Ubuntu update for linux-gcp



Risk Medium
Patch available YES
Number of vulnerabilities 25
CVE-ID CVE-2022-27672
CVE-2022-36280
CVE-2022-3707
CVE-2022-4129
CVE-2022-4842
CVE-2022-48423
CVE-2022-48424
CVE-2023-0210
CVE-2023-0394
CVE-2023-0458
CVE-2023-0459
CVE-2023-1073
CVE-2023-1074
CVE-2023-1075
CVE-2023-1078
CVE-2023-1118
CVE-2023-1513
CVE-2023-1652
CVE-2023-21102
CVE-2023-21106
CVE-2023-2162
CVE-2023-23454
CVE-2023-23455
CVE-2023-26544
CVE-2023-32269
CWE-ID CWE-1342
CWE-787
CWE-415
CWE-476
CWE-119
CWE-122
CWE-1037
CWE-401
CWE-843
CWE-416
CWE-665
CWE-254
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

linux-image-5.19.0-42-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.19.0-42-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae-hwe-22.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.19.0-42-generic-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-hwe-22.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-64k-hwe-22.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual-hwe-22.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.19.0-1024-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 25 vulnerabilities.

1) Cross-thread return address predictions

EUVDB-ID: #VU72470

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-27672

CWE-ID: CWE-1342 - Information Exposure through Microarchitectural State after Transient Execution

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosure.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU71480

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-36280

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Double Free

EUVDB-ID: #VU70487

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3707

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the intel_gvt_dma_map_guest_page() function in Intel GVT-g graphics driver. A local user can trigger a double free error and crash the kernel.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU70486

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4129

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU72467

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4842

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the attr_punch_hole() () function in Linux kernel NTFS3 driver. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU74154

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48423

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within fs/ntfs3/record.c in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU74155

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48424

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within fs/ntfs3/inode.c in Linux kernel. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Heap-based buffer overflow

EUVDB-ID: #VU71095

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0210

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the ksmbd_decode_ntlmssp_auth_blob() function in ksmbd when handling NTLMv2 authentication. A remote attacker can send specially crafted data to ksmbd, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU71352

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0394

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU76223

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0458

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the do_prlimit() function. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU76222

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0459

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper implementation of speculative execution barriers in usercopy functions
in certain situations. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU74123

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1073

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to a boundary error in the Linux kernel human interface device (HID) subsystem. An attacker with physical access to the system can insert in a specific way malicious USB device, trigger memory corruption and execute arbitrary code.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Memory leak

EUVDB-ID: #VU74124

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1074

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in Linux kernel Stream Control Transmission Protocol. A local user can start a malicious network service and then connect to remotely, forcing the kernel to leak memory.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Type Confusion

EUVDB-ID: #VU72700

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1075

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the tls_is_tx_ready() function in the net/tls stack of the Linux Kernel. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds write

EUVDB-ID: #VU74054

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1078

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the rds_rm_zerocopy_callback() function in Linux kernel RDS (Reliable Datagram Sockets) protocol. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU72734

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1118

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel integrated infrared receiver/transceiver driver "drivers/media/rc/ene_ir.c" when detaching rc device. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper Initialization

EUVDB-ID: #VU74630

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1513

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper initialization when calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems. A local user can run a specially crafted application to gain access to sensitive information.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU74770

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1652

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfsd4_ssc_setup_dul() function in fs/nfsd/nfs4proc.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Security features bypass

EUVDB-ID: #VU76224

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21102

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists die to a logic error within the __efi_rt_asm_wrapper() function in efi-rt-wrapper.S. A local application can bypass the shadow stack protection and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Double Free

EUVDB-ID: #VU76225

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21106

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the adreno_set_param() function in adreno_gpu.c. A local application can trigger a double free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU75994

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2162

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error within the scsi_sw_tcp_session_create() function in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. A local user can trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Type Confusion

EUVDB-ID: #VU71478

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23454

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error within the cbq_classify() function in net/sched/sch_cbq.c in the Linux kernel. A local user can trigger a type confusion error and crash the kernel.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Type Confusion

EUVDB-ID: #VU71477

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23455

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error within the atm_tc_enqueue() function in net/sched/sch_atm.c in the Linux kernel. A local user can trigger a type confusion error and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU76228

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-26544

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the run_unpack() function in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU76221

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32269

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in net/netrom/af_netrom.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability requires that the system has netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.

Mitigation

Update the affected package linux-gcp to the latest version.

Vulnerable software versions

Ubuntu: 22.04 - 22.10

linux-image-5.19.0-42-generic-lpae (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-5.19.0-42-generic (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-lpae-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-42-generic-64k (Ubuntu package): before 5.19.0-42.43~22.04.1

linux-image-generic-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-virtual-hwe-22.04 (Ubuntu package): before 5.19.0.42.43~22.04.15

linux-image-5.19.0-1024-gcp (Ubuntu package): before 5.19.0-1024.26

linux-image-gcp (Ubuntu package): before 5.19.0.1024.20

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6096-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###