LSN-0099-1

Description

Kernel Live Patch Security Notice It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability).(CVE-2022-3643) It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).(CVE-2023-3567) It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3609) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3776) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle table rules flush in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-3777) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle rule additions to bound chains in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-3995) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle PIPAPO element removal, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-4004) Bing-Jhong Billy Jheng discovered that the Unix domain socket implementation in the Linux kernel contained a race condition in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-4622) Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-4623) Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service (system crash).(CVE-2023-4881) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle removal of rules from chain bindings in certain circumstances, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-5197) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-31436) Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service (host system crash) or possibly execute arbitrary code.(CVE-2023-34319) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-40283) Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-42752) Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did not properly calculate array offsets, leading to a out-of-bounds write vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-42753)

Affected Systems

• ubuntu•linux

  < 4.4.0-246.280 | < 4.15.0-219.230 | < 5.4.0-165.182 | < 5.15.0-87.97

• ubuntu•linux-aws

  < 4.4.0-1162.177 | < 4.15.0-1162.175 | < 5.4.0-1112.121 | < 5.15.0-1048.53

• ubuntu•linux-aws-5.15

  < 5.15.0-1048.53~20.04.1

• ubuntu•linux-aws-5.4

  < 5.4.0-1112.121~18.04.2

• ubuntu•linux-aws-6.2

  < 6.2.0-1014.14~22.04.1

• ubuntu•linux-aws-hwe

  < 4.15.0-1162.175~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1171.186~16.04.1 | < 5.4.0-1118.125 | < 5.15.0-1050.57

• ubuntu•linux-azure-4.15

  < 4.15.0-1171.186

• ubuntu•linux-azure-5.4

  < 5.4.0-1118.125~18.04.1

• ubuntu•linux-azure-6.2

  < 6.2.0-1015.15~22.04.1

• ubuntu•linux-gcp

  < 4.15.0-1156.173~16.04.1 | < 5.4.0-1116.125 | < 5.15.0-1045.53

• ubuntu•linux-gcp-4.15

  < 4.15.0-1156.173

• ubuntu•linux-gcp-5.15

  < 5.15.0-1045.53~20.04.2

• ubuntu•linux-gcp-5.4

  < 5.4.0-1116.125~18.04.1

• ubuntu•linux-gcp-6.2

  < 6.2.0-1017.19~22.04.1

• ubuntu•linux-gke

  all | < 5.4.0-1100.107 | < 5.15.0-1045.50

• ubuntu•linux-gke-5.15

  all | < 5.15.0-1034.39~20.04.1

• ubuntu•linux-gkeop

  < 5.4.0-1079.83

• ubuntu•linux-hwe

  < 4.15.0-219.230~16.04.1

• ubuntu•linux-hwe-5.15

  < 5.15.0-87.97~20.04.1

• ubuntu•linux-hwe-5.4

  < 5.4.0-165.182~18.04.1

• ubuntu•linux-hwe-6.2

  < 6.2.0-35.35~22.04.1

• ubuntu•linux-ibm

  < 5.4.0-1059.64 | < 5.15.0-1041.44

• ubuntu•linux-ibm-5.15

  < 5.15.0-1041.44~20.04.1

• ubuntu•linux-ibm-5.4

  < 5.4.0-1059.64~18.04.1

• ubuntu•linux-lowlatency-hwe-5.15

  < 5.15.0-87.96~20.04.1

• ubuntu•linux-lts-xenial

  < 4.4.0-246.280~14.04.1

References (17)

• https://ubuntu.com/security/notices/LSN-0099-1
• https://ubuntu.com/security/CVE-2022-3643
• https://ubuntu.com/security/CVE-2023-3567
• https://ubuntu.com/security/CVE-2023-3609
• https://ubuntu.com/security/CVE-2023-3776
• https://ubuntu.com/security/CVE-2023-3777
• https://ubuntu.com/security/CVE-2023-3995
• https://ubuntu.com/security/CVE-2023-4004
• https://ubuntu.com/security/CVE-2023-4622
• https://ubuntu.com/security/CVE-2023-4623
• https://ubuntu.com/security/CVE-2023-4881
• https://ubuntu.com/security/CVE-2023-5197
• https://ubuntu.com/security/CVE-2023-31436
• https://ubuntu.com/security/CVE-2023-34319
• https://ubuntu.com/security/CVE-2023-40283
• https://ubuntu.com/security/CVE-2023-42752
• https://ubuntu.com/security/CVE-2023-42753