Ubuntu update for linux-gcp
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2023-21255 CVE-2023-2898 CVE-2023-31084 CVE-2023-32247 CVE-2023-32250 CVE-2023-32252 CVE-2023-32257 CVE-2023-32258 CVE-2023-38426 CVE-2023-38428 CVE-2023-38429 |
| CWE-ID | CWE-416 CWE-476 CWE-833 CWE-400 CWE-362 CWE-125 CWE-193 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-starfive (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-ibm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.2.0-1013-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.2.0-1011-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.2.0-1009-ibm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.2.0-1004-starfive (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU77990
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21255
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The
vulnerability exists due to insufficient validation of user-supplied
input within the binder_transaction_buffer_release() function in Binder subsystem in Android kernel. A local application
can trigger a use-after-fee error and execute arbitrary code with elevated privileges.
Update the affected package linux-gcp to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.04
linux-image-starfive (Ubuntu package): before 6.2.0.1004.7
linux-image-oracle (Ubuntu package): before 6.2.0.1011.11
linux-image-ibm (Ubuntu package): before 6.2.0.1009.9
linux-image-gcp (Ubuntu package): before 6.2.0.1013.13~22.04.1
linux-image-6.2.0-1013-gcp (Ubuntu package): before 6.2.0-1013.13~22.04.1
linux-image-6.2.0-1011-oracle (Ubuntu package): before 6.2.0-1011.11
linux-image-6.2.0-1009-ibm (Ubuntu package): before 6.2.0-1009.9
linux-image-6.2.0-1004-starfive (Ubuntu package): before 6.2.0-1004.5
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:23.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1011-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1009-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1004-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6338-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU79476
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2898
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the f2fs_write_end_io() function in fs/f2fs/data.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.04
linux-image-starfive (Ubuntu package): before 6.2.0.1004.7
linux-image-oracle (Ubuntu package): before 6.2.0.1011.11
linux-image-ibm (Ubuntu package): before 6.2.0.1009.9
linux-image-gcp (Ubuntu package): before 6.2.0.1013.13~22.04.1
linux-image-6.2.0-1013-gcp (Ubuntu package): before 6.2.0-1013.13~22.04.1
linux-image-6.2.0-1011-oracle (Ubuntu package): before 6.2.0-1011.11
linux-image-6.2.0-1009-ibm (Ubuntu package): before 6.2.0-1009.9
linux-image-6.2.0-1004-starfive (Ubuntu package): before 6.2.0-1004.5
CPE2.3- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1011-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1009-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1004-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6338-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Deadlock
EUVDB-ID: #VU77246
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-31084
CWE-ID:
CWE-833 - Deadlock
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a deadlock in drivers/media/dvb-core/dvb_frontend.c when a task is in !TASK_RUNNING. A local user can trigger a deadlock and crash the kernel.
Update the affected package linux-gcp to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.04
linux-image-starfive (Ubuntu package): before 6.2.0.1004.7
linux-image-oracle (Ubuntu package): before 6.2.0.1011.11
linux-image-ibm (Ubuntu package): before 6.2.0.1009.9
linux-image-gcp (Ubuntu package): before 6.2.0.1013.13~22.04.1
linux-image-6.2.0-1013-gcp (Ubuntu package): before 6.2.0-1013.13~22.04.1
linux-image-6.2.0-1011-oracle (Ubuntu package): before 6.2.0-1011.11
linux-image-6.2.0-1009-ibm (Ubuntu package): before 6.2.0-1009.9
linux-image-6.2.0-1004-starfive (Ubuntu package): before 6.2.0-1004.5
CPE2.3- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1011-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1009-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1004-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6338-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource exhaustion
EUVDB-ID: #VU80481
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32247
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to ksmbd does not properly control consumption of internal resources when handling SMB2_SESSION_SETUP commands. A remote attacker can send specially crafted data to the server during session setup, trigger memory exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.04
linux-image-starfive (Ubuntu package): before 6.2.0.1004.7
linux-image-oracle (Ubuntu package): before 6.2.0.1011.11
linux-image-ibm (Ubuntu package): before 6.2.0.1009.9
linux-image-gcp (Ubuntu package): before 6.2.0.1013.13~22.04.1
linux-image-6.2.0-1013-gcp (Ubuntu package): before 6.2.0-1013.13~22.04.1
linux-image-6.2.0-1011-oracle (Ubuntu package): before 6.2.0-1011.11
linux-image-6.2.0-1009-ibm (Ubuntu package): before 6.2.0-1009.9
linux-image-6.2.0-1004-starfive (Ubuntu package): before 6.2.0-1004.5
CPE2.3- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1011-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1009-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1004-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6338-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Race condition
EUVDB-ID: #VU77497
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-32250
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition within the fs/ksmbd/connection.c in ksmbd in Linux kernel when processing SMB2_SESSION_SETUP commands. A remote attacker can exploit the race by sending concurrent session setup and logoff request and execute arbitrary code on the system.
Update the affected package linux-gcp to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.04
linux-image-starfive (Ubuntu package): before 6.2.0.1004.7
linux-image-oracle (Ubuntu package): before 6.2.0.1011.11
linux-image-ibm (Ubuntu package): before 6.2.0.1009.9
linux-image-gcp (Ubuntu package): before 6.2.0.1013.13~22.04.1
linux-image-6.2.0-1013-gcp (Ubuntu package): before 6.2.0-1013.13~22.04.1
linux-image-6.2.0-1011-oracle (Ubuntu package): before 6.2.0-1011.11
linux-image-6.2.0-1009-ibm (Ubuntu package): before 6.2.0-1009.9
linux-image-6.2.0-1004-starfive (Ubuntu package): before 6.2.0-1004.5
CPE2.3- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1011-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1009-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1004-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6338-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU80492
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-32252
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when handling SMB2_LOGOFF commands in ksmbd. A remote attacker can send specially crafted data to the server and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.04
linux-image-starfive (Ubuntu package): before 6.2.0.1004.7
linux-image-oracle (Ubuntu package): before 6.2.0.1011.11
linux-image-ibm (Ubuntu package): before 6.2.0.1009.9
linux-image-gcp (Ubuntu package): before 6.2.0.1013.13~22.04.1
linux-image-6.2.0-1013-gcp (Ubuntu package): before 6.2.0-1013.13~22.04.1
linux-image-6.2.0-1011-oracle (Ubuntu package): before 6.2.0-1011.11
linux-image-6.2.0-1009-ibm (Ubuntu package): before 6.2.0-1009.9
linux-image-6.2.0-1004-starfive (Ubuntu package): before 6.2.0-1004.5
CPE2.3- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1011-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1009-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1004-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6338-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Race condition
EUVDB-ID: #VU80494
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-32257
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition when handling SMB2_SESSION_SETUP and SMB2_LOGOFF commands. A remote attacker can send specially crafted data to the affected server, trigger a race condition and execute arbitrary code on the system.
MitigationUpdate the affected package linux-gcp to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.04
linux-image-starfive (Ubuntu package): before 6.2.0.1004.7
linux-image-oracle (Ubuntu package): before 6.2.0.1011.11
linux-image-ibm (Ubuntu package): before 6.2.0.1009.9
linux-image-gcp (Ubuntu package): before 6.2.0.1013.13~22.04.1
linux-image-6.2.0-1013-gcp (Ubuntu package): before 6.2.0-1013.13~22.04.1
linux-image-6.2.0-1011-oracle (Ubuntu package): before 6.2.0-1011.11
linux-image-6.2.0-1009-ibm (Ubuntu package): before 6.2.0-1009.9
linux-image-6.2.0-1004-starfive (Ubuntu package): before 6.2.0-1004.5
CPE2.3- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1011-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1009-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1004-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6338-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Race condition
EUVDB-ID: #VU80501
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-32258
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition when processing SMB2_LOGOFF and SMB2_CLOSE commands in ksmbd. A remote attacker can send specially crafted data to the server and execute arbitrary code on the system.
Update the affected package linux-gcp to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.04
linux-image-starfive (Ubuntu package): before 6.2.0.1004.7
linux-image-oracle (Ubuntu package): before 6.2.0.1011.11
linux-image-ibm (Ubuntu package): before 6.2.0.1009.9
linux-image-gcp (Ubuntu package): before 6.2.0.1013.13~22.04.1
linux-image-6.2.0-1013-gcp (Ubuntu package): before 6.2.0-1013.13~22.04.1
linux-image-6.2.0-1011-oracle (Ubuntu package): before 6.2.0-1011.11
linux-image-6.2.0-1009-ibm (Ubuntu package): before 6.2.0-1009.9
linux-image-6.2.0-1004-starfive (Ubuntu package): before 6.2.0-1004.5
CPE2.3- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1011-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1009-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1004-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6338-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU80499
Risk: Medium
CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-38426
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the smb2_find_context_vals() function. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.04
linux-image-starfive (Ubuntu package): before 6.2.0.1004.7
linux-image-oracle (Ubuntu package): before 6.2.0.1011.11
linux-image-ibm (Ubuntu package): before 6.2.0.1009.9
linux-image-gcp (Ubuntu package): before 6.2.0.1013.13~22.04.1
linux-image-6.2.0-1013-gcp (Ubuntu package): before 6.2.0-1013.13~22.04.1
linux-image-6.2.0-1011-oracle (Ubuntu package): before 6.2.0-1011.11
linux-image-6.2.0-1009-ibm (Ubuntu package): before 6.2.0-1009.9
linux-image-6.2.0-1004-starfive (Ubuntu package): before 6.2.0-1004.5
CPE2.3- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1011-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1009-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1004-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6338-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU80498
Risk: Medium
CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-38428
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in fs/ksmbd/smb2pdu.c. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-gcp to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.04
linux-image-starfive (Ubuntu package): before 6.2.0.1004.7
linux-image-oracle (Ubuntu package): before 6.2.0.1011.11
linux-image-ibm (Ubuntu package): before 6.2.0.1009.9
linux-image-gcp (Ubuntu package): before 6.2.0.1013.13~22.04.1
linux-image-6.2.0-1013-gcp (Ubuntu package): before 6.2.0-1013.13~22.04.1
linux-image-6.2.0-1011-oracle (Ubuntu package): before 6.2.0-1011.11
linux-image-6.2.0-1009-ibm (Ubuntu package): before 6.2.0-1009.9
linux-image-6.2.0-1004-starfive (Ubuntu package): before 6.2.0-1004.5
CPE2.3- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1011-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1009-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1004-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6338-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Off-by-one
EUVDB-ID: #VU80497
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-38429
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error within the ksmbd_smb2_check_message() function in fs/ksmbd/connection.c. A remote attacker can trigger an off-by-one error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package linux-gcp to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.04
linux-image-starfive (Ubuntu package): before 6.2.0.1004.7
linux-image-oracle (Ubuntu package): before 6.2.0.1011.11
linux-image-ibm (Ubuntu package): before 6.2.0.1009.9
linux-image-gcp (Ubuntu package): before 6.2.0.1013.13~22.04.1
linux-image-6.2.0-1013-gcp (Ubuntu package): before 6.2.0-1013.13~22.04.1
linux-image-6.2.0-1011-oracle (Ubuntu package): before 6.2.0-1011.11
linux-image-6.2.0-1009-ibm (Ubuntu package): before 6.2.0-1009.9
linux-image-6.2.0-1004-starfive (Ubuntu package): before 6.2.0-1004.5
CPE2.3- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1011-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1009-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.2.0-1004-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6338-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
