Ubuntu update for linux
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2023-34324 CVE-2023-35827 CVE-2023-46813 CVE-2023-46862 CVE-2023-5972 CVE-2023-6176 CVE-2023-6531 CVE-2023-6622 CVE-2024-0641 |
| CWE-ID | CWE-833 CWE-416 CWE-284 CWE-476 CWE-362 CWE-667 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-hwe-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-22.04d (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-hwe-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-64k-hwe-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.5.0-1014-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-starfive (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi-nolpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-laptop-23.10 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.5.0-17-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.5.0-17-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.5.0-17-generic-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.5.0-17-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.5.0-1015-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.5.0-1013-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.5.0-1013-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.5.0-1010-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.5.0-1009-laptop (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.5.0-1007-starfive (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Deadlock
EUVDB-ID: #VU81900
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-34324
CWE-ID:
CWE-833 - Deadlock
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper event handling in Linux kernel. A malicious guest can disable paravirtualized device to cause a deadlock in a backend domain (other than dom0).
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.10
linux-image-raspi (Ubuntu package): before 6.5.0.1010.11
linux-image-lowlatency-64k (Ubuntu package): before 6.5.0.17.17.14
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1014.16
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-6.5.0-1014-oem (Ubuntu package): before 6.5.0-1014.15
linux-image-virtual (Ubuntu package): before 6.5.0.17.19
linux-image-starfive (Ubuntu package): before 6.5.0.1007.9
linux-image-raspi-nolpae (Ubuntu package): before 6.5.0.1010.11
linux-image-oracle (Ubuntu package): before 6.5.0.1015.15
linux-image-lowlatency (Ubuntu package): before 6.5.0.17.17.14
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1009.12
linux-image-kvm (Ubuntu package): before 6.5.0.17.19
linux-image-generic-lpae (Ubuntu package): before 6.5.0.17.19
linux-image-generic-64k (Ubuntu package): before 6.5.0.17.19
linux-image-generic (Ubuntu package): before 6.5.0.17.19
linux-image-gcp (Ubuntu package): before 6.5.0.1013.13
linux-image-aws (Ubuntu package): before 6.5.0.1013.13
linux-image-6.5.0-17-lowlatency-64k (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-lowlatency (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-generic-64k (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-17-generic (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-1015-oracle (Ubuntu package): before 6.5.0-1015.15
linux-image-6.5.0-1013-gcp (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1013-aws (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1010-raspi (Ubuntu package): before 6.5.0-1010.13
linux-image-6.5.0-1009-laptop (Ubuntu package): before 6.5.0-1009.12
linux-image-6.5.0-1007-starfive (Ubuntu package): before 6.5.0-1007.8
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:23.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1014-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-laptop-23.10_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1015-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1010-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1009-laptop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1007-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-6624-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU82758
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-35827
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.10
linux-image-raspi (Ubuntu package): before 6.5.0.1010.11
linux-image-lowlatency-64k (Ubuntu package): before 6.5.0.17.17.14
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1014.16
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-6.5.0-1014-oem (Ubuntu package): before 6.5.0-1014.15
linux-image-virtual (Ubuntu package): before 6.5.0.17.19
linux-image-starfive (Ubuntu package): before 6.5.0.1007.9
linux-image-raspi-nolpae (Ubuntu package): before 6.5.0.1010.11
linux-image-oracle (Ubuntu package): before 6.5.0.1015.15
linux-image-lowlatency (Ubuntu package): before 6.5.0.17.17.14
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1009.12
linux-image-kvm (Ubuntu package): before 6.5.0.17.19
linux-image-generic-lpae (Ubuntu package): before 6.5.0.17.19
linux-image-generic-64k (Ubuntu package): before 6.5.0.17.19
linux-image-generic (Ubuntu package): before 6.5.0.17.19
linux-image-gcp (Ubuntu package): before 6.5.0.1013.13
linux-image-aws (Ubuntu package): before 6.5.0.1013.13
linux-image-6.5.0-17-lowlatency-64k (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-lowlatency (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-generic-64k (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-17-generic (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-1015-oracle (Ubuntu package): before 6.5.0-1015.15
linux-image-6.5.0-1013-gcp (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1013-aws (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1010-raspi (Ubuntu package): before 6.5.0-1010.13
linux-image-6.5.0-1009-laptop (Ubuntu package): before 6.5.0-1009.12
linux-image-6.5.0-1007-starfive (Ubuntu package): before 6.5.0-1007.8
CPE2.3- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1014-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-laptop-23.10_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1015-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1010-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1009-laptop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1007-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-6624-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU82764
Risk: Low
CVSSv4.0: 7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2023-46813
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses. A local user can gain arbitrary write access to kernel memory and execute arbitrary code with elevated privileges.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.10
linux-image-raspi (Ubuntu package): before 6.5.0.1010.11
linux-image-lowlatency-64k (Ubuntu package): before 6.5.0.17.17.14
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1014.16
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-6.5.0-1014-oem (Ubuntu package): before 6.5.0-1014.15
linux-image-virtual (Ubuntu package): before 6.5.0.17.19
linux-image-starfive (Ubuntu package): before 6.5.0.1007.9
linux-image-raspi-nolpae (Ubuntu package): before 6.5.0.1010.11
linux-image-oracle (Ubuntu package): before 6.5.0.1015.15
linux-image-lowlatency (Ubuntu package): before 6.5.0.17.17.14
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1009.12
linux-image-kvm (Ubuntu package): before 6.5.0.17.19
linux-image-generic-lpae (Ubuntu package): before 6.5.0.17.19
linux-image-generic-64k (Ubuntu package): before 6.5.0.17.19
linux-image-generic (Ubuntu package): before 6.5.0.17.19
linux-image-gcp (Ubuntu package): before 6.5.0.1013.13
linux-image-aws (Ubuntu package): before 6.5.0.1013.13
linux-image-6.5.0-17-lowlatency-64k (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-lowlatency (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-generic-64k (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-17-generic (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-1015-oracle (Ubuntu package): before 6.5.0-1015.15
linux-image-6.5.0-1013-gcp (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1013-aws (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1010-raspi (Ubuntu package): before 6.5.0-1010.13
linux-image-6.5.0-1009-laptop (Ubuntu package): before 6.5.0-1009.12
linux-image-6.5.0-1007-starfive (Ubuntu package): before 6.5.0-1007.8
CPE2.3- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1014-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-laptop-23.10_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1015-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1010-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1009-laptop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1007-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-6624-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) NULL pointer dereference
EUVDB-ID: #VU83903
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-46862
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the io_uring_show_fdinfo() function in io_uring/fdinfo.c. A local user can trigger a race with SQ thread exit and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.10
linux-image-raspi (Ubuntu package): before 6.5.0.1010.11
linux-image-lowlatency-64k (Ubuntu package): before 6.5.0.17.17.14
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1014.16
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-6.5.0-1014-oem (Ubuntu package): before 6.5.0-1014.15
linux-image-virtual (Ubuntu package): before 6.5.0.17.19
linux-image-starfive (Ubuntu package): before 6.5.0.1007.9
linux-image-raspi-nolpae (Ubuntu package): before 6.5.0.1010.11
linux-image-oracle (Ubuntu package): before 6.5.0.1015.15
linux-image-lowlatency (Ubuntu package): before 6.5.0.17.17.14
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1009.12
linux-image-kvm (Ubuntu package): before 6.5.0.17.19
linux-image-generic-lpae (Ubuntu package): before 6.5.0.17.19
linux-image-generic-64k (Ubuntu package): before 6.5.0.17.19
linux-image-generic (Ubuntu package): before 6.5.0.17.19
linux-image-gcp (Ubuntu package): before 6.5.0.1013.13
linux-image-aws (Ubuntu package): before 6.5.0.1013.13
linux-image-6.5.0-17-lowlatency-64k (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-lowlatency (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-generic-64k (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-17-generic (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-1015-oracle (Ubuntu package): before 6.5.0-1015.15
linux-image-6.5.0-1013-gcp (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1013-aws (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1010-raspi (Ubuntu package): before 6.5.0-1010.13
linux-image-6.5.0-1009-laptop (Ubuntu package): before 6.5.0-1009.12
linux-image-6.5.0-1007-starfive (Ubuntu package): before 6.5.0-1007.8
CPE2.3- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1014-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-laptop-23.10_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1015-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1010-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1009-laptop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1007-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-6624-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU86244
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-5972
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nft_inner_init() and nft_expr_inner_parse() functions in nft_inner.c. A local user can set specially crafted values for the NFTA_INNER_NUM and NFTA_EXPR_NAM netlink attributes and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.10
linux-image-raspi (Ubuntu package): before 6.5.0.1010.11
linux-image-lowlatency-64k (Ubuntu package): before 6.5.0.17.17.14
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1014.16
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-6.5.0-1014-oem (Ubuntu package): before 6.5.0-1014.15
linux-image-virtual (Ubuntu package): before 6.5.0.17.19
linux-image-starfive (Ubuntu package): before 6.5.0.1007.9
linux-image-raspi-nolpae (Ubuntu package): before 6.5.0.1010.11
linux-image-oracle (Ubuntu package): before 6.5.0.1015.15
linux-image-lowlatency (Ubuntu package): before 6.5.0.17.17.14
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1009.12
linux-image-kvm (Ubuntu package): before 6.5.0.17.19
linux-image-generic-lpae (Ubuntu package): before 6.5.0.17.19
linux-image-generic-64k (Ubuntu package): before 6.5.0.17.19
linux-image-generic (Ubuntu package): before 6.5.0.17.19
linux-image-gcp (Ubuntu package): before 6.5.0.1013.13
linux-image-aws (Ubuntu package): before 6.5.0.1013.13
linux-image-6.5.0-17-lowlatency-64k (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-lowlatency (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-generic-64k (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-17-generic (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-1015-oracle (Ubuntu package): before 6.5.0-1015.15
linux-image-6.5.0-1013-gcp (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1013-aws (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1010-raspi (Ubuntu package): before 6.5.0-1010.13
linux-image-6.5.0-1009-laptop (Ubuntu package): before 6.5.0-1009.12
linux-image-6.5.0-1007-starfive (Ubuntu package): before 6.5.0-1007.8
CPE2.3- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1014-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-laptop-23.10_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1015-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1010-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1009-laptop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1007-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-6624-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU84096
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6176
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel API for the cryptographic algorithm scatterwalk functionality in scatterwalk_copychunks(). A local user can send a malicious packet with specific socket configuration and crash the OS kernel.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.10
linux-image-raspi (Ubuntu package): before 6.5.0.1010.11
linux-image-lowlatency-64k (Ubuntu package): before 6.5.0.17.17.14
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1014.16
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-6.5.0-1014-oem (Ubuntu package): before 6.5.0-1014.15
linux-image-virtual (Ubuntu package): before 6.5.0.17.19
linux-image-starfive (Ubuntu package): before 6.5.0.1007.9
linux-image-raspi-nolpae (Ubuntu package): before 6.5.0.1010.11
linux-image-oracle (Ubuntu package): before 6.5.0.1015.15
linux-image-lowlatency (Ubuntu package): before 6.5.0.17.17.14
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1009.12
linux-image-kvm (Ubuntu package): before 6.5.0.17.19
linux-image-generic-lpae (Ubuntu package): before 6.5.0.17.19
linux-image-generic-64k (Ubuntu package): before 6.5.0.17.19
linux-image-generic (Ubuntu package): before 6.5.0.17.19
linux-image-gcp (Ubuntu package): before 6.5.0.1013.13
linux-image-aws (Ubuntu package): before 6.5.0.1013.13
linux-image-6.5.0-17-lowlatency-64k (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-lowlatency (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-generic-64k (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-17-generic (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-1015-oracle (Ubuntu package): before 6.5.0-1015.15
linux-image-6.5.0-1013-gcp (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1013-aws (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1010-raspi (Ubuntu package): before 6.5.0-1010.13
linux-image-6.5.0-1009-laptop (Ubuntu package): before 6.5.0-1009.12
linux-image-6.5.0-1007-starfive (Ubuntu package): before 6.5.0-1007.8
CPE2.3- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1014-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-laptop-23.10_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1015-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1010-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1009-laptop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1007-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-6624-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Race condition
EUVDB-ID: #VU85022
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6531
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition when the unix garbage collector's deletion of a SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. A local user can exploit the race and escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.10
linux-image-raspi (Ubuntu package): before 6.5.0.1010.11
linux-image-lowlatency-64k (Ubuntu package): before 6.5.0.17.17.14
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1014.16
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-6.5.0-1014-oem (Ubuntu package): before 6.5.0-1014.15
linux-image-virtual (Ubuntu package): before 6.5.0.17.19
linux-image-starfive (Ubuntu package): before 6.5.0.1007.9
linux-image-raspi-nolpae (Ubuntu package): before 6.5.0.1010.11
linux-image-oracle (Ubuntu package): before 6.5.0.1015.15
linux-image-lowlatency (Ubuntu package): before 6.5.0.17.17.14
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1009.12
linux-image-kvm (Ubuntu package): before 6.5.0.17.19
linux-image-generic-lpae (Ubuntu package): before 6.5.0.17.19
linux-image-generic-64k (Ubuntu package): before 6.5.0.17.19
linux-image-generic (Ubuntu package): before 6.5.0.17.19
linux-image-gcp (Ubuntu package): before 6.5.0.1013.13
linux-image-aws (Ubuntu package): before 6.5.0.1013.13
linux-image-6.5.0-17-lowlatency-64k (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-lowlatency (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-generic-64k (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-17-generic (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-1015-oracle (Ubuntu package): before 6.5.0-1015.15
linux-image-6.5.0-1013-gcp (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1013-aws (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1010-raspi (Ubuntu package): before 6.5.0-1010.13
linux-image-6.5.0-1009-laptop (Ubuntu package): before 6.5.0-1009.12
linux-image-6.5.0-1007-starfive (Ubuntu package): before 6.5.0-1007.8
CPE2.3- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1014-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-laptop-23.10_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1015-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1010-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1009-laptop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1007-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-6624-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU84512
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-6622
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nft_dynset_init() function in net/netfilter/nft_dynset.c in nf_tables. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.10
linux-image-raspi (Ubuntu package): before 6.5.0.1010.11
linux-image-lowlatency-64k (Ubuntu package): before 6.5.0.17.17.14
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1014.16
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-6.5.0-1014-oem (Ubuntu package): before 6.5.0-1014.15
linux-image-virtual (Ubuntu package): before 6.5.0.17.19
linux-image-starfive (Ubuntu package): before 6.5.0.1007.9
linux-image-raspi-nolpae (Ubuntu package): before 6.5.0.1010.11
linux-image-oracle (Ubuntu package): before 6.5.0.1015.15
linux-image-lowlatency (Ubuntu package): before 6.5.0.17.17.14
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1009.12
linux-image-kvm (Ubuntu package): before 6.5.0.17.19
linux-image-generic-lpae (Ubuntu package): before 6.5.0.17.19
linux-image-generic-64k (Ubuntu package): before 6.5.0.17.19
linux-image-generic (Ubuntu package): before 6.5.0.17.19
linux-image-gcp (Ubuntu package): before 6.5.0.1013.13
linux-image-aws (Ubuntu package): before 6.5.0.1013.13
linux-image-6.5.0-17-lowlatency-64k (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-lowlatency (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-generic-64k (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-17-generic (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-1015-oracle (Ubuntu package): before 6.5.0-1015.15
linux-image-6.5.0-1013-gcp (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1013-aws (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1010-raspi (Ubuntu package): before 6.5.0-1010.13
linux-image-6.5.0-1009-laptop (Ubuntu package): before 6.5.0-1009.12
linux-image-6.5.0-1007-starfive (Ubuntu package): before 6.5.0-1007.8
CPE2.3- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1014-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-laptop-23.10_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1015-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1010-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1009-laptop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1007-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-6624-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper locking
EUVDB-ID: #VU86245
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-0641
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to double-locking error within the tipc_crypto_key_revoke() function in net/tipc/crypto.c. A malicious guest can exploit this vulnerability to cause a deadlock, resulting in a denial of service.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 23.10
linux-image-raspi (Ubuntu package): before 6.5.0.1010.11
linux-image-lowlatency-64k (Ubuntu package): before 6.5.0.17.17.14
linux-image-virtual-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1014.16
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17.1.1.1~22.04.6
linux-image-generic-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-generic-64k-hwe-22.04 (Ubuntu package): before 6.5.0.17.17~22.04.9
linux-image-6.5.0-1014-oem (Ubuntu package): before 6.5.0-1014.15
linux-image-virtual (Ubuntu package): before 6.5.0.17.19
linux-image-starfive (Ubuntu package): before 6.5.0.1007.9
linux-image-raspi-nolpae (Ubuntu package): before 6.5.0.1010.11
linux-image-oracle (Ubuntu package): before 6.5.0.1015.15
linux-image-lowlatency (Ubuntu package): before 6.5.0.17.17.14
linux-image-laptop-23.10 (Ubuntu package): before 6.5.0.1009.12
linux-image-kvm (Ubuntu package): before 6.5.0.17.19
linux-image-generic-lpae (Ubuntu package): before 6.5.0.17.19
linux-image-generic-64k (Ubuntu package): before 6.5.0.17.19
linux-image-generic (Ubuntu package): before 6.5.0.17.19
linux-image-gcp (Ubuntu package): before 6.5.0.1013.13
linux-image-aws (Ubuntu package): before 6.5.0.1013.13
linux-image-6.5.0-17-lowlatency-64k (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-lowlatency (Ubuntu package): before 6.5.0-17.17.1.1.1~22.04.1
linux-image-6.5.0-17-generic-64k (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-17-generic (Ubuntu package): before 6.5.0-17.17~22.04.1
linux-image-6.5.0-1015-oracle (Ubuntu package): before 6.5.0-1015.15
linux-image-6.5.0-1013-gcp (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1013-aws (Ubuntu package): before 6.5.0-1013.13
linux-image-6.5.0-1010-raspi (Ubuntu package): before 6.5.0-1010.13
linux-image-6.5.0-1009-laptop (Ubuntu package): before 6.5.0-1009.12
linux-image-6.5.0-1007-starfive (Ubuntu package): before 6.5.0-1007.8
CPE2.3- cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oem-22.04d_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1014-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-laptop-23.10_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-17-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1015-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1013-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1010-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1009-laptop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:o:canonical:linux-image-6.5.0-1007-starfive_ubuntu_package:*:*:*:*:*:ubuntu:*:*
http://ubuntu.com/security/notices/USN-6624-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
