Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6417-1
HistoryOct 04, 2023 - 12:00 a.m.

Linux kernel vulnerabilities

2023-10-0400:00:00
ubuntu.com
37
ebpf implementation
ipv6
hash collisions
gfs2 file system
decnet network protocol
nfc implementation
tun/tap driver

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:C/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.007

Percentile

80.3%

JSON

Releases

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM

Packages

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems
  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-azure-5.4 - Linux kernel for Microsoft Azure cloud systems
  • linux-bluefield - Linux kernel for NVIDIA BlueField platforms
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-gkeop - Linux kernel for Google Container Engine (GKE) systems
  • linux-hwe-5.4 - Linux hardware enablement (HWE) kernel
  • linux-ibm - Linux kernel for IBM cloud systems
  • linux-ibm-5.4 - Linux kernel for IBM cloud systems
  • linux-iot - Linux kernel for IoT platforms
  • linux-kvm - Linux kernel for cloud environments
  • linux-oracle - Linux kernel for Oracle Cloud systems
  • linux-oracle-5.4 - Linux kernel for Oracle Cloud systems
  • linux-raspi - Linux kernel for Raspberry Pi systems
  • linux-raspi-5.4 - Linux kernel for Raspberry Pi systems
  • linux-xilinx-zynqmp - Linux kernel for Xilinx ZynqMP processors

Details

It was discovered that the eBPF implementation in the Linux kernel
contained a race condition around read-only maps. A privileged attacker
could use this to modify read-only maps. (CVE-2021-4001)

It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)

Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)

Davide Ornaghi discovered that the DECnet network protocol implementation
in the Linux kernel contained a null pointer dereference vulnerability. A
remote attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. Please note that kernel support for the
DECnet has been removed to resolve this CVE. (CVE-2023-3338)

It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)

It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-4194)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchlinux-image-5.4.0-1023-iot< 5.4.0-1023.24UNKNOWN
Ubuntu20.04noarchlinux-image-5.4.0-1023-iot-dbgsym< 5.4.0-1023.24UNKNOWN
Ubuntu20.04noarchlinux-image-5.4.0-1031-xilinx-zynqmp< 5.4.0-1031.35UNKNOWN
Ubuntu20.04noarchlinux-buildinfo-5.4.0-1031-xilinx-zynqmp< 5.4.0-1031.35UNKNOWN
Ubuntu20.04noarchlinux-headers-5.4.0-1031-xilinx-zynqmp< 5.4.0-1031.35UNKNOWN
Ubuntu20.04noarchlinux-image-5.4.0-1031-xilinx-zynqmp-dbgsym< 5.4.0-1031.35UNKNOWN
Ubuntu20.04noarchlinux-modules-5.4.0-1031-xilinx-zynqmp< 5.4.0-1031.35UNKNOWN
Ubuntu20.04noarchlinux-tools-5.4.0-1031-xilinx-zynqmp< 5.4.0-1031.35UNKNOWN
Ubuntu20.04noarchlinux-xilinx-zynqmp-headers-5.4.0-1031< 5.4.0-1031.35UNKNOWN
Ubuntu20.04noarchlinux-xilinx-zynqmp-tools-5.4.0-1031< 5.4.0-1031.35UNKNOWN
Rows per page:
1-10 of 3851

Related

nessus 48
openvas 38
osv 19
prion 6
debiancve 6
cvelist 6
cve 6
redhatcve 6
nvd 6
cnvd 3
fedora 4
cbl_mariner 10
ubuntucve 7
githubexploit 3
ubuntu 13
amazon 2
ibm 3
photon 4
mageia 6
redos 1
debian 2
nessus
nessus
Ubuntu 18.04 ESM / 20.04 LTS : Linux kernel vulnerabilities (USN-6417-1)
2023-10-05 00:00:00
Photon OS 4.0: Linux PHSA-2023-4.0-0465
2024-07-24 00:00:00
CBL Mariner 2.0 Security Update: hyperv-daemons / kernel (CVE-2023-3338)
2024-08-16 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6417-1)
2023-10-05 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2021-c0dc424b7d)
2021-12-04 00:00:00
Ubuntu: Security Advisory (USN-6416-3)
2023-10-20 00:00:00
osv
osv
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
2023-10-04 22:42:49
linux-hwe-5.15, linux-oracle-5.15 vulnerabilities
2023-10-06 13:13:53
CVE-2023-3338
2023-06-30 22:15:10
prion
prion
Race condition
2022-01-21 19:15:00
Null pointer dereference
2023-06-23 20:15:00
Null pointer dereference
2023-06-30 22:15:00
debiancve
debiancve
CVE-2021-4001
2022-01-21 19:15:09
CVE-2023-3212
2023-06-23 20:15:09
CVE-2023-3338
2023-06-30 22:15:10
cvelist
cvelist
CVE-2021-4001
2022-01-21 00:00:00
CVE-2023-3338 Crash due to a null pointer dereference in the dn_nsp_send function
2023-06-30 00:00:00
CVE-2023-3212
2023-06-23 00:00:00
cve
cve
CVE-2021-4001
2022-01-21 19:15:09
CVE-2023-3212
2023-06-23 20:15:09
CVE-2023-3338
2023-06-30 22:15:10
redhatcve
redhatcve
CVE-2021-4001
2021-11-22 17:00:56
CVE-2023-3212
2023-06-12 23:35:37
CVE-2023-3338
2023-06-29 17:17:11
nvd
nvd
CVE-2023-3338
2023-06-30 22:15:10
CVE-2021-4001
2022-01-21 19:15:09
CVE-2023-3212
2023-06-23 20:15:09
cnvd
cnvd
Linux kernel has unspecified vulnerabilities (CNVD-2022-10716)
2021-12-02 00:00:00
Linux kernel resource management error vulnerability (CNVD-2023-56640)
2023-07-12 00:00:00
Linux kernel nfc_llcp_find_local memory misreference vulnerability
2023-07-30 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: kernel-5.15.5-100.fc34
2021-11-30 01:12:06
[SECURITY] Fedora 35 Update: kernel-5.15.5-200.fc35
2021-11-30 01:22:50
[SECURITY] Fedora 38 Update: kernel-6.4.10-200.fc38
2023-08-14 01:34:28
cbl_mariner
cbl_mariner
CVE-2023-3212 affecting package kernel for versions less than 5.15.118.1-2
2023-08-10 16:37:57
CVE-2021-4001 affecting package kernel 5.10.189.1-1
2022-02-25 01:46:15
CVE-2023-3338 affecting package kernel for versions less than 5.15.137.1-1
2023-11-17 23:23:29
ubuntucve
ubuntucve
CVE-2021-4001
2021-11-25 00:00:00
CVE-2023-3212
2023-06-23 00:00:00
CVE-2023-3338
2023-06-30 00:00:00
githubexploit
githubexploit
Exploit for NULL Pointer Dereference in Linux Linux Kernel
2023-06-29 10:12:18
Exploit for NULL Pointer Dereference in Linux Linux Kernel
2023-06-29 10:12:18
Exploit for NULL Pointer Dereference in Linux Linux Kernel
2023-06-20 10:50:30
ubuntu
ubuntu
Linux kernel vulnerabilities
2023-10-06 00:00:00
Linux kernel (Raspberry Pi) vulnerabilities
2023-10-19 00:00:00
Linux kernel vulnerabilities
2023-10-04 00:00:00
amazon
amazon
Important: kernel
2023-06-27 23:45:00
Important: kernel
2023-06-28 00:07:00
ibm
ibm
Security Bulletin: A Security Vulnerability was discovered in the IBM Security Verify Access Appliance. (CVE-2023-1206)
2024-08-27 19:37:39
Security Bulletin: This Power System update is being released to address CVE-2023-1206
2024-09-17 19:09:28
Security Bulletin: IBM DataPower Gateway vulnerable to physical attacks and DoS.
2024-09-17 21:36:28
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0465
2023-09-06 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0621
2023-07-29 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0474
2023-09-17 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2023-07-19 22:53:31
Updated kernel-linus packages fix security vulnerabilities
2021-12-05 22:06:44
Updated kernel packages fix security vulnerabilities
2021-12-05 22:06:44
redos
redos
ROS-20231009-02
2023-10-09 00:00:00
debian
debian
[SECURITY] [DSA 5480-1] linux security update
2023-08-18 19:01:58
[SECURITY] [DLA 3623-1] linux-5.10 security update
2023-10-19 21:24:05

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:C/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.007

Percentile

80.3%

JSON
Related for USN-6417-1
nessus48openvas38osv19prion6debiancve6cvelist6cve6redhatcve6nvd6cnvd3fedora4cbl_mariner10ubuntucve7githubexploit3ubuntu13amazon2ibm3photon4mageia6redos1debian2