Lucene search

K
ubuntuUbuntuUSN-6496-2
HistoryNov 30, 2023 - 12:00 a.m.

Linux kernel vulnerabilities

2023-11-3000:00:00
ubuntu.com
103
ubuntu
linux kernel
security vulnerabilities
azure
google cloud platform
infiniband rdma
ubi driver
denial of service
buffer overflow

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

35.9%

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Packages

  • linux-azure - Linux kernel for Microsoft Azure Cloud systems
  • linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems
  • linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems
  • linux-azure-fde-5.15 - Linux kernel for Microsoft Azure CVM cloud systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-gcp-5.15 - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-gke - Linux kernel for Google Container Engine (GKE) systems
  • linux-gkeop - Linux kernel for Google Container Engine (GKE) systems
  • linux-gkeop-5.15 - Linux kernel for Google Container Engine (GKE) systems

Details

Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem
discovered that the InfiniBand RDMA driver in the Linux kernel did not
properly check for zero-length STAG or MR registration. A remote attacker
could possibly use this to execute arbitrary code. (CVE-2023-25775)

Yu Hao discovered that the UBI driver in the Linux kernel did not properly
check for MTD with zero erasesize during device attachment. A local
privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-31085)

Manfred Rudigier discovered that the Intel® PCI-Express Gigabit (igb)
Ethernet driver in the Linux kernel did not properly validate received
frames that are larger than the set MTU size, leading to a buffer overflow
vulnerability. An attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-45871)

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

35.9%