Ubuntu update for linux-aws

Exploit availability: No

Description

The vulnerability allows a remote user to read data or crash the application.

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Race condition

EUVDB-ID: #VU77498

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32254

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a race condition within fs/ksmbd/mgmt/tree_connect.c in ksmbd in Linux kernel when processing SMB2_TREE_DISCONNECT commands. A remote attacker can trigger a use-after-free error using concurrent smb2 tree disconnect requests and execute arbitrary code on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Race condition

EUVDB-ID: #VU80501

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32258

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a race condition when processing SMB2_LOGOFF and SMB2_CLOSE commands in ksmbd. A remote attacker can send specially crafted data to the server and execute arbitrary code on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Integer overflow

EUVDB-ID: #VU81658

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38427

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the deassemble_neg_contexts() function in fs/smb/server/smb2pdu.c in ksmbd. A remote attacker can send specially crafted data to ksmbd, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU79477

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38430

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in ksmbd when handling SMB request protocol ID. A remote attacker can send specially crafted packets to the system to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU81659

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38431

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in fs/smb/server/connection.c within ksmbd. A remote attacker can send a specially crafted data to the system, trigger an out-of-bounds read error and read contents of memory or perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU82661

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3867

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the KSMBD implementation in the Linux kernel. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU85682

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46838

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows an unprivileged guest to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of network packets at the backend. An unprivileged guest can send zero-length packets to the OS kernel and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Resource exhaustion

EUVDB-ID: #VU88378

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52340

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when processing very large ICMPv6 packets. A remote attacker can send a flood of IPv6 ICMP6 PTB messages, cause the high lock contention and increased CPU usage, leading to a denial of service.

Successful vulnerability exploitation requires a attacker to be on the local network or have a high bandwidth connection.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper Check for Unusual or Exceptional Conditions

EUVDB-ID: #VU87166

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52429

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dm_table_create() function in drivers/md/dm-table.c. A local user can pass specially crafted data to the kernel and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

EUVDB-ID: #VU87595

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-23851

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the copy_params() function in drivers/md/dm-ioctl.c. A remote attacker can trigger an out-of-bounds read and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU86554

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-22705

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c in Linux kernel ksmbd. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Reachable Assertion

EUVDB-ID: #VU87594

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-23850

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the btrfs_get_root_ref() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Race condition

EUVDB-ID: #VU86580

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-24860

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the {min,max}_key_size_set() function in the Linux kernel bluetooth device driver. A remote attacker with physical proximity to device can send specially crafted packets to the system and crash the kernel.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) NULL pointer dereference

EUVDB-ID: #VU90660

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52463

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU87745

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52445

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in pvrusb2. A local user can execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU89237

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52462

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to crash the kernel.

The vulnerability exists due to a boundary error within the check_stack_write_fixed_off() function in kernel/bpf/verifier.c. A local user can trigger memory corruption and crash the kernel.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Race condition

EUVDB-ID: #VU91484

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52609

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the binder_update_page_range() function in drivers/android/binder_alloc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU87741

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52448

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in gfs2_rgrp_dump() function. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU89242

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52457

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the omap8250_remove() function in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds write

EUVDB-ID: #VU88895

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52464

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the thunderx_ocx_com_threaded_isr() function in drivers/edac/thunderx_edac.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper locking

EUVDB-ID: #VU89243

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52456

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to double-locking error within the imx_uart_stop_tx() function in drivers/tty/serial/imx.c. A local user can crash the OS kernel.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) NULL pointer dereference

EUVDB-ID: #VU89244

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52454

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_pdu_iovec() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU87593

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52438

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the binder_alloc_free_page() function in drivers/android/binder_alloc.c. A local user can trigger a race condition and escalate privileges on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU90249

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52480

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ksmbd_expire_session(), ksmbd_sessions_deregister() and ksmbd_session_lookup() functions in fs/ksmbd/mgmt/user_session.c, within the ksmbd_conn_alloc() function in fs/ksmbd/connection.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU89245

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52443

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the unpack_profile() function in security/apparmor/policy_unpack.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Input validation error

EUVDB-ID: #VU94148

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52442

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the lookup_chann_list(), smb2_get_ksmbd_tcon(), smb2_allocate_rsp_buf() and smb2_check_user_session() functions in fs/ksmbd/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Race condition within a thread

EUVDB-ID: #VU91436

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26631

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the ipv6_mc_down() function in net/ipv6/mcast.c. A local user can manipulate data.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU87573

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52439

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uio_open() function in drivers/uio/uio.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer overflow

EUVDB-ID: #VU91314

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52612

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the scomp_acomp_comp_decomp() function in crypto/scompress.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU90262

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26598

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vgic_its_check_cache() and vgic_its_inject_cached_translation() functions in virt/kvm/arm/vgic/vgic-its.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Out-of-bounds write

EUVDB-ID: #VU88935

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26586

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Buffer overflow

EUVDB-ID: #VU88886

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26589

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the adjust_ptr_min_max_vals() function in kernel/bpf/verifier.c. A local user can crash the OS kernel.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Reachable assertion

EUVDB-ID: #VU90918

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52444

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to reachable assertion within the f2fs_rename() function in fs/f2fs/namei.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Information disclosure

EUVDB-ID: #VU87592

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52436

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the __f2fs_setxattr() function in fs/f2fs/xattr.c, does not empty by default the unused space in the xattr list. A local user can gain access to potentially sensitive information.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Input validation error

EUVDB-ID: #VU89267

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26633

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in NEXTHDR_FRAGMENT handling within the ip6_tnl_parse_tlv_enc_lim() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Out-of-bounds read

EUVDB-ID: #VU87682

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26597

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c when parsing the netlink attributes. A local user can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) NULL pointer dereference

EUVDB-ID: #VU90657

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52458

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the blkpg_do_ioctl() function in block/ioctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) NULL pointer dereference

EUVDB-ID: #VU88888

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26591

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the bpf_tracing_prog_attach() function in kernel/bpf/syscall.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) NULL pointer dereference

EUVDB-ID: #VU87742

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52449

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in mtd. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) NULL pointer dereference

EUVDB-ID: #VU89236

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52467

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the of_syscon_register() function in drivers/mfd/syscon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Out-of-bounds read

EUVDB-ID: #VU91105

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52441

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the init_smb1_server() function in fs/ksmbd/smb_common.c, within the handle_ksmbd_work() and queue_ksmbd_work() functions in fs/ksmbd/server.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Memory leak

EUVDB-ID: #VU89382

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52610

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in net/sched/act_ct.c. A local user can force the kernel to leak memory and perform denial of service attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Out-of-bounds read

EUVDB-ID: #VU88891

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52451

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the dlpar_memory_remove_by_index() function in arch/powerpc/platforms/pseries/hotplug-memory.c. A local user can trigger an out-of-bounds read and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU89235

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52469

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU92074

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52470

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the radeon_crtc_init() function in drivers/gpu/drm/radeon/radeon_display.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58

linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1

External links