SB2023060201 - Ubuntu update for linux-intel-iotg-5.15
Published: June 2, 2023 Updated: August 22, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 24 secuirty vulnerabilities.
1) Cross-thread return address predictions (CVE-ID: CVE-2022-27672)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosure.
2) Double Free (CVE-ID: CVE-2022-3707)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the intel_gvt_dma_map_guest_page() function in Intel GVT-g graphics driver. A local user can trigger a double free error and crash the kernel.
3) NULL pointer dereference (CVE-ID: CVE-2022-4129)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
4) NULL pointer dereference (CVE-ID: CVE-2022-47929)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the traffic control subsystem in Linux kernel. A local user can pass pass a specially crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands and perform a denial of service (DoS) attack.
5) NULL pointer dereference (CVE-ID: CVE-2022-4842)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the attr_punch_hole() () function in Linux kernel NTFS3 driver. A local user can perform a denial of service (DoS) attack.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-0386)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unauthorized access to execution of setuid files in OverlayFS subsystem when copying a capable file from a nosuid mount into another mount. A local user can execute arbitrary code with root privileges.
7) NULL pointer dereference (CVE-ID: CVE-2023-0394)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.
8) NULL pointer dereference (CVE-ID: CVE-2023-0458)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the do_prlimit() function. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
9) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2023-0459)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper implementation of speculative execution barriers in usercopy functions
in certain situations. A local user can gain access to sensitive information.
10) Buffer overflow (CVE-ID: CVE-2023-1073)
The vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to a boundary error in the Linux kernel human interface device (HID) subsystem. An attacker with physical access to the system can insert in a specific way malicious USB device, trigger memory corruption and execute arbitrary code.
11) Memory leak (CVE-ID: CVE-2023-1074)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in Linux kernel Stream Control Transmission Protocol. A local user can start a malicious network service and then connect to remotely, forcing the kernel to leak memory.
12) Type Confusion (CVE-ID: CVE-2023-1075)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error within the tls_is_tx_ready() function in the net/tls stack of the Linux Kernel. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.
13) Out-of-bounds write (CVE-ID: CVE-2023-1078)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the rds_rm_zerocopy_callback() function in Linux kernel RDS (Reliable Datagram Sockets) protocol. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
14) Use-after-free (CVE-ID: CVE-2023-1118)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel integrated infrared receiver/transceiver driver "drivers/media/rc/ene_ir.c" when detaching rc device. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
15) Use-after-free (CVE-ID: CVE-2023-1281)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Linux kernel traffic control index filter (tcindex) when the tcf_exts_exec() function is called with the destroyed tcf_ext. A local user attacker can trigger a use-after-free error and execute arbitrary code with elevated privileges.
16) Improper Initialization (CVE-ID: CVE-2023-1513)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper initialization when calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems. A local user can run a specially crafted application to gain access to sensitive information.
17) Use-after-free (CVE-ID: CVE-2023-1652)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfsd4_ssc_setup_dul() function in fs/nfsd/nfs4proc.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
18) Use-after-free (CVE-ID: CVE-2023-1829)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcindex_delete() function. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
19) Use-after-free (CVE-ID: CVE-2023-1872)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the io_file_get_fixed function. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
20) Buffer overflow (CVE-ID: CVE-2023-20938)
The vulnerability allows a local application to escalate privileges on the system.
21) Security features bypass (CVE-ID: CVE-2023-21102)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists die to a logic error within the __efi_rt_asm_wrapper() function in efi-rt-wrapper.S. A local application can bypass the shadow stack protection and execute arbitrary code with elevated privileges.
22) Use-after-free (CVE-ID: CVE-2023-2162)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error within the scsi_sw_tcp_session_create() function in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. A local user can trigger a use-after-free error and gain access to sensitive information.
23) Double Free (CVE-ID: CVE-2023-26545)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a double free in net/mpls/af_mpls.c during the renaming of a device. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
24) Use-after-free (CVE-ID: CVE-2023-32269)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in net/netrom/af_netrom.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability requires that the system has netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.
Remediation
Install update from vendor's website.