discovered that a race condition existed in the ATM (Asynchronous
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)
It was discovered that a race condition existed in the Rose X.25 protocol
implementation in the Linux kernel, leading to a use-after- free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-51782)
It was discovered that the netfilter connection tracker for netlink in the
Linux kernel did not properly perform reference counting in some error
conditions. A local attacker could possibly use this to cause a denial of
service (memory exhaustion). (CVE-2023-7192)");
script_tag(name:"affected", value:"'linux-azure' package(s) on Ubuntu 14.04.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU14.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"linux-image-4.15.0-1174-azure", ver:"4.15.0-1174.189~14.04.1", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"linux-image-azure", ver:"4.15.0.1174.140", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo01 Mar 2024 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS35.5 - 7
EPSS0.00013
SSVC