Ubuntu update for linux-intel-iotg-5.15



| Updated: 2024-09-26
Risk Medium
Patch available YES
Number of vulnerabilities 24
CVE-ID CVE-2022-27672
CVE-2022-3707
CVE-2022-4129
CVE-2022-47929
CVE-2022-4842
CVE-2023-0386
CVE-2023-0394
CVE-2023-0458
CVE-2023-0459
CVE-2023-1073
CVE-2023-1074
CVE-2023-1075
CVE-2023-1078
CVE-2023-1118
CVE-2023-1281
CVE-2023-1513
CVE-2023-1652
CVE-2023-1829
CVE-2023-1872
CVE-2023-20938
CVE-2023-21102
CVE-2023-2162
CVE-2023-26545
CVE-2023-32269
CWE-ID CWE-1342
CWE-415
CWE-476
CWE-264
CWE-1037
CWE-119
CWE-401
CWE-843
CWE-787
CWE-416
CWE-665
CWE-254
Exploitation vector Local
Public exploit Public exploit code for vulnerability #6 is available.
Public exploit code for vulnerability #18 is available.
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

linux-image-5.15.0-1030-intel-iotg (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-intel (Ubuntu package)
Other

linux-image-intel-iotg (Ubuntu package)
Other
Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 24 vulnerabilities.

1) Cross-thread return address predictions

EUVDB-ID: #VU72470

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-27672

CWE-ID: CWE-1342 - Information Exposure through Microarchitectural State after Transient Execution

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to certain AMD processors may speculatively execute instructions at an incorrect return site after an SMT mode switch that may potentially lead to information disclosure.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Double Free

EUVDB-ID: #VU70487

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-3707

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the intel_gvt_dma_map_guest_page() function in Intel GVT-g graphics driver. A local user can trigger a double free error and crash the kernel.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU70486

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-4129

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU71479

Risk: Medium

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-47929

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the traffic control subsystem in Linux kernel. A local user can pass pass a specially crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU72467

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-4842

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the attr_punch_hole() () function in Linux kernel NTFS3 driver. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU74410

Risk: Low

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]

CVE-ID: CVE-2023-0386

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to unauthorized access to execution of setuid files in OverlayFS subsystem when copying a capable file from a nosuid mount into another mount. A local user can execute arbitrary code with root privileges.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

7) NULL pointer dereference

EUVDB-ID: #VU71352

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-0394

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU76223

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-0458

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the do_prlimit() function. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU76222

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-0459

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper implementation of speculative execution barriers in usercopy functions
in certain situations. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU74123

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-1073

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to a boundary error in the Linux kernel human interface device (HID) subsystem. An attacker with physical access to the system can insert in a specific way malicious USB device, trigger memory corruption and execute arbitrary code.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory leak

EUVDB-ID: #VU74124

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-1074

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in Linux kernel Stream Control Transmission Protocol. A local user can start a malicious network service and then connect to remotely, forcing the kernel to leak memory.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Type Confusion

EUVDB-ID: #VU72700

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-1075

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the tls_is_tx_ready() function in the net/tls stack of the Linux Kernel. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds write

EUVDB-ID: #VU74054

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-1078

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the rds_rm_zerocopy_callback() function in Linux kernel RDS (Reliable Datagram Sockets) protocol. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU72734

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-1118

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel integrated infrared receiver/transceiver driver "drivers/media/rc/ene_ir.c" when detaching rc device. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU74122

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-1281

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Linux kernel traffic control index filter (tcindex) when the tcf_exts_exec() function is called with the destroyed tcf_ext. A local user attacker can trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper Initialization

EUVDB-ID: #VU74630

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-1513

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper initialization when calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems. A local user can run a specially crafted application to gain access to sensitive information.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU74770

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-1652

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfsd4_ssc_setup_dul() function in fs/nfsd/nfs4proc.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use-after-free

EUVDB-ID: #VU75448

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2023-1829

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcindex_delete() function. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

19) Use-after-free

EUVDB-ID: #VU75529

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-1872

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the io_file_get_fixed function. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer overflow

EUVDB-ID: #VU72032

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-20938

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Binder component in kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Security features bypass

EUVDB-ID: #VU76224

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-21102

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists die to a logic error within the __efi_rt_asm_wrapper() function in efi-rt-wrapper.S. A local application can bypass the shadow stack protection and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU75994

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-2162

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error within the scsi_sw_tcp_session_create() function in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. A local user can trigger a use-after-free error and gain access to sensitive information.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Double Free

EUVDB-ID: #VU73766

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-26545

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a double free in net/mpls/af_mpls.c during the renaming of a device. A local user can trigger a double free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU76221

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-32269

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in net/netrom/af_netrom.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability requires that the system has netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.

Mitigation

Update the affected package linux-intel-iotg-5.15 to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-5.15.0-1030-intel-iotg (Ubuntu package): before 5.15.0-1030.35~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1030.35~20.04.22

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1030.35~20.04.22

CPE2.3 External links

https://ubuntu.com/security/notices/USN-6134-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###