LSN-0098-1

Description

Kernel Live Patch Security Notice It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3090) It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).(CVE-2023-3567) It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3609) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3776) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle table rules flush in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-3777) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle rule additions to bound chains in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-3995) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle PIPAPO element removal, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-4004) It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-4128) Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-21400) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-40283)

Affected Systems

• ubuntu•linux

  < 5.4.0-163.180 | < 4.4.0-245.279 | < 4.15.0-218.229 | < 5.4.0-205.225 | < 5.15.0-84.93

• ubuntu•linux-aws

  < 5.4.0-1110.119 | < 4.4.0-1161.176 | < 4.15.0-1161.174 | < 5.4.0-1139.149 | < 5.15.0-1045.50

• ubuntu•linux-aws-5.15

  < 5.15.0-1045.50~20.04.1

• ubuntu•linux-aws-6.2

  < 6.2.0-1012.12~22.04.1

• ubuntu•linux-azure

  < 5.4.0-1116.123 | < 4.15.0-1170.185~16.04.1 | < 5.4.0-1143.150 | < 5.15.0-1047.54

• ubuntu•linux-azure-4.15

  < 4.15.0-1170.185

• ubuntu•linux-azure-6.2

  < 6.2.0-1012.12~22.04.1

• ubuntu•linux-gcp

  < 5.4.0-1113.122 | < 4.15.0-1155.172~16.04.1 | < 5.4.0-1142.151 | < 5.15.0-1042.50

• ubuntu•linux-gcp-4.15

  < 4.15.0-1155.172

• ubuntu•linux-gcp-5.15

  < 5.15.0-1042.50~20.04.1

• ubuntu•linux-gcp-6.2

  < 6.2.0-1014.14~22.04.1

• ubuntu•linux-gke

  all | < 5.4.0-1104.111 | < 5.15.0-1042.47

• ubuntu•linux-gke-5.15

  all | < 5.15.0-1038.43~20.04.1

• ubuntu•linux-gkeop

  < 5.4.0-1077.81

• ubuntu•linux-hwe-5.15

  < 5.15.0-84.93~20.04.1

• ubuntu•linux-hwe-6.2

  < 6.2.0-33.33~22.04.1

• ubuntu•linux-ibm

  < 5.4.0-1057.62 | < 5.4.0-1085.90 | < 5.15.0-1038.41

• ubuntu•linux-lowlatency-hwe-5.15

  < 5.15.0-84.93~20.04.1

• ubuntu•linux-lts-xenial

  < 4.4.0-245.279~14.04.1

References (11)

• https://ubuntu.com/security/notices/LSN-0098-1
• https://ubuntu.com/security/CVE-2023-3090
• https://ubuntu.com/security/CVE-2023-3567
• https://ubuntu.com/security/CVE-2023-3609
• https://ubuntu.com/security/CVE-2023-3776
• https://ubuntu.com/security/CVE-2023-3777
• https://ubuntu.com/security/CVE-2023-3995
• https://ubuntu.com/security/CVE-2023-4004
• https://ubuntu.com/security/CVE-2023-4128
• https://ubuntu.com/security/CVE-2023-21400
• https://ubuntu.com/security/CVE-2023-40283