UBUNTU-CVE-2023-1670

Description

A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• ubuntu•linux

  all | < 4.4.0-240.274 | < 4.15.0-214.225 | < 5.4.0-152.169 | < 5.15.0-75.82

• ubuntu•linux-aws

  < 4.4.0-1118.124 | < 4.4.0-1156.171 | < 4.15.0-1159.172 | < 5.4.0-1104.112 | < 5.15.0-1038.43

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.15

  < 5.15.0-1038.43~20.04.1

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1104.112~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-fips

  < 4.15.0-2098.104 | all | < 5.4.0-1104.112+fips1

• ubuntu•linux-aws-hwe

  < 4.15.0-1159.172~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1168.183~14.04.1 | < 4.15.0-1168.183~16.04.1 | all | < 5.4.0-1110.116 | < 5.15.0-1040.47

• ubuntu•linux-azure-4.15

  < 4.15.0-1168.183

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1040.47~20.04.1

• ubuntu•linux-azure-5.19

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1110.116~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all | < 5.15.0-1041.48.1

• ubuntu•linux-azure-fde-5.19

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2077.83 | all | < 5.4.0-1110.116+fips1

• ubuntu•linux-bluefield

  < 5.15.0-1019.21 | < 5.4.0-1065.71 | < 5.15.0-1019.21

• ubuntu•linux-fips

  < 4.4.0-1088.95 | all | < 4.15.0-1114.125 | < 5.4.0-1079.88

• ubuntu•linux-gcp

  < 4.15.0-1153.170~16.04.1 | all | < 5.4.0-1107.116 | < 5.15.0-1036.44

• ubuntu•linux-gcp-4.15

  < 4.15.0-1153.170

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.15

  < 5.15.0-1036.44~20.04.1

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1107.116~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-fips

  < 4.15.0-2061.66 | all | < 5.4.0-1107.116+fips1

• ubuntu•linux-gke

  < 5.4.0-1102.109 | < 5.15.0-1036.41

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  < 5.15.0-1036.41~20.04.1

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop

  < 5.4.0-1071.75 | < 5.15.0-1022.27

• ubuntu•linux-gkeop-5.15

  < 5.15.0-1022.27~20.04.1

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  < 4.15.0-214.225~16.04.1 | all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.15

  < 5.15.0-75.82~20.04.1

• ubuntu•linux-hwe-5.19

  < 5.19.0-45.46~22.04.1

• ubuntu•linux-hwe-5.4

  < 5.4.0-152.169~18.04.1

• ubuntu•linux-hwe-5.8

  all

• ubuntu•linux-hwe-edge

  all | all

Showing first 50 affected entries in server-rendered view.

References (19)

• https://ubuntu.com/security/CVE-2023-1670
• https://git.kernel.org/linus/e8d20c3ded59a092532513c9bd030d1ea66f5f44
• https://lore.kernel.org/all/20230316161526.1568982-1-zyytlz.wz@163.com/
• https://ubuntu.com/security/notices/USN-6033-1
• https://ubuntu.com/security/notices/USN-6045-1
• https://ubuntu.com/security/notices/USN-6123-1
• https://ubuntu.com/security/notices/USN-6124-1
• https://ubuntu.com/security/notices/USN-6171-1
• https://ubuntu.com/security/notices/USN-6172-1
• https://ubuntu.com/security/notices/USN-6175-1
• https://ubuntu.com/security/notices/USN-6185-1
• https://ubuntu.com/security/notices/USN-6186-1
• https://ubuntu.com/security/notices/USN-6187-1
• https://ubuntu.com/security/notices/USN-6207-1
• https://ubuntu.com/security/notices/USN-6222-1
• https://ubuntu.com/security/notices/USN-6223-1
• https://ubuntu.com/security/notices/USN-6252-1
• https://ubuntu.com/security/notices/USN-6256-1
• https://www.cve.org/CVERecord?id=CVE-2023-1670