Lucene search

K
ubuntuUbuntuUSN-6775-2
HistoryMay 21, 2024 - 12:00 a.m.

Linux kernel vulnerabilities

2024-05-2100:00:00
ubuntu.com
9
linux
ubuntu
aws
gke
use-after-free
system compromise
cve-2023-47233
cve-2024-26622
cve-2023-52530
race condition
denial of service
mac80211
tomoyo security module

4.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Packages

  • linux-aws - Linux kernel for Amazon Web Services (AWS) systems
  • linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems
  • linux-gke - Linux kernel for Google Container Engine (GKE) systems

Details

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

  • MAC80211 subsystem;
  • Tomoyo security module;
    (CVE-2024-26622, CVE-2023-52530)

4.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%