USN-6027-1

Advisory lineage Upstream: 14 Downstream: 0
Published: 19 Apr 2023, 12:58
Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

19 Apr 2023, 12:58
Published
Vulnerability first disclosed
03 Jun 2026, 13:34
Last Modified
Vulnerability information updated

Description

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1281) Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3108) It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3903) Haowei Yan discovered that a race condition existed in the Layer 2 Tunneling Protocol (L2TP) implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-4129) It was discovered that the Human Interface Device (HID) support driver in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1073) It was discovered that a memory leak existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-1074) Lianhui Tang discovered that the MPLS implementation in the Linux kernel did not properly handle certain sysctl allocation failure conditions, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-26545)

Affected Systems

  • ubuntulinux

    < 5.4.0-147.164

  • ubuntulinux-aws

    < 5.4.0-1100.108

  • ubuntulinux-aws-5.4

    < 5.4.0-1100.108~18.04.1

  • ubuntulinux-azure

    < 5.4.0-1106.112

  • ubuntulinux-azure-5.4

    < 5.4.0-1106.112~18.04.1

  • ubuntulinux-gcp

    < 5.4.0-1103.112

  • ubuntulinux-gcp-5.4

    < 5.4.0-1103.112~18.04.1

  • ubuntulinux-gke

    < 5.4.0-1097.104

  • ubuntulinux-gkeop

    < 5.4.0-1067.71

  • ubuntulinux-hwe-5.4

    < 5.4.0-147.164~18.04.1

  • ubuntulinux-ibm

    < 5.4.0-1047.52

  • ubuntulinux-ibm-5.4

    < 5.4.0-1047.52~18.04.1

  • ubuntulinux-kvm

    < 5.4.0-1089.95

  • ubuntulinux-oracle

    < 5.4.0-1099.108

  • ubuntulinux-oracle-5.4

    < 5.4.0-1099.108~18.04.1

  • ubuntulinux-raspi

    < 5.4.0-1083.94

  • ubuntulinux-raspi-5.4

    < 5.4.0-1083.94~18.04.1

References (8)