Ubuntu update for linux-azure

Published: 2023-09-06

Risk	Low
Patch available	YES
Number of vulnerabilities	9
CVE-ID	CVE-2023-2002 CVE-2023-21255 CVE-2023-2163 CVE-2023-2269 CVE-2023-31084 CVE-2023-3268 CVE-2023-35823 CVE-2023-35824 CVE-2023-35828
CWE-ID	CWE-264 CWE-416 CWE-787 CWE-667 CWE-833 CWE-125 CWE-362
Exploitation vector	Local
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software Subscribe	Ubuntu Operating systems & Components / Operating system linux-image-azure-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1115-azure (Ubuntu package) Operating systems & Components / Operating system package or component
Vendor	Canonical Ltd.

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU75163

Risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-2002

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permissions check in the Bluetooth subsystem when handling ioctl system calls of HCI sockets. A local user can acquire a trusted socket, leading to unauthorized execution of management commands.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1115.108

linux-image-5.4.0-1115-azure (Ubuntu package): before 5.4.0-1115.122

CPE2.3

cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

External links

http://ubuntu.com/security/notices/USN-6349-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Use-after-free

EUVDB-ID: #VU77990

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-21255

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the binder_transaction_buffer_release() function in Binder subsystem in Android kernel. A local application can trigger a use-after-fee error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1115.108

linux-image-5.4.0-1115-azure (Ubuntu package): before 5.4.0-1115.122

CPE2.3

cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

External links

http://ubuntu.com/security/notices/USN-6349-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU79673

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2163

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in BPF verifier caused by improper marking of registers for precision tracking in certain situations. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1115.108

linux-image-5.4.0-1115-azure (Ubuntu package): before 5.4.0-1115.122

CPE2.3

cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

External links

http://ubuntu.com/security/notices/USN-6349-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU77243

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2269

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack (DoS).

The vulnerability exists due to double-locking error in table_clear in drivers/md/dm-ioctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1115.108

linux-image-5.4.0-1115-azure (Ubuntu package): before 5.4.0-1115.122

CPE2.3

cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

External links

http://ubuntu.com/security/notices/USN-6349-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Deadlock

EUVDB-ID: #VU77246

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-31084

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a deadlock in drivers/media/dvb-core/dvb_frontend.c when a task is in !TASK_RUNNING. A local user can trigger a deadlock and crash the kernel.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1115.108

linux-image-5.4.0-1115-azure (Ubuntu package): before 5.4.0-1115.122

CPE2.3

cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

External links

http://ubuntu.com/security/notices/USN-6349-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU78008

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3268

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the relay_file_read_start_pos() function in kernel/relay.c in the relayfs. A local user can trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1115.108

linux-image-5.4.0-1115-azure (Ubuntu package): before 5.4.0-1115.122

CPE2.3

cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

External links

http://ubuntu.com/security/notices/USN-6349-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Race condition

EUVDB-ID: #VU77957

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-35823

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the saa7134_finidev() function in drivers/media/pci/saa7134/saa7134-core.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1115.108

linux-image-5.4.0-1115-azure (Ubuntu package): before 5.4.0-1115.122

CPE2.3

cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

External links

http://ubuntu.com/security/notices/USN-6349-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU78062

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-35824

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dm1105_remove() function in drivers/media/pci/dm1105/dm1105.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1115.108

linux-image-5.4.0-1115-azure (Ubuntu package): before 5.4.0-1115.122

CPE2.3

cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

External links

http://ubuntu.com/security/notices/USN-6349-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Race condition

EUVDB-ID: #VU77958

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-35828

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the renesas_usb3_remove() function in drivers/usb/gadget/udc/renesas_usb3.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Update the affected package linux-azure to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1115.108

linux-image-5.4.0-1115-azure (Ubuntu package): before 5.4.0-1115.122

CPE2.3

cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

External links

http://ubuntu.com/security/notices/USN-6349-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.