Linux kernel vulnerabilities

2024-02-0700:00:00

ubuntu.com

linux kernel

ubuntu

vulnerabilities

race condition

use-after-free

null pointer

denial of service

system crash

arbitrary code

xen event channel

renesas ethernet avb driver

nfc controller interface

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.1%

JSON

Releases

Ubuntu 20.04 LTS
Ubuntu 18.04 ESM

Packages

linux - Linux kernel
linux-aws - Linux kernel for Amazon Web Services (AWS) systems
linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems
linux-azure - Linux kernel for Microsoft Azure Cloud systems
linux-azure-5.4 - Linux kernel for Microsoft Azure cloud systems
linux-bluefield - Linux kernel for NVIDIA BlueField platforms
linux-gkeop - Linux kernel for Google Container Engine (GKE) systems
linux-hwe-5.4 - Linux hardware enablement (HWE) kernel
linux-ibm - Linux kernel for IBM cloud systems
linux-ibm-5.4 - Linux kernel for IBM cloud systems
linux-iot - Linux kernel for IoT platforms
linux-kvm - Linux kernel for cloud environments
linux-oracle - Linux kernel for Oracle Cloud systems
linux-oracle-5.4 - Linux kernel for Oracle Cloud systems
linux-xilinx-zynqmp - Linux kernel for Xilinx ZynqMP processors

Details

Marek Marczykowski-Górecki discovered that the Xen event channel
infrastructure implementation in the Linux kernel contained a race
condition. An attacker in a guest VM could possibly use this to cause a
denial of service (paravirtualized device unavailability). (CVE-2023-34324)

Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver
in the Linux kernel during device removal. A privileged attacker could use
this to cause a denial of service (system crash). (CVE-2023-35827)

It was discovered that a race condition existed in the Linux kernel when
performing operations with kernel objects, leading to an out-of-bounds
write. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-45863)

黄思聪 discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel did not properly handle certain memory allocation failure
conditions, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-46343)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchlinux-image-5.4.0-1030-iot< 5.4.0-1030.31UNKNOWN
Ubuntu20.04noarchlinux-image-5.4.0-1030-iot-dbgsym< 5.4.0-1030.31UNKNOWN
Ubuntu20.04noarchlinux-image-5.4.0-1037-xilinx-zynqmp< 5.4.0-1037.41UNKNOWN
Ubuntu20.04noarchlinux-buildinfo-5.4.0-1037-xilinx-zynqmp< 5.4.0-1037.41UNKNOWN
Ubuntu20.04noarchlinux-headers-5.4.0-1037-xilinx-zynqmp< 5.4.0-1037.41UNKNOWN
Ubuntu20.04noarchlinux-image-5.4.0-1037-xilinx-zynqmp-dbgsym< 5.4.0-1037.41UNKNOWN
Ubuntu20.04noarchlinux-modules-5.4.0-1037-xilinx-zynqmp< 5.4.0-1037.41UNKNOWN
Ubuntu20.04noarchlinux-tools-5.4.0-1037-xilinx-zynqmp< 5.4.0-1037.41UNKNOWN
Ubuntu20.04noarchlinux-xilinx-zynqmp-headers-5.4.0-1037< 5.4.0-1037.41UNKNOWN
Ubuntu20.04noarchlinux-xilinx-zynqmp-tools-5.4.0-1037< 5.4.0-1037.41UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	20.04	noarch	linux-image-5.4.0-1030-iot	< 5.4.0-1030.31	UNKNOWN
Ubuntu	20.04	noarch	linux-image-5.4.0-1030-iot-dbgsym	< 5.4.0-1030.31	UNKNOWN
Ubuntu	20.04	noarch	linux-image-5.4.0-1037-xilinx-zynqmp	< 5.4.0-1037.41	UNKNOWN
Ubuntu	20.04	noarch	linux-buildinfo-5.4.0-1037-xilinx-zynqmp	< 5.4.0-1037.41	UNKNOWN
Ubuntu	20.04	noarch	linux-headers-5.4.0-1037-xilinx-zynqmp	< 5.4.0-1037.41	UNKNOWN
Ubuntu	20.04	noarch	linux-image-5.4.0-1037-xilinx-zynqmp-dbgsym	< 5.4.0-1037.41	UNKNOWN
Ubuntu	20.04	noarch	linux-modules-5.4.0-1037-xilinx-zynqmp	< 5.4.0-1037.41	UNKNOWN
Ubuntu	20.04	noarch	linux-tools-5.4.0-1037-xilinx-zynqmp	< 5.4.0-1037.41	UNKNOWN
Ubuntu	20.04	noarch	linux-xilinx-zynqmp-headers-5.4.0-1037	< 5.4.0-1037.41	UNKNOWN
Ubuntu	20.04	noarch	linux-xilinx-zynqmp-tools-5.4.0-1037	< 5.4.0-1037.41	UNKNOWN