Ubuntu update for linux-bluefield

1) Information exposure through microarchitectural state after transient execution

EUVDB-ID: #VU79262

Risk: Medium

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-40982

CWE-ID: CWE-1342 - Information Exposure through Microarchitectural State after Transient Execution

Exploit availability: No

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to the way data is shared between threads whereby the AVX GATHER instructions on Intel processors can forward the content of stale vector registers to dependent instructions. A malicious guest can infer data from different contexts on the same core and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-bluefield (Ubuntu package): before 5.4.0.1070.65

linux-image-5.4.0-1070-bluefield (Ubuntu package): before 5.4.0-1070.76

CPE2.3

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5.4.0-1070-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6397-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU75163

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2023-2002

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permissions check in the Bluetooth subsystem when handling ioctl system calls of HCI sockets. A local user can acquire a trusted socket, leading to unauthorized execution of management commands.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-bluefield (Ubuntu package): before 5.4.0.1070.65

linux-image-5.4.0-1070-bluefield (Ubuntu package): before 5.4.0-1070.76

CPE2.3

• cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5.4.0-1070-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6397-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Use-after-free

EUVDB-ID: #VU78572

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-20593

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in AMD Zen2 processors. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Note, the vulnerability was dubbed Zenbleed.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-bluefield (Ubuntu package): before 5.4.0.1070.65

linux-image-5.4.0-1070-bluefield (Ubuntu package): before 5.4.0-1070.76

CPE2.3

• cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5.4.0-1070-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6397-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU77990

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-21255

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the binder_transaction_buffer_release() function in Binder subsystem in Android kernel. A local application can trigger a use-after-fee error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-bluefield (Ubuntu package): before 5.4.0.1070.65

linux-image-5.4.0-1070-bluefield (Ubuntu package): before 5.4.0-1070.76

CPE2.3

• cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5.4.0-1070-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6397-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds write

EUVDB-ID: #VU79673

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-2163

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in BPF verifier caused by improper marking of registers for precision tracking in certain situations. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-bluefield (Ubuntu package): before 5.4.0.1070.65

linux-image-5.4.0-1070-bluefield (Ubuntu package): before 5.4.0-1070.76

CPE2.3

• cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5.4.0-1070-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6397-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper locking

EUVDB-ID: #VU77243

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-2269

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack (DoS).

The vulnerability exists due to double-locking error in table_clear in drivers/md/dm-ioctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-bluefield (Ubuntu package): before 5.4.0.1070.65

linux-image-5.4.0-1070-bluefield (Ubuntu package): before 5.4.0-1070.76

CPE2.3

• cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5.4.0-1070-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6397-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Deadlock

EUVDB-ID: #VU77246

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-31084

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a deadlock in drivers/media/dvb-core/dvb_frontend.c when a task is in !TASK_RUNNING. A local user can trigger a deadlock and crash the kernel.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-bluefield (Ubuntu package): before 5.4.0.1070.65

linux-image-5.4.0-1070-bluefield (Ubuntu package): before 5.4.0-1070.76

CPE2.3

• cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5.4.0-1070-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6397-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU78008

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3268

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the relay_file_read_start_pos() function in kernel/relay.c in the relayfs. A local user can trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-bluefield (Ubuntu package): before 5.4.0.1070.65

linux-image-5.4.0-1070-bluefield (Ubuntu package): before 5.4.0-1070.76

CPE2.3

• cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5.4.0-1070-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6397-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Race condition

EUVDB-ID: #VU77957

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-35823

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the saa7134_finidev() function in drivers/media/pci/saa7134/saa7134-core.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-bluefield (Ubuntu package): before 5.4.0.1070.65

linux-image-5.4.0-1070-bluefield (Ubuntu package): before 5.4.0-1070.76

CPE2.3

• cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5.4.0-1070-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6397-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU78062

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-35824

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dm1105_remove() function in drivers/media/pci/dm1105/dm1105.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-bluefield (Ubuntu package): before 5.4.0.1070.65

linux-image-5.4.0-1070-bluefield (Ubuntu package): before 5.4.0-1070.76

CPE2.3

• cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5.4.0-1070-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6397-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Race condition

EUVDB-ID: #VU77958

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-35828

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the renesas_usb3_remove() function in drivers/usb/gadget/udc/renesas_usb3.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-bluefield (Ubuntu package): before 5.4.0.1070.65

linux-image-5.4.0-1070-bluefield (Ubuntu package): before 5.4.0-1070.76

CPE2.3

• cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5.4.0-1070-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6397-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU78941

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3609

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: cls_u32 component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-bluefield (Ubuntu package): before 5.4.0.1070.65

linux-image-5.4.0-1070-bluefield (Ubuntu package): before 5.4.0-1070.76

CPE2.3

• cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5.4.0-1070-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6397-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds write

EUVDB-ID: #VU78943

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3611

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the qfq_change_agg() function in net/sched/sch_qfq.c within the Linux kernel net/sched: sch_qfq component. A local user trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-bluefield (Ubuntu package): before 5.4.0.1070.65

linux-image-5.4.0-1070-bluefield (Ubuntu package): before 5.4.0-1070.76

CPE2.3

• cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5.4.0-1070-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6397-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU79285

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-3776

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the Linux kernel's net/sched: cls_fw component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-bluefield to the latest version.

Vulnerable software versions

Ubuntu: 20.04

linux-image-bluefield (Ubuntu package): before 5.4.0.1070.65

linux-image-5.4.0-1070-bluefield (Ubuntu package): before 5.4.0-1070.76

CPE2.3

• cpe:2.3:o:canonical:linux-image-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*
• cpe:2.3:o:canonical:linux-image-5.4.0-1070-bluefield_ubuntu_package:*:*:*:*:*:ubuntu:*:*

External links

https://ubuntu.com/security/notices/USN-6397-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.