UBUNTU-CVE-2023-2124

Description

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• ubuntu•linux

  all | < 4.4.0-243.277 | < 4.15.0-214.225 | < 5.4.0-156.173 | < 5.15.0-79.86

• ubuntu•linux-allwinner-5.19

  all

• ubuntu•linux-aws

  < 4.4.0-1121.127 | < 4.4.0-1159.174 | < 4.15.0-1159.172 | < 5.4.0-1107.115 | < 5.15.0-1042.47

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.15

  < 5.15.0-1041.46~20.04.1

• ubuntu•linux-aws-5.19

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1107.115~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-fips

  < 4.15.0-2098.104 | all | < 5.4.0-1107.115+fips1

• ubuntu•linux-aws-hwe

  < 4.15.0-1159.172~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1168.183~14.04.1 | < 4.15.0-1168.183~16.04.1 | all | < 5.4.0-1114.120 | < 5.15.0-1045.52

• ubuntu•linux-azure-4.15

  < 4.15.0-1168.183

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1045.52~20.04.1

• ubuntu•linux-azure-5.19

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1113.119~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all | < 5.15.0-1044.51.1

• ubuntu•linux-azure-fde-5.19

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2077.83 | all | < 5.4.0-1113.119+fips1

• ubuntu•linux-bluefield

  < 5.15.0-1022.24 | < 5.4.0-1068.74 | < 5.15.0-1022.24 | all

• ubuntu•linux-fips

  < 4.4.0-1091.98 | all | < 4.15.0-1114.125 | < 5.4.0-1082.91

• ubuntu•linux-gcp

  < 4.15.0-1153.170~16.04.1 | all | < 5.4.0-1110.119 | < 5.15.0-1039.47

• ubuntu•linux-gcp-4.15

  < 4.15.0-1153.170

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.15

  < 5.15.0-1039.47~20.04.1

• ubuntu•linux-gcp-5.19

  all

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1110.119~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-fips

  < 4.15.0-2061.66 | all | < 5.4.0-1110.119+fips1

• ubuntu•linux-gke

  < 5.4.0-1105.112 | < 5.15.0-1039.44

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  < 5.15.0-1039.44~20.04.1

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop

  < 5.4.0-1074.78 | < 5.15.0-1025.30

• ubuntu•linux-gkeop-5.15

  < 5.15.0-1025.30~20.04.1

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  < 4.15.0-214.225~16.04.1 | all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.15

  < 5.15.0-79.86~20.04.2

• ubuntu•linux-hwe-5.19

  all

Showing first 50 affected entries in server-rendered view.

References (21)

• https://ubuntu.com/security/CVE-2023-2124
• https://www.openwall.com/lists/oss-security/2023/04/19/2
• https://lore.kernel.org/linux-xfs/20230412214034.GL3223426@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d
• https://ubuntu.com/security/notices/USN-6206-1
• https://ubuntu.com/security/notices/USN-6224-1
• https://ubuntu.com/security/notices/USN-6228-1
• https://ubuntu.com/security/notices/USN-6231-1
• https://ubuntu.com/security/notices/USN-6235-1
• https://ubuntu.com/security/notices/USN-6252-1
• https://ubuntu.com/security/notices/USN-6254-1
• https://ubuntu.com/security/notices/USN-6284-1
• https://ubuntu.com/security/notices/USN-6300-1
• https://ubuntu.com/security/notices/USN-6301-1
• https://ubuntu.com/security/notices/USN-6311-1
• https://ubuntu.com/security/notices/USN-6312-1
• https://ubuntu.com/security/notices/USN-6314-1
• https://ubuntu.com/security/notices/USN-6331-1
• https://ubuntu.com/security/notices/USN-6332-1
• https://ubuntu.com/security/notices/USN-6337-1
• https://ubuntu.com/security/notices/USN-6347-1
• https://www.cve.org/CVERecord?id=CVE-2023-2124