CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
18.8%
Pratyush Yadav discovered that the Xen network backend implementation in
the Linux kernel did not properly handle zero length data request, leading
to a null pointer dereference vulnerability. An attacker in a guest VM
could possibly use this to cause a denial of service (host domain crash).
(CVE-2023-46838)
It was discovered that the IPv6 implementation of the Linux kernel did not
properly manage route cache memory usage. A remote attacker could use this
to cause a denial of service (memory exhaustion). (CVE-2023-52340)
It was discovered that the device mapper driver in the Linux kernel did not
properly validate target size during certain memory allocations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-52429, CVE-2024-23851)
Dan Carpenter discovered that the netfilter subsystem in the Linux kernel
did not store data in properly sized memory locations. A local user could
use this to cause a denial of service (system crash). (CVE-2024-0607)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 20.04 | noarch | linux-image-5.4.0-1034-iot | < 5.4.0-1034.35 | UNKNOWN |
Ubuntu | 20.04 | noarch | linux-image-5.4.0-1034-iot-dbgsym | < 5.4.0-1034.35 | UNKNOWN |
ubuntu.com/security/CVE-2023-46838
ubuntu.com/security/CVE-2023-52340
ubuntu.com/security/CVE-2023-52429
ubuntu.com/security/CVE-2023-52436
ubuntu.com/security/CVE-2023-52438
ubuntu.com/security/CVE-2023-52439
ubuntu.com/security/CVE-2023-52443
ubuntu.com/security/CVE-2023-52444
ubuntu.com/security/CVE-2023-52445
ubuntu.com/security/CVE-2023-52448
ubuntu.com/security/CVE-2023-52449
ubuntu.com/security/CVE-2023-52451
ubuntu.com/security/CVE-2023-52454
ubuntu.com/security/CVE-2023-52457
ubuntu.com/security/CVE-2023-52464
ubuntu.com/security/CVE-2023-52469
ubuntu.com/security/CVE-2023-52470
ubuntu.com/security/CVE-2023-52609
ubuntu.com/security/CVE-2023-52612
ubuntu.com/security/CVE-2024-0607
ubuntu.com/security/CVE-2024-23851
ubuntu.com/security/CVE-2024-26597
ubuntu.com/security/CVE-2024-26633