USN-6131-1

Advisory lineage Upstream: 10 Downstream: 0
Published: 01 Jun 2023, 18:48
Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

01 Jun 2023, 18:48
Published
Vulnerability first disclosed
03 Jun 2026, 13:34
Last Modified
Vulnerability information updated

Description

linux, linux-aws, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32233) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31436) Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). (CVE-2023-30456) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1380) Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2612)

Affected Systems

  • ubuntulinux

    < 5.4.0-150.167

  • ubuntulinux-aws

    < 5.4.0-1103.111

  • ubuntulinux-azure

    < 5.4.0-1109.115

  • ubuntulinux-azure-5.4

    < 5.4.0-1109.115~18.04.1

  • ubuntulinux-gcp

    < 5.4.0-1106.115

  • ubuntulinux-gcp-5.4

    < 5.4.0-1106.115~18.04.1

  • ubuntulinux-gke

    < 5.4.0-1100.107

  • ubuntulinux-gkeop

    < 5.4.0-1070.74

  • ubuntulinux-hwe-5.4

    < 5.4.0-150.167~18.04.1

  • ubuntulinux-ibm

    < 5.4.0-1050.55

  • ubuntulinux-ibm-5.4

    < 5.4.0-1050.55~18.04.1

  • ubuntulinux-kvm

    < 5.4.0-1092.98

  • ubuntulinux-oracle

    < 5.4.0-1102.111

  • ubuntulinux-oracle-5.4

    < 5.4.0-1102.111~18.04.1

References (6)