Ubuntu update for linux-intel-iotg
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2022-4129 CVE-2022-47929 CVE-2022-4842 CVE-2023-0386 CVE-2023-0394 CVE-2023-1073 CVE-2023-1074 CVE-2023-1281 CVE-2023-1652 CVE-2023-26545 |
| CWE-ID | CWE-476 CWE-264 CWE-119 CWE-401 CWE-416 CWE-415 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-intel-iotg (Ubuntu package) Other linux-image-5.15.0-1028-intel-iotg (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU70486
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-4129
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
Update the affected package linux-intel-iotg to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27
linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-5.15.0-1028-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6057-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU71479
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-47929
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the traffic control subsystem in Linux kernel. A local user can pass pass a specially crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-intel-iotg to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27
linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33
CPE2.3- cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-5.15.0-1028-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6057-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU72467
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-4842
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the attr_punch_hole() () function in Linux kernel NTFS3 driver. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-intel-iotg to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27
linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33
CPE2.3- cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-5.15.0-1028-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6057-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU74410
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2023-0386
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unauthorized access to execution of setuid files in OverlayFS subsystem when copying a capable file from a nosuid mount into another mount. A local user can execute arbitrary code with root privileges.
Update the affected package linux-intel-iotg to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27
linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33
CPE2.3- cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-5.15.0-1028-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6057-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
5) NULL pointer dereference
EUVDB-ID: #VU71352
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-0394
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-intel-iotg to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27
linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33
CPE2.3- cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-5.15.0-1028-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6057-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU74123
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1073
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to a boundary error in the Linux kernel human interface device (HID) subsystem. An attacker with physical access to the system can insert in a specific way malicious USB device, trigger memory corruption and execute arbitrary code.
MitigationUpdate the affected package linux-intel-iotg to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27
linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33
CPE2.3- cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-5.15.0-1028-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6057-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU74124
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1074
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in Linux kernel Stream Control Transmission Protocol. A local user can start a malicious network service and then connect to remotely, forcing the kernel to leak memory.
Update the affected package linux-intel-iotg to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27
linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33
CPE2.3- cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-5.15.0-1028-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6057-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU74122
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1281
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Linux kernel traffic control index filter (tcindex) when the tcf_exts_exec() function is called with the destroyed tcf_ext. A local user attacker can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package linux-intel-iotg to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27
linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33
CPE2.3- cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-5.15.0-1028-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6057-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU74770
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1652
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfsd4_ssc_setup_dul() function in fs/nfsd/nfs4proc.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Mitigation
Update the affected package linux-intel-iotg to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27
linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33
CPE2.3- cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-5.15.0-1028-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6057-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Double Free
EUVDB-ID: #VU73766
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-26545
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a double free in net/mpls/af_mpls.c during the renaming of a device. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
Update the affected package linux-intel-iotg to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-intel-iotg (Ubuntu package): before 5.15.0.1028.27
linux-image-5.15.0-1028-intel-iotg (Ubuntu package): before 5.15.0-1028.33
CPE2.3- cpe:2.3::canonical:linux-image-intel-iotg_ubuntu_package:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-5.15.0-1028-intel-iotg_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6057-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
