UbuntuUSN-6495-1Linux kernel vulnerabilities
7.5 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:H/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
18.6%
Releases
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
Packages
- linux - Linux kernel
- linux-aws - Linux kernel for Amazon Web Services (AWS) systems
- linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems
- linux-bluefield - Linux kernel for NVIDIA BlueField platforms
- linux-hwe-5.4 - Linux hardware enablement (HWE) kernel
- linux-ibm - Linux kernel for IBM cloud systems
- linux-ibm-5.4 - Linux kernel for IBM cloud systems
- linux-iot - Linux kernel for IoT platforms
- linux-kvm - Linux kernel for cloud environments
- linux-oracle - Linux kernel for Oracle Cloud systems
- linux-oracle-5.4 - Linux kernel for Oracle Cloud systems
- linux-raspi - Linux kernel for Raspberry Pi systems
- linux-raspi-5.4 - Linux kernel for Raspberry Pi systems
- linux-xilinx-zynqmp - Linux kernel for Xilinx ZynqMP processors
Details
Yu Hao discovered that the UBI driver in the Linux kernel did not properly
check for MTD with zero erasesize during device attachment. A local
privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-31085)
Manfred Rudigier discovered that the Intel® PCI-Express Gigabit (igb)
Ethernet driver in the Linux kernel did not properly validate received
frames that are larger than the set MTU size, leading to a buffer overflow
vulnerability. An attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-45871)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 20.04 | noarch | linux-image-5.4.0-1026-iot | < 5.4.0-1026.27 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-image-5.4.0-1026-iot-dbgsym | < 5.4.0-1026.27 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-image-5.4.0-1034-xilinx-zynqmp | < 5.4.0-1034.38 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-buildinfo-5.4.0-1034-xilinx-zynqmp | < 5.4.0-1034.38 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-headers-5.4.0-1034-xilinx-zynqmp | < 5.4.0-1034.38 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-image-5.4.0-1034-xilinx-zynqmp-dbgsym | < 5.4.0-1034.38 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-modules-5.4.0-1034-xilinx-zynqmp | < 5.4.0-1034.38 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-tools-5.4.0-1034-xilinx-zynqmp | < 5.4.0-1034.38 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-xilinx-zynqmp-headers-5.4.0-1034 | < 5.4.0-1034.38 | UNKNOWN |
| Ubuntu | 20.04 | noarch | linux-xilinx-zynqmp-tools-5.4.0-1034 | < 5.4.0-1034.38 | UNKNOWN |
Related
7.5 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:H/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
18.6%