CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
59.6%
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly check buffer indexes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48502)
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS
implementation in the Ubuntu Linux kernel did not properly perform
permission checks in certain situations. A local attacker could possibly
use this to gain elevated privileges. (CVE-2023-2640)
It was discovered that the IP-VLAN network driver for the Linux kernel did
not properly initialize memory in some situations, leading to an out-of-
bounds write vulnerability. An attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-3090)
Mingi Cho discovered that the netfilter subsystem in the Linux kernel did
not properly validate the status of a nft chain while performing a lookup
by id, leading to a use-after-free vulnerability. An attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-31248)
It was discovered that the Ricoh R5C592 MemoryStick card reader driver in
the Linux kernel contained a race condition during module unload, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-3141)
Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in
the Ubuntu Linux kernel did not properly perform permission checks in
certain situations. A local attacker could possibly use this to gain
elevated privileges. (CVE-2023-32629)
Querijn Voet discovered that a race condition existed in the io_uring
subsystem in the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-3389)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle some error conditions, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-3390)
Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel
did not properly handle certain pointer data type, leading to an out-of-
bounds write vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35001)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 22.04 | noarch | linux-image-5.19.0-1029-aws | < 5.19.0-1029.30~22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-image-5.19.0-1029-aws-dbgsym | < 5.19.0-1029.30~22.04.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-image-generic-hwe-22.04 | < 5.19.0.50.22 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-cloud-tools-generic-hwe-22.04 | < 5.19.0.50.22 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-cloud-tools-virtual-hwe-22.04 | < 5.19.0.50.22 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-generic-hwe-22.04 | < 5.19.0.50.22 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-headers-generic-hwe-22.04 | < 5.19.0.50.22 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-headers-virtual-hwe-22.04 | < 5.19.0.50.22 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-image-extra-virtual-hwe-22.04 | < 5.19.0.50.22 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-image-virtual-hwe-22.04 | < 5.19.0.50.22 | UNKNOWN |
ubuntu.com/security/CVE-2022-48502
ubuntu.com/security/CVE-2023-2640
ubuntu.com/security/CVE-2023-3090
ubuntu.com/security/CVE-2023-31248
ubuntu.com/security/CVE-2023-3141
ubuntu.com/security/CVE-2023-32629
ubuntu.com/security/CVE-2023-3389
ubuntu.com/security/CVE-2023-3390
ubuntu.com/security/CVE-2023-35001