UBUNTU-CVE-2023-6270
Vulnerability Summary
Timeline
Description
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.
CVSS Metrics
- v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- ubuntu•linux
all | < 4.4.0-256.290 | < 4.15.0-226.238 | < 5.4.0-189.209 | < 5.15.0-112.122 | < 6.8.0-35.35
- ubuntu•linux-allwinner-5.19
all
- ubuntu•linux-aws
< 4.4.0-1133.139 | < 4.4.0-1171.186 | < 4.15.0-1169.182 | < 5.4.0-1128.138 | < 5.15.0-1063.69 | < 6.8.0-1009.9
- ubuntu•linux-aws-5.0
all
- ubuntu•linux-aws-5.11
all
- ubuntu•linux-aws-5.13
all
- ubuntu•linux-aws-5.15
< 5.15.0-1063.69~20.04.1
- ubuntu•linux-aws-5.19
all
- ubuntu•linux-aws-5.3
all
- ubuntu•linux-aws-5.4
< 5.4.0-1128.138~18.04.1
- ubuntu•linux-aws-5.8
all
- ubuntu•linux-aws-6.2
all
- ubuntu•linux-aws-6.5
< 6.5.0-1023.23~22.04.1
- ubuntu•linux-aws-fips
< 4.15.0-2108.114 | all | < 5.4.0-1128.138+fips1 | < 5.15.0-1063.69+fips1
- ubuntu•linux-aws-hwe
< 4.15.0-1169.182~16.04.1
- ubuntu•linux-azure
< 4.15.0-1178.193~14.04.1 | < 4.15.0-1178.193~16.04.1 | all | < 5.4.0-1133.140 | < 5.15.0-1066.75 | < 6.8.0-1008.8
- ubuntu•linux-azure-4.15
< 4.15.0-1178.193
- ubuntu•linux-azure-5.11
all
- ubuntu•linux-azure-5.13
all
- ubuntu•linux-azure-5.15
< 5.15.0-1065.74~20.04.1
- ubuntu•linux-azure-5.19
all
- ubuntu•linux-azure-5.3
all
- ubuntu•linux-azure-5.4
< 5.4.0-1133.140~18.04.1
- ubuntu•linux-azure-5.8
all
- ubuntu•linux-azure-6.2
all
- ubuntu•linux-azure-6.5
< 6.5.0-1024.25~22.04.1
- ubuntu•linux-azure-edge
all
- ubuntu•linux-azure-fde
all | < 5.15.0-1067.76.1
- ubuntu•linux-azure-fde-5.19
all
- ubuntu•linux-azure-fde-6.2
all
- ubuntu•linux-azure-fips
< 4.15.0-2087.93 | all | < 5.4.0-1133.140+fips1 | < 5.15.0-1065.74+fips1
- ubuntu•linux-bluefield
< 5.15.0-1044.46 | < 5.4.0-1088.95 | < 5.15.0-1044.46 | all
- ubuntu•linux-fips
< 4.4.0-1102.109 | all | < 4.15.0-1124.135 | < 5.4.0-1102.112 | < 5.15.0-111.121+fips1
- ubuntu•linux-gcp
< 4.15.0-1163.180~16.04.1 | all | < 5.4.0-1132.141 | < 5.15.0-1062.70 | < 6.8.0-1008.9
- ubuntu•linux-gcp-4.15
< 4.15.0-1163.180
- ubuntu•linux-gcp-5.11
all
- ubuntu•linux-gcp-5.13
all
- ubuntu•linux-gcp-5.15
< 5.15.0-1062.70~20.04.1
- ubuntu•linux-gcp-5.19
all
- ubuntu•linux-gcp-5.3
all
- ubuntu•linux-gcp-5.4
< 5.4.0-1132.141~18.04.1
- ubuntu•linux-gcp-5.8
all
- ubuntu•linux-gcp-6.2
all
- ubuntu•linux-gcp-6.5
< 6.5.0-1024.26~22.04.1
- ubuntu•linux-gcp-fips
< 4.15.0-2071.76 | all | < 5.4.0-1132.141+fips1 | < 5.15.0-1062.70+fips1
- ubuntu•linux-gke
all | < 5.15.0-1060.66 | < 6.8.0-1004.7
- ubuntu•linux-gke-4.15
all
- ubuntu•linux-gke-5.15
all
- ubuntu•linux-gke-5.4
all
- ubuntu•linux-gkeop
< 5.4.0-1095.99 | < 5.15.0-1046.53
Showing first 50 affected entries in server-rendered view.
References (33)
- https://ubuntu.com/security/CVE-2023-6270
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-22236
- https://access.redhat.com/security/cve/CVE-2023-6270
- https://www.cve.org/CVERecord?id=CVE-2023-6270
- https://ubuntu.com/security/notices/USN-6816-1
- https://ubuntu.com/security/notices/USN-6817-1
- https://ubuntu.com/security/notices/USN-6820-1
- https://ubuntu.com/security/notices/USN-6821-1
- https://ubuntu.com/security/notices/USN-6821-2
- https://ubuntu.com/security/notices/USN-6817-2
- https://ubuntu.com/security/notices/USN-6828-1
- https://ubuntu.com/security/notices/USN-6820-2
- https://ubuntu.com/security/notices/USN-6821-3
- https://ubuntu.com/security/notices/USN-6817-3
- https://ubuntu.com/security/notices/USN-6821-4
- https://ubuntu.com/security/notices/USN-6865-1
- https://ubuntu.com/security/notices/USN-6866-1
- https://ubuntu.com/security/notices/USN-6871-1
- https://ubuntu.com/security/notices/USN-6878-1
- https://ubuntu.com/security/notices/USN-6866-2
- https://ubuntu.com/security/notices/USN-6866-3
- https://ubuntu.com/security/notices/USN-6892-1
- https://ubuntu.com/security/notices/USN-6895-1
- https://ubuntu.com/security/notices/USN-6896-1
- https://ubuntu.com/security/notices/USN-6895-2
- https://ubuntu.com/security/notices/USN-6896-2
- https://ubuntu.com/security/notices/USN-6900-1
- https://ubuntu.com/security/notices/USN-6896-3
- https://ubuntu.com/security/notices/USN-6895-3
- https://ubuntu.com/security/notices/USN-6896-4
- https://ubuntu.com/security/notices/USN-6896-5
- https://ubuntu.com/security/notices/USN-6919-1
- https://ubuntu.com/security/notices/USN-6895-4