Lucene search

K
ubuntuUbuntuUSN-6496-1
HistoryNov 21, 2023 - 12:00 a.m.

Linux kernel vulnerabilities

2023-11-2100:00:00
ubuntu.com
67
ubuntu
kernel packages
infiniband rdma driver
ubi driver
intel(r) pci-express gigabit
cve-2023-25775
cve-2023-31085
cve-2023-45871

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

35.9%

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Packages

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems
  • linux-hwe-5.15 - Linux hardware enablement (HWE) kernel
  • linux-ibm - Linux kernel for IBM cloud systems
  • linux-ibm-5.15 - Linux kernel for IBM cloud systems
  • linux-kvm - Linux kernel for cloud environments
  • linux-lowlatency - Linux low latency kernel
  • linux-lowlatency-hwe-5.15 - Linux low latency kernel
  • linux-nvidia - Linux kernel for NVIDIA systems
  • linux-oracle - Linux kernel for Oracle Cloud systems
  • linux-oracle-5.15 - Linux kernel for Oracle Cloud systems
  • linux-raspi - Linux kernel for Raspberry Pi systems

Details

Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem
discovered that the InfiniBand RDMA driver in the Linux kernel did not
properly check for zero-length STAG or MR registration. A remote attacker
could possibly use this to execute arbitrary code. (CVE-2023-25775)

Yu Hao discovered that the UBI driver in the Linux kernel did not properly
check for MTD with zero erasesize during device attachment. A local
privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-31085)

Manfred Rudigier discovered that the Intel® PCI-Express Gigabit (igb)
Ethernet driver in the Linux kernel did not properly validate received
frames that are larger than the set MTU size, leading to a buffer overflow
vulnerability. An attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-45871)

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

35.9%