9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.7%
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate certain data structure fields when parsing lease
contexts, leading to an out-of-bounds read vulnerability. A remote attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information. (CVE-2023-1194)
Quentin Minster discovered that a race condition existed in the KSMBD
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A remote attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2023-32254)
It was discovered that a race condition existed in the KSMBD implementation
in the Linux kernel when handling session connections, leading to a use-
after-free vulnerability. A remote attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-32258)
It was discovered that the KSMBD implementation in the Linux kernel did not
properly validate buffer sizes in certain operations, leading to an integer
underflow and out-of-bounds read vulnerability. A remote attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2023-38427)
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate SMB request protocol IDs, leading to a out-of-
bounds read vulnerability. A remote attacker could possibly use this to
cause a denial of service (system crash). (CVE-2023-38430)
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate packet header sizes in certain situations,
leading to an out-of-bounds read vulnerability. A remote attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information. (CVE-2023-38431)
It was discovered that the KSMBD implementation in the Linux kernel did not
properly handle session setup requests, leading to an out-of-bounds read
vulnerability. A remote attacker could use this to expose sensitive
information. (CVE-2023-3867)
Pratyush Yadav discovered that the Xen network backend implementation in
the Linux kernel did not properly handle zero length data request, leading
to a null pointer dereference vulnerability. An attacker in a guest VM
could possibly use this to cause a denial of service (host domain crash).
(CVE-2023-46838)
It was discovered that the IPv6 implementation of the Linux kernel did not
properly manage route cache memory usage. A remote attacker could use this
to cause a denial of service (memory exhaustion). (CVE-2023-52340)
It was discovered that the device mapper driver in the Linux kernel did not
properly validate target size during certain memory allocations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-52429, CVE-2024-23851)
Yang Chaoming discovered that the KSMBD implementation in the Linux kernel
did not properly validate request buffer sizes, leading to an out-of-bounds
read vulnerability. An attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2024-22705)
Chenyuan Yang discovered that the btrfs file system in the Linux kernel did
not properly handle read operations on newly created subvolumes in certain
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-23850)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 22.04 | noarch | linux-image-5.15.0-1057-aws | < 5.15.0-1057.63 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-image-5.15.0-1057-aws-dbgsym | < 5.15.0-1057.63 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-image-aws-lts-22.04 | < 5.15.0.1057.58 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-aws-lts-22.04 | < 5.15.0.1057.58 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-headers-aws-lts-22.04 | < 5.15.0.1057.58 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-modules-extra-aws-lts-22.04 | < 5.15.0.1057.58 | UNKNOWN |
Ubuntu | 22.04 | noarch | linux-tools-aws-lts-22.04 | < 5.15.0.1057.58 | UNKNOWN |
Ubuntu | 20.04 | noarch | linux-image-5.15.0-1057-aws | < 5.15.0-1057.63~20.04.1 | UNKNOWN |
Ubuntu | 20.04 | noarch | linux-image-5.15.0-1057-aws-dbgsym | < 5.15.0-1057.63~20.04.1 | UNKNOWN |
Ubuntu | 20.04 | noarch | linux-image-aws | < 5.15.0.1057.63~20.04.1 | UNKNOWN |
ubuntu.com/security/CVE-2023-1194
ubuntu.com/security/CVE-2023-32254
ubuntu.com/security/CVE-2023-32258
ubuntu.com/security/CVE-2023-38427
ubuntu.com/security/CVE-2023-38430
ubuntu.com/security/CVE-2023-38431
ubuntu.com/security/CVE-2023-3867
ubuntu.com/security/CVE-2023-46838
ubuntu.com/security/CVE-2023-52340
ubuntu.com/security/CVE-2023-52429
ubuntu.com/security/CVE-2023-52436
ubuntu.com/security/CVE-2023-52438
ubuntu.com/security/CVE-2023-52439
ubuntu.com/security/CVE-2023-52441
ubuntu.com/security/CVE-2023-52442
ubuntu.com/security/CVE-2023-52443
ubuntu.com/security/CVE-2023-52444
ubuntu.com/security/CVE-2023-52445
ubuntu.com/security/CVE-2023-52448
ubuntu.com/security/CVE-2023-52449
ubuntu.com/security/CVE-2023-52451
ubuntu.com/security/CVE-2023-52454
ubuntu.com/security/CVE-2023-52456
ubuntu.com/security/CVE-2023-52457
ubuntu.com/security/CVE-2023-52458
ubuntu.com/security/CVE-2023-52462
ubuntu.com/security/CVE-2023-52463
ubuntu.com/security/CVE-2023-52464
ubuntu.com/security/CVE-2023-52467
ubuntu.com/security/CVE-2023-52469
ubuntu.com/security/CVE-2023-52470
ubuntu.com/security/CVE-2023-52480
ubuntu.com/security/CVE-2023-52609
ubuntu.com/security/CVE-2023-52610
ubuntu.com/security/CVE-2023-52612
ubuntu.com/security/CVE-2024-22705
ubuntu.com/security/CVE-2024-23850
ubuntu.com/security/CVE-2024-23851
ubuntu.com/security/CVE-2024-24860
ubuntu.com/security/CVE-2024-26586
ubuntu.com/security/CVE-2024-26589
ubuntu.com/security/CVE-2024-26591
ubuntu.com/security/CVE-2024-26597
ubuntu.com/security/CVE-2024-26598
ubuntu.com/security/CVE-2024-26631
ubuntu.com/security/CVE-2024-26633
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.7%