SB2024020927 - Ubuntu update for linux-intel-iotg
Published: February 9, 2024 Updated: May 13, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Race condition (CVE-ID: CVE-2023-32250)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition within the fs/ksmbd/connection.c in ksmbd in Linux kernel when processing SMB2_SESSION_SETUP commands. A remote attacker can exploit the race by sending concurrent session setup and logoff request and execute arbitrary code on the system.
2) NULL pointer dereference (CVE-ID: CVE-2023-32252)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when handling SMB2_LOGOFF commands in ksmbd. A remote attacker can send specially crafted data to the server and perform a denial of service (DoS) attack.
3) Race condition (CVE-ID: CVE-2023-32257)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition when handling SMB2_SESSION_SETUP and SMB2_LOGOFF commands. A remote attacker can send specially crafted data to the affected server, trigger a race condition and execute arbitrary code on the system.
4) Deadlock (CVE-ID: CVE-2023-34324)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper event handling in Linux kernel. A malicious guest can disable paravirtualized device to cause a deadlock in a backend domain (other than dom0).
5) Use-after-free (CVE-ID: CVE-2023-35827)
The vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
6) Improper access control (CVE-ID: CVE-2023-46813)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses. A local user can gain arbitrary write access to kernel memory and execute arbitrary code with elevated privileges.
7) Use-after-free (CVE-ID: CVE-2023-6039)
The vulnerability allows a local user to perform a denial of service (DoS) atack.
The vulnerability exists due to a use-after-free error within the lan78xx_disconnect() function in drivers/net/usb/lan78xx.c. A local user can trigger a use-after-free error and crash the kernel.
8) Out-of-bounds write (CVE-ID: CVE-2023-6040)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nf_tables_newtable() function in netfilter nf_tables. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
9) NULL pointer dereference (CVE-ID: CVE-2023-6176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel API for the cryptographic algorithm scatterwalk functionality in scatterwalk_copychunks(). A local user can send a malicious packet with specific socket configuration and crash the OS kernel.
10) Out-of-bounds read (CVE-ID: CVE-2023-6606)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition within the smbCalcSize() function in fs/smb/client/netmisc.c file. A local user can trigger an out-of-bounds read error and gain access to sensitive information or crash the kernel.
11) NULL pointer dereference (CVE-ID: CVE-2023-6622)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nft_dynset_init() function in net/netfilter/nft_dynset.c in nf_tables. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
12) Use-after-free (CVE-ID: CVE-2023-6817)
The vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
13) Out-of-bounds write (CVE-ID: CVE-2023-6931)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's Performance Events system component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
14) Use-after-free (CVE-ID: CVE-2023-6932)
The vulnerability allows a local authenticated user to execute arbitrary code.
The vulnerability exists due to a use-after-free error within the ipv4 igmp component in Linux kernel. A local authenticated user can trigger a use-after-free error and execute arbitrary code.
15) Use-after-free (CVE-ID: CVE-2024-0193)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the netfilter subsystem of the Linux kernel. A local user with CAP_NET_ADMIN capability can escalate privileges on the system.
16) Improper locking (CVE-ID: CVE-2024-0641)
The vulnerability allows a malicious guest to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to double-locking error within the tipc_crypto_key_revoke() function in net/tipc/crypto.c. A malicious guest can exploit this vulnerability to cause a deadlock, resulting in a denial of service.
Remediation
Install update from vendor's website.