Lucene search

K
ubuntuUbuntuUSN-6777-4
HistoryMay 23, 2024 - 12:00 a.m.

Linux kernel (HWE) vulnerabilities

2024-05-2300:00:00
ubuntu.com
4
ubuntu 16.04
esm
linux kernel
hwe
broadcom
wlan
race condition
use-after-free
denial of service
block layer
userspace i/o
ceph
ext4
jfs
nilfs2
bluetooth
networking
ipv4
ipv6
logical link layer
mac80211
netlink
nfc
tomoyo
cve-2023-47233
cve-2023-52524
cve-2023-52530
cve-2023-52601
cve-2023-52439
cve-2024-26635
cve-2023-52602
cve-2024-26614
cve-2024-26704
cve-2023-52604
cve-2023-52566
cve-2021-46981
cve-2024-26622
cve-2024-26735
cve-2024-26805
cve-2024-26801
cve-2023-52583
amazon web services
aws-hwe

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

Releases

  • Ubuntu 16.04 ESM

Packages

  • linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems

Details

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

  • Block layer subsystem;
  • Userspace I/O drivers;
  • Ceph distributed file system;
  • Ext4 file system;
  • JFS file system;
  • NILFS2 file system;
  • Bluetooth subsystem;
  • Networking core;
  • IPv4 networking;
  • IPv6 networking;
  • Logical Link layer;
  • MAC80211 subsystem;
  • Netlink;
  • NFC subsystem;
  • Tomoyo security module;
    (CVE-2023-52524, CVE-2023-52530, CVE-2023-52601, CVE-2023-52439,
    CVE-2024-26635, CVE-2023-52602, CVE-2024-26614, CVE-2024-26704,
    CVE-2023-52604, CVE-2023-52566, CVE-2021-46981, CVE-2024-26622,
    CVE-2024-26735, CVE-2024-26805, CVE-2024-26801, CVE-2023-52583)

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%