USN-6386-3

Advisory lineage Upstream: 8 Downstream: 0
Published: 03 Oct 2023, 20:33
Last modified:03 Jun 2026, 14:03

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

03 Oct 2023, 20:33
Published
Vulnerability first disclosed
03 Jun 2026, 14:03
Last Modified
Vulnerability information updated

Description

linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, linux-oracle-5.15 vulnerabilities Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-40283) It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4128) Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-4569)

Affected Systems

  • ubuntulinux-intel-iotg

    < 5.15.0-1040.46

  • ubuntulinux-intel-iotg-5.15

    < 5.15.0-1040.46~20.04.1

  • ubuntulinux-oracle

    < 5.15.0-1044.50

  • ubuntulinux-oracle-5.15

    < 5.15.0-1044.50~20.04.1

References (5)