CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
21.6%
Marek Marczykowski-Górecki discovered that the Xen event channel
infrastructure implementation in the Linux kernel contained a race
condition. An attacker in a guest VM could possibly use this to cause a
denial of service (paravirtualized device unavailability). (CVE-2023-34324)
Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver
in the Linux kernel during device removal. A privileged attacker could use
this to cause a denial of service (system crash). (CVE-2023-35827)
Tom Dohrmann discovered that the Secure Encrypted Virtualization (SEV)
implementation for AMD processors in the Linux kernel contained a race
condition when accessing MMIO registers. A local attacker in a SEV guest VM
could possibly use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-46813)
It was discovered that the io_uring subsystem in the Linux kernel contained
a race condition, leading to a null pointer dereference vulnerability. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-46862)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly validate inner tunnel netlink attributes, leading to a null
pointer dereference vulnerability. A local attacker could use this to cause
a denial of service (system crash). (CVE-2023-5972)
It was discovered that the TLS subsystem in the Linux kernel did not
properly perform cryptographic operations in some situations, leading to a
null pointer dereference vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-6176)
Jann Horn discovered that a race condition existed in the Linux kernel when
handling io_uring over sockets, leading to a use-after-free vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6531)
Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did
not properly handle dynset expressions passed from userspace, leading to a
null pointer dereference vulnerability. A local attacker could use this to
cause a denial of service (system crash). (CVE-2023-6622)
It was discovered that the TIPC protocol implementation in the Linux kernel
did not properly handle locking during tipc_crypto_key_revoke() operations.
A local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2024-0641)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 23.10 | noarch | linux-image-6.5.0-1007-starfive | < 6.5.0-1007.8 | UNKNOWN |
Ubuntu | 23.10 | noarch | linux-buildinfo-6.5.0-1007-starfive | < 6.5.0-1007.8 | UNKNOWN |
Ubuntu | 23.10 | noarch | linux-headers-6.5.0-1007-starfive | < 6.5.0-1007.8 | UNKNOWN |
Ubuntu | 23.10 | noarch | linux-image-6.5.0-1007-starfive-dbgsym | < 6.5.0-1007.8 | UNKNOWN |
Ubuntu | 23.10 | noarch | linux-modules-6.5.0-1007-starfive | < 6.5.0-1007.8 | UNKNOWN |
Ubuntu | 23.10 | noarch | linux-modules-extra-6.5.0-1007-starfive | < 6.5.0-1007.8 | UNKNOWN |
Ubuntu | 23.10 | noarch | linux-starfive-headers-6.5.0-1007 | < 6.5.0-1007.8 | UNKNOWN |
Ubuntu | 23.10 | noarch | linux-starfive-tools-6.5.0-1007 | < 6.5.0-1007.8 | UNKNOWN |
Ubuntu | 23.10 | noarch | linux-tools-6.5.0-1007-starfive | < 6.5.0-1007.8 | UNKNOWN |
Ubuntu | 23.10 | noarch | linux-image-6.5.0-1009-laptop | < 6.5.0-1009.12 | UNKNOWN |
ubuntu.com/security/CVE-2023-34324
ubuntu.com/security/CVE-2023-35827
ubuntu.com/security/CVE-2023-46813
ubuntu.com/security/CVE-2023-46862
ubuntu.com/security/CVE-2023-5972
ubuntu.com/security/CVE-2023-6176
ubuntu.com/security/CVE-2023-6531
ubuntu.com/security/CVE-2023-6622
ubuntu.com/security/CVE-2024-0641