Lucene search

K
ubuntuUbuntuUSN-6624-1
HistoryFeb 07, 2024 - 12:00 a.m.

Linux kernel vulnerabilities

2024-02-0700:00:00
ubuntu.com
50
ubuntu
aws
gcp
hwe
lenovo x13s
low latency
oem
oracle
raspberry pi
starfive
xen event channel
renesas ethernet avb
secure encrypted virtualization
sev
io_uring
netfilter
tls subsystem
tipc protocol
race condition
use-after-free
null pointer dereference
cryptographic operations
dynset expressions
locking operations
kernel deadlock

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

21.6%

Releases

  • Ubuntu 23.10
  • Ubuntu 22.04 LTS

Packages

  • linux - Linux kernel
  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
  • linux-hwe-6.5 - Linux hardware enablement (HWE) kernel
  • linux-laptop - Linux kernel for Lenovo X13s ARM laptops
  • linux-lowlatency - Linux low latency kernel
  • linux-lowlatency-hwe-6.5 - Linux low latency kernel
  • linux-oem-6.5 - Linux kernel for OEM systems
  • linux-oracle - Linux kernel for Oracle Cloud systems
  • linux-raspi - Linux kernel for Raspberry Pi systems
  • linux-starfive - Linux kernel for StarFive processors

Details

Marek Marczykowski-Górecki discovered that the Xen event channel
infrastructure implementation in the Linux kernel contained a race
condition. An attacker in a guest VM could possibly use this to cause a
denial of service (paravirtualized device unavailability). (CVE-2023-34324)

Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver
in the Linux kernel during device removal. A privileged attacker could use
this to cause a denial of service (system crash). (CVE-2023-35827)

Tom Dohrmann discovered that the Secure Encrypted Virtualization (SEV)
implementation for AMD processors in the Linux kernel contained a race
condition when accessing MMIO registers. A local attacker in a SEV guest VM
could possibly use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-46813)

It was discovered that the io_uring subsystem in the Linux kernel contained
a race condition, leading to a null pointer dereference vulnerability. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-46862)

It was discovered that the netfilter subsystem in the Linux kernel did not
properly validate inner tunnel netlink attributes, leading to a null
pointer dereference vulnerability. A local attacker could use this to cause
a denial of service (system crash). (CVE-2023-5972)

It was discovered that the TLS subsystem in the Linux kernel did not
properly perform cryptographic operations in some situations, leading to a
null pointer dereference vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-6176)

Jann Horn discovered that a race condition existed in the Linux kernel when
handling io_uring over sockets, leading to a use-after-free vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6531)

Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did
not properly handle dynset expressions passed from userspace, leading to a
null pointer dereference vulnerability. A local attacker could use this to
cause a denial of service (system crash). (CVE-2023-6622)

It was discovered that the TIPC protocol implementation in the Linux kernel
did not properly handle locking during tipc_crypto_key_revoke() operations.
A local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2024-0641)

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

21.6%