Ubuntu update for linux-oem-6.1

1) Resource exhaustion

EUVDB-ID: #VU77953

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-1206

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.

Mitigation

Update the affected package linux-oem-6.1 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04c (Ubuntu package): before 6.1.0.1021.21

linux-image-6.1.0-1021-oem (Ubuntu package): before 6.1.0-1021.21

CPE2.3

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6.1.0-1021-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6343-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU79260

Risk: Medium

CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]

CVE-ID: CVE-2023-34319

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in netback when processing certain packets. A malicious guest can send specially crafted packets to the backend, trigger memory corruption and crash the hypervisor.

Mitigation

Update the affected package linux-oem-6.1 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04c (Ubuntu package): before 6.1.0.1021.21

linux-image-6.1.0-1021-oem (Ubuntu package): before 6.1.0-1021.21

CPE2.3

• cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6.1.0-1021-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6343-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU79714

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-40283

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.1 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04c (Ubuntu package): before 6.1.0.1021.21

linux-image-6.1.0-1021-oem (Ubuntu package): before 6.1.0-1021.21

CPE2.3

• cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6.1.0-1021-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6343-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU79486

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4128

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.1 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04c (Ubuntu package): before 6.1.0.1021.21

linux-image-6.1.0-1021-oem (Ubuntu package): before 6.1.0-1021.21

CPE2.3

• cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6.1.0-1021-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6343-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Race condition

EUVDB-ID: #VU79488

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4155

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in KVM AMD Secure Encrypted Virtualization (SEV) in Linux kernel. A local user can exploit the race and escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.1 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04c (Ubuntu package): before 6.1.0.1021.21

linux-image-6.1.0-1021-oem (Ubuntu package): before 6.1.0-1021.21

CPE2.3

• cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6.1.0-1021-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6343-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Type Confusion

EUVDB-ID: #VU79485

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4194

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a type confusion error in TUN/TAP functionality. A local user can bypass network filters and gain unauthorized access to some resources.

The vulnerability exists due to incomplete fix for #VU72742 (CVE-2023-1076).

Mitigation

Update the affected package linux-oem-6.1 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04c (Ubuntu package): before 6.1.0.1021.21

linux-image-6.1.0-1021-oem (Ubuntu package): before 6.1.0-1021.21

CPE2.3

• cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6.1.0-1021-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6343-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Stack-based buffer overflow

EUVDB-ID: #VU79487

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4273

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the implementation of the file name reconstruction function in the exFAT driver in Linux kernel. A local user can trigger a stack overflow and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.1 to the latest version.

Vulnerable software versions

Ubuntu: 22.04

linux-image-oem-22.04c (Ubuntu package): before 6.1.0.1021.21

linux-image-6.1.0-1021-oem (Ubuntu package): before 6.1.0-1021.21

CPE2.3

• cpe:2.3:o:canonical:linux-image-oem-22.04c_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-6.1.0-1021-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6343-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.